- From: =JeffH via GitHub <sysbot+gh@w3.org>
- Date: Fri, 22 Jun 2018 23:10:36 +0000
- To: public-webauthn@w3.org
good question, hope this helps: scope (noun): extent or range of view, outlook, application, operation, effectiveness, etc. See also: https://en.wikipedia.org/wiki/Scope_(computer_science) >From https://w3c.github.io/webauthn/#relying-party-identifier: ---- Note: A Public key credential's scope is for a Relying Party's [origin](https://w3c.github.io/html/browsers.html#concept-cross-origin), with the following _restrictions_ and _relaxations_: - The scheme is always https (i.e., a _restriction_), and, - the host may be equal to the Relying Party's origin's [effective domain](https://html.spec.whatwg.org/multipage/origin.html#concept-origin-effective-domain), or it may be [equal to a registrable domain suffix](https://html.spec.whatwg.org/multipage/origin.html#is-a-registrable-domain-suffix-of-or-is-equal-to) of the Relying Party's origin's effective domain (i.e., an available _relaxation_), and, - all (TCP) ports on that host (i.e., a _relaxation_). This is done in order to match the behavior of pervasively deployed ambient credentials (e.g., cookies, [RFC6265]). Please note that this is a greater relaxation of "same-origin" restrictions than what document.domain's setter provides. ---- I added "scope" to our terms to define list here: https://github.com/w3c/webauthn/issues/462#issuecomment-399606355 -- GitHub Notification of comment by equalsJeffH Please view or discuss this issue at https://github.com/w3c/webauthn/issues/964#issuecomment-399606982 using your GitHub account
Received on Friday, 22 June 2018 23:10:39 UTC