Re: [webauthn] Please coordinate with the HTML spec to extract the relevant bits of the document.domain setter so you can call them from =JeffH via GitHub on 2016-12-22 (public-webauthn@w3.org from December 2016)

From: =JeffH via GitHub <sysbot+gh@w3.org>
Date: Thu, 22 Dec 2016 22:39:39 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-268906588-1482446377-sysbot+gh@w3.org>

>> nominally steps 4 - 7 (inclusive) of the domain attribute setter 
defined hereabouts

> OK.  So if a page is loaded from "https://foo.bar.com" and then sets
 document.domain to "bar.com", should it be able to use "foo.bar.com" 
as its rpId?  Sounds to me like you're saying it shouldn't be able 
to....

Our present intent (if it is correct) is that even if 
"https://foo.bar.com" is loaded and then sets document.domain to 
"bar.com", it *would* still be able to assert "foo.bar.com" as its 
rpId.




-- 
GitHub Notification of comment by equalsJeffH
Please view or discuss this issue at 
https://github.com/w3c/webauthn/issues/256#issuecomment-268906588 
using your GitHub account

Received on Thursday, 22 December 2016 22:39:40 UTC