- From: Mike West via GitHub <sysbot+gh@w3.org>
- Date: Thu, 26 Oct 2017 09:27:24 +0000
- To: public-webauthn@w3.org
I agree with @clelland that adding an attribute to `iframe` is a bad idea. As I've mentioned a few times, I'm fine with weakening the language in the current credential management spec to allow for the possibility of returning credentials from frames. As I've also mentioned, I see that as more of a UX challenge than a technical one. I have no idea how Chrome would present a credential request from `B.com` inside `A.com`; it's different in kind from payment information, and it's not at all clear to me that the payment solution (mark the UI as though it was coming from the top-level origin) works for credentials. I'm willing to let that decision be made on a case-by-case basis, though I think it's important that vendors agree on what they're willing to allow. >From @AngeloKai's comments, it sounds like Microsoft thinks this is important. @jcjones, does Mozilla? @leshi / @battre: Does Google? -- GitHub Notification of comment by mikewest Please view or discuss this issue at https://github.com/w3c/webauthn/issues/374#issuecomment-339607044 using your GitHub account
Received on Thursday, 26 October 2017 09:27:25 UTC