My original idea was to have the bank sign a thing that contained your ip address and user agent; have the bank add in an age claim; and copy/paste it to the RP.
I figured it would produce a document a little more on point.
This setup with webauthn feels like overkill; but with banks and regs - it feels more beefy without adding a substantial amount of complexity.
My original idea was to have the bank sign a thing that contained your ip address and user agent; have the bank add in an age claim; and copy/paste it to the RP.
I figured it would produce a document a little more on point.
This setup with webauthn feels like overkill; but with banks and regs - it feels more beefy without adding a substantial amount of complexity.