Relax Policy Requirements On IOS To DeviceOwnerAuthentication

Relax Policy Requirements on iOS to DeviceOwnerAuthentication

The current implementation of the isAvailable method in the iOS implementation relies on biometricType being distinct from none. This requirement is tied to the policy requirement of deviceOwnerAuthenticationWithBiometrics. However, this has raised concerns for applications that want to support passkeys without requiring faceID/touchID to be set up, falling back to passcodes. In this article, we will explore the proposal to relax policy requirements on iOS to deviceOwnerAuthentication.

The issue of relaxing policy requirements on iOS to deviceOwnerAuthentication has been raised in the context of supporting passkeys without requiring faceID/touchID to be set up. This is a common requirement for many applications that want to provide a seamless user experience. The current implementation of the isAvailable method in the iOS implementation relies on biometricType being distinct from none. This requirement is tied to the policy requirement of deviceOwnerAuthenticationWithBiometrics.

While some applications may want to retain "biometrics" as a hard requirement, the proposal is to make this policy level configurable. This would allow some applications to opt for the more lenient policy of deviceOwnerAuthentication over deviceOwnerAuthenticationWithBiometrics. This change would not be a breaking change, as it would still be possible for applications to require faceID/touchID to be set up.

Benefits of Relaxing Policy Requirements

Relaxing policy requirements on iOS to deviceOwnerAuthentication would have several benefits. Firstly, it would allow applications to support passkeys without requiring faceID/touchID to be set up. This would provide a seamless user experience for users who do not have faceID/touchID set up. Secondly, it would give developers more flexibility in terms of the policies they can implement. This would allow them to tailor their application to the specific needs of their users.

To implement this change, a pull request would need to be made to the React Native Passkeys module. This would involve modifying the isAvailable method to rely on deviceOwnerAuthentication instead of deviceOwnerAuthenticationWithBiometrics. This would require changes to the iOS implementation of the module.

There are several potential issues that need to be considered when relaxing policy requirements on iOS to deviceOwnerAuthentication. Firstly, there may be security concerns related to relaxing the policy requirements. However, these concerns can be mitigated by implementing additional security measures. Secondly, there may be compatibility issues with older versions of iOS. However, these issues can be addressed by implementing backwards compatibility.

Relaxing policy requirements on iOS to deviceOwnerAuthentication would have several benefits. It would allow applications to support passkeys without requiring faceID/touchID to be set up, provide a seamless user experience for users who do not have faceID/touchID set up, and give developers more flexibility in terms of the policies they can implement. While there are potential issues that need to be considered, these can be mitigated by implementing additional security measures and addressing compatibility issues.

Based on the proposal to relax policy requirements on iOS to deviceOwnerAuthentication, the following recommendations are made:

• Make the policy level configurable to allow applications to opt for the more lenient policy of deviceOwnerAuthentication over deviceOwnerAuthenticationWithBiometrics.
• Modify the isAvailable method to rely on deviceOwnerAuthentication instead of deviceOwnerAuthenticationWithBiometrics.
• Implement additional security measures to mitigate potential security concerns.
• Address compatibility issues with older versions of iOS.

By implementing these recommendations, developers can provide a seamless user experience for users who do not have faceID/touchID set up, while also giving them more flexibility in terms of the policies they can implement.

Future work on relaxing policy requirements on iOS to deviceOwnerAuthentication may involve:

• Implementing additional security measures to mitigate potential security concerns.
• Addressing compatibility issues with older versions of iOS.
• Exploring other policy requirements that can be relaxed to provide a seamless user experience.

By continuing to work on relaxing policy requirements on iOS to deviceOwnerAuthentication, developers can provide a seamless user experience for users who do not have faceID/touchID set up, while also giving them more flexibility in terms of the policies they can implement.

• React Native Passkeys module
• iOS implementation of the module
• Issue #30
• Issue #27
  Relax Policy Requirements on iOS to DeviceOwnerAuthentication: Q&A

A: The current implementation of the isAvailable method in the iOS implementation relies on biometricType being distinct from none. This requirement is tied to the policy requirement of deviceOwnerAuthenticationWithBiometrics.

A: The current implementation is a problem because it requires faceID/touchID to be set up, which may not be feasible for all users. This can lead to a poor user experience for users who do not have faceID/touchID set up.

A: The proposal is to make the policy level configurable, allowing applications to opt for the more lenient policy of deviceOwnerAuthentication over deviceOwnerAuthenticationWithBiometrics. This would allow applications to support passkeys without requiring faceID/touchID to be set up.

A: The benefits of relaxing policy requirements on iOS to deviceOwnerAuthentication include:

• Allowing applications to support passkeys without requiring faceID/touchID to be set up.
• Providing a seamless user experience for users who do not have faceID/touchID set up.
• Giving developers more flexibility in terms of the policies they can implement.

A: The potential issues with relaxing policy requirements on iOS to deviceOwnerAuthentication include:

• Security concerns related to relaxing the policy requirements.
• Compatibility issues with older versions of iOS.

A: The potential issues can be mitigated by:

• Implementing additional security measures to mitigate potential security concerns.
• Addressing compatibility issues with older versions of iOS.

A: The recommended course of action is to:

• Make the policy level configurable to allow applications to opt for the more lenient policy of deviceOwnerAuthentication over deviceOwnerAuthenticationWithBiometrics.
• Modify the isAvailable method to rely on deviceOwnerAuthentication instead of deviceOwnerAuthenticationWithBiometrics.
• Implement additional security measures to mitigate potential security concerns.
• Address compatibility issues with older versions of iOS.

A: The future work on relaxing policy requirements on iOS to deviceOwnerAuthentication may involve:

• Implementing additional security measures to mitigate potential security concerns.
• Addressing compatibility issues with older versions of iOS.
• Exploring other policy requirements that can be relaxed to provide a seamless user experience.

A: You can find more information on relaxing policy requirements on iOS to deviceOwnerAuthentication in the following resources:

• React Native Passkeys module
• iOS implementation of the module
• Issue #30
• Issue #27