- From: Jeffrey Yasskin via GitHub <sysbot+gh@w3.org>
- Date: Thu, 20 Apr 2017 23:38:38 +0000
- To: public-webauthn@w3.org
In https://github.com/w3c/webauthn/pull/384#discussion_r111504620, @mikewest and I were discussing a technical problem where Javascript can use `rawId` to modify the underlying `ArrayBuffer`, at which point the value of `id` becomes ambiguous. Is it the base64url encoding of the original value or the modified value, or does it depend on when the first use of `id` was? Most options here are bad because we want to guarantee that `foo.rawId`===`foo.rawId` (is the same object each time, not just the same value) and similarly for `.id`. The simplest thing that preserves both values is, when the `ScopedCredential` is created, to store an `ArrayBuffer` for `rawId` and immediately base64url encode it into a DOMString for `id` and also store that. But it'd be even better to be able to remove either `rawId` or `id` to avoid storing the data twice. -- GitHub Notification of comment by jyasskin Please view or discuss this issue at https://github.com/w3c/webauthn/issues/412#issuecomment-295969440 using your GitHub account
Received on Thursday, 20 April 2017 23:38:45 UTC