- From: ianbjacobs <notifications@github.com>
- Date: Mon, 07 Feb 2022 10:35:31 -0800
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Monday, 7 February 2022 18:35:43 UTC
Hi @torgo, The specification speaks to this: https://w3c.github.io/secure-payment-confirmation/#sctn-privacy-probing-credential-ids Specifically: "Implementors of Secure Payment Confirmation must make sure not to enable malicious callers (who now may not even be the [Relying Party](https://w3c.github.io/webauthn/#relying-party)) to distinguish between these cases: (1) A credential is not available. (2) A credential is available, but the user does not consent to use it." I think that speaks to your question about detectable "cancel." Let me know if I have not. Thanks! Ian -- Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/675#issuecomment-1031789463 You are receiving this because you are subscribed to this thread. Message ID: <w3ctag/design-reviews/issues/675/1031789463@github.com>
Received on Monday, 7 February 2022 18:35:43 UTC