W3C home > Mailing lists > Public > public-webauthn@w3.org > July 2018

Re: [webauthn] Revise same-origin as ancestor requirements

From: John Bradley via GitHub <sysbot+gh@w3.org>
Date: Wed, 18 Jul 2018 18:17:33 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-406026397-1531937853-sysbot+gh@w3.org>
Talking to Jeff, there are WebAppSec dependencies to get this to work securely.

While I think we all want this to work,  just removing the restriction in WebAutn is not sufficient to have it work securely.   

We should try to sort this out so that at least not block it working once the other parts come together.  That, however, may be difficult to capture in spec language. 

GitHub Notification of comment by ve7jtb
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1001#issuecomment-406026397 using your GitHub account
Received on Wednesday, 18 July 2018 18:17:37 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:58:52 UTC