[webauthn] imageURL privacy from Axel Nennker via GitHub on 2016-07-06 (public-webauthn@w3.org from July 2016)

From: Axel Nennker via GitHub <sysbot+gh@w3.org>
Date: Wed, 06 Jul 2016 13:36:23 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-164077023-1467812182-sysbot+gh@w3.org>

AxelNennker has just created a new issue for 
https://github.com/w3c/webauthn:

== imageURL privacy ==
Should the spec mention that retrieving the image from a site leaks 
information to that site?

Should the platform show the image only after user consent is given 
that a credential should be created if the imageURL is not a data URL?

Should the spec recommend that the image should be retrieved once and 
the image data be stored by the platform? What if the user updates the
 image at the RP?

Should the imageURL be constrained to secure-contexts?

Please view or discuss this issue at 
https://github.com/w3c/webauthn/issues/139 using your GitHub account

Received on Wednesday, 6 July 2016 13:36:31 UTC