Re: [webauthn] Explain how Token Binding IDs get associated with an HTML context.

Well, it is not a change appropriate for 
[draft-ietf-tokbind-protocol](https://tools.ietf.org/html/draft-ietf-tokbind-protocol),
 since that spec does not delve into user agent implementation 
particulars (tho it does mention this use case in [section 
5](https://tools.ietf.org/html/draft-ietf-tokbind-protocol-13#section-5)
 2nd paragraph). We might also reference 
[draft-ietf-tokbind-https](https://tools.ietf.org/html/draft-ietf-tokbind-https),
 but it does not answer this user agent-specific question, so may not 
be appropriate for this spec to reference(?). 

In nosing around, it seems to me that, yes, we should perhaps add 
something to the HTML spec, and given that an [environment settings 
object](https://html.spec.whatwg.org/multipage/webappapis.html#environment-settings-object)
 has an [HTTPS state 
value](https://fetch.spec.whatwg.org/#concept-https-state-value), 
perhaps we should propose adding an HTTPSProperties interface of which
 an attribute is the Token Binding ID (if any) for the underlying TLS 
connection?

 

-- 
GitHub Notification of comment by equalsJeffH
Please view or discuss this issue at 
https://github.com/w3c/webauthn/issues/360#issuecomment-282614608 
using your GitHub account

Received on Monday, 27 February 2017 02:42:27 UTC