Re-opening discussion with WebAuthn on credential creation in an iframe

Hi folks,

(Sending email as the next WG meeting isn't until August 18th and so we
cannot discuss live.)

As you may recall, we have discussed a need in the Web Payments WG for
WebAuthn credential creation to be available in a cross-origin iframe
(e.g., to allow a https://bank.com iframe embedded inside of
https://merchant.com to enroll a user during a payment flow). We've heard
that this is useful both for SPC as well as users of 'pure' WebAuthn.

To that end, I've drafted the comment below to re-open the discussion with
our WebAuthn colleagues on issue 1656
<https://github.com/w3c/webauthn/issues/1656>. I hope for the comment to be
made with the backing of the WPWG, so please do take a look and feel free
to give feedback.

[Draft] WebAuthn issue to re-allow credential creation in a cross-origin
iframe

I leave it to the chairs how we might want to ratify support for this; I'm
happy to wait until the August 18th sync, or perhaps we can just do it over
email?

Thanks,
Stephen

-- 
smcgruer • he / him

Received on Tuesday, 19 July 2022 13:51:38 UTC