- From: Mike West via GitHub <sysbot+gh@w3.org>
- Date: Wed, 05 Apr 2017 07:50:47 +0000
- To: public-webauthn@w3.org
> @clelland is working on Feature Policy to give the top-level frame the ability to selectively grant APIs to its children. If you restrict WebAuthn to the top-level frame now, that lets you migrate to the more explicitly-permissive world in the future, whereas if you leave it totally open, backward compatibility will make it hard to establish the more restrictive default when Feature Policy is more widely supported. I'd still like to understand what UI folks would be interested in presenting? > It's likely also safe to allow same-origin iframes access now. I agree. There's no UI question if the origins are identical. We could probably extend this to eTLD+1 by rendering the registerable domain in the UI. Would that be enough for y'all? -- GitHub Notification of comment by mikewest Please view or discuss this issue at https://github.com/w3c/webauthn/issues/374#issuecomment-291782343 using your GitHub account
Received on Wednesday, 5 April 2017 07:50:53 UTC