- From: Richard Barnes <rbarnes@mozilla.com>
- Date: Wed, 9 Mar 2016 16:30:17 -0500
- To: "Hodges, Jeff" <jeff.hodges@paypal.com>
- Cc: W3C WebAuthn WG <public-webauthn@w3.org>
Received on Wednesday, 9 March 2016 21:30:46 UTC
On Wed, Mar 9, 2016 at 4:28 PM, Hodges, Jeff <jeff.hodges@paypal.com> wrote:
> On 3/9/16, 1:20 PM, "Richard Barnes" <rbarnes@mozilla.com> wrote:
>
>
> """
> API Features in scope are: (1) Requesting generation of an asymmetric key
> pair within a specific scope (e.g., an origin); (2) Proving that the
> browser has possession of a specific private key, where the proof can only
> be done within the scope of the key pair. In other words, authentication
> should obey the same origin policy.
> """
>
> So this is a credential that provides authentication based on proof of
> possession of a signing key (i.e., a signature), where that signature is
> limited to some scope via the signing protocol we will define.
>
> Could people live with "ScopedSignatureCredential"?
>
>
> so you are suggesting..
>
> enum CredentialType {
>
> "ScopedSignatureCredential"
> };
>
> .. yes?
>
> Precisely.
> sure, I can live with that.
>
> =JeffH
>
>
Received on Wednesday, 9 March 2016 21:30:46 UTC