- From: Arnar Birgisson via GitHub <sysbot+gh@w3.org>
- Date: Mon, 25 Jun 2018 18:02:21 +0000
- To: public-webauthn@w3.org
That note confuses me as well. :) Can we make its points more directly as follows: Note that an RP ID is a domain string only, and does not mention a scheme or port number as an origin does. The RP ID of a PublicKeyCredential sets it scope, i.e. it determines the origins on which it may be exercised as follows: - The RP ID must be equal to the origin's effective domain, or a registrable suffix of the origin's effective domain. - The origin's scheme must be 'https'. - The origin's port number is unrestricted. This is done in order ... (+1 for adding examples as engedy@ suggests.) wdyt? -- GitHub Notification of comment by arnar Please view or discuss this issue at https://github.com/w3c/webauthn/issues/963#issuecomment-400042099 using your GitHub account
Received on Monday, 25 June 2018 18:02:22 UTC