W3C home > Mailing lists > Public > public-webauthn@w3.org > June 2018

Re: [webauthn] Define meaning of "Scope"

From: =JeffH via GitHub <sysbot+gh@w3.org>
Date: Fri, 22 Jun 2018 23:10:36 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-399606982-1529709035-sysbot+gh@w3.org>
good question, hope this helps: 

scope (noun): extent or range of view, outlook, application, operation, effectiveness, etc.  See also: https://en.wikipedia.org/wiki/Scope_(computer_science)

>From https://w3c.github.io/webauthn/#relying-party-identifier: 
Note: A Public key credential's scope is for a Relying Party's [origin](https://w3c.github.io/html/browsers.html#concept-cross-origin), with the following _restrictions_ and _relaxations_:

- The scheme is always https (i.e., a _restriction_), and,
- the host may be equal to the Relying Party's origin's [effective domain](https://html.spec.whatwg.org/multipage/origin.html#concept-origin-effective-domain), or it may be [equal to a registrable domain suffix](https://html.spec.whatwg.org/multipage/origin.html#is-a-registrable-domain-suffix-of-or-is-equal-to) of the Relying Party's origin's effective domain (i.e., an available _relaxation_), and,
- all (TCP) ports on that host (i.e., a _relaxation_).

This is done in order to match the behavior of pervasively deployed ambient credentials (e.g., cookies, [RFC6265]). Please note that this is a greater relaxation of "same-origin" restrictions than what document.domain's setter provides.

I added "scope" to our terms to define list here: https://github.com/w3c/webauthn/issues/462#issuecomment-399606355

GitHub Notification of comment by equalsJeffH
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/964#issuecomment-399606982 using your GitHub account
Received on Friday, 22 June 2018 23:10:39 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:33 UTC