W3C home > Mailing lists > Public > public-webauthn@w3.org > February 2017

[webauthn] `rpID` origin relaxation?

From: Mike West via GitHub <sysbot+gh@w3.org>
Date: Mon, 13 Feb 2017 09:44:25 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-207165258-1486979064-sysbot+gh@w3.org>
mikewest has just created a new issue for 
https://github.com/w3c/webauthn:

== `rpID` origin relaxation? ==
@annevk pointed out the algorithm in 
https://w3c.github.io/webauthn/#makeCredential which makes use of bits
 and pieces of `document.domain` that I would dearly love to remove 
from the platform. :)

It doesn't look like this (or the corresponding bits of 
`getAssertion()`) intend to change the document's origin, but it's not
 clear to me what impact they do have. Is the intent to support 
sharing auth tokens cross-origin? If so, could you help me understand 
why the origin model fails to support the use cases y'all have in 
mind?

Thanks!

Please view or discuss this issue at 
https://github.com/w3c/webauthn/issues/338 using your GitHub account
Received on Monday, 13 February 2017 09:44:33 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:38:19 UTC