Re-opening discussion with WebAuthn on credential creation in an iframe from Stephen McGruer on 2022-07-19 (public-payments-wg@w3.org from July 2022)

From: Stephen McGruer <smcgruer@google.com>
Date: Tue, 19 Jul 2022 09:21:32 -0400
To: Web Payments Working Group <public-payments-wg@w3.org>
Message-ID: <CADY3MadRQY4erh40sPLx7c+kBeaUKZ-xaHDo2AMzD0_pty1pBg@mail.gmail.com>

Hi folks,

(Sending email as the next WG meeting isn't until August 18th and so we
cannot discuss live.)

As you may recall, we have discussed a need in the Web Payments WG for
WebAuthn credential creation to be available in a cross-origin iframe
(e.g., to allow a https://bank.com iframe embedded inside of
https://merchant.com to enroll a user during a payment flow). We've heard
that this is useful both for SPC as well as users of 'pure' WebAuthn.

To that end, I've drafted the comment below to re-open the discussion with
our WebAuthn colleagues on issue 1656
<https://github.com/w3c/webauthn/issues/1656>. I hope for the comment to be
made with the backing of the WPWG, so please do take a look and feel free
to give feedback.

[Draft] WebAuthn issue to re-allow credential creation in a cross-origin
iframe

I leave it to the chairs how we might want to ratify support for this; I'm
happy to wait until the August 18th sync, or perhaps we can just do it over
email?

Thanks,
Stephen

-- 
smcgruer • he / him

Received on Tuesday, 19 July 2022 13:51:38 UTC