- From: L. David Baron <notifications@github.com>
- Date: Wed, 26 Jun 2019 17:55:38 -0700
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Thursday, 27 June 2019 00:56:00 UTC
A few quick questions: * It seems like one piece of the security model here is that it's OK if the SMS ends up going to the wrong tab at the correct origin. Is that correct? That seems like it's fine for usage that's login-related, but might be (maybe?) more problematic for cases where the SMS is being used as a second factor to authorize a specific action. Are there cases where SMS is or might be used that way? * I didn't see anything in the examples about how the site would figure out what hash it needs to put in the text message so that it gets routed to the browser. Presumably this would need to be a somewhat flexible API so that it would support mechanisms across different operating systems and browsers? * the explainer references GMS core which I guess is a reference to [Google Mobile Services](https://www.android.com/gms/) but doesn't explain how that's relevant I'd also note that there's been somewhat extensive discussion of this in mozilla/standards-positions#152. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/391#issuecomment-506096740
Received on Thursday, 27 June 2019 00:56:00 UTC