If the token is signed you could validate it with Apple (or the vendor that impl... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

crispyporkbites on June 24, 2020 | parent | context | favorite | on: Face ID and Touch ID for the Web

If the token is signed you could validate it with Apple (or the vendor that implemented the face recognition on the device, eg Samsung, Nokia, pinephone etc).

You just need an open standard, you could even embed the url of the validating api in the token, so anyone could create their own Face ID provider.

bfulgham on June 24, 2020 [–]

That's precisely what the attestation section of the talk describes. This is all part of the WebAuthentication standard.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact