W3C home > Mailing lists > Public > public-webauthn@w3.org > June 2018

Re: [webauthn] Note on "RP ID" is confusing

From: =JeffH via GitHub <sysbot+gh@w3.org>
Date: Wed, 20 Jun 2018 23:23:07 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-398927990-1529536986-sysbot+gh@w3.org>
@engedy  thanks for submitting this. 

after perusing the bug https://crbug.com/854557 and playing with http://www.intothesymmetry.com/ mentioned therein, it seems that the bug submitter's confusion stems from the **Note**'s phrase "A public key credential's scope" (below the [RP ID definition](https://w3c.github.io/webauthn/#rp-id)), yes?

The first sentence of the Note:
> A Public key credential's scope is for a Relying Party's origin, with the following restrictions and relaxations: 

..is attempting to say that "a public key credential's scope" is based on origin, but with the following alterations. 

Perhaps changing the Note's 2nd bullet item to read something like this:
> the host, _**i.e., the RP ID**_, may be equal to the Relying Party's origin's effective domain, or it may be equal to a registrable domain suffix of the Relying Party's origin's effective domain (i.e., an available relaxation), and,

..would that address this issue?

-- 
GitHub Notification of comment by equalsJeffH
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/963#issuecomment-398927990 using your GitHub account
Received on Wednesday, 20 June 2018 23:23:09 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:33 UTC