W3C home > Mailing lists > Public > public-webauthn@w3.org > June 2018

Re: [webauthn] Note on "RP ID" is confusing

From: Arnar Birgisson via GitHub <sysbot+gh@w3.org>
Date: Mon, 25 Jun 2018 18:02:21 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-400042099-1529949740-sysbot+gh@w3.org>
That note confuses me as well. :)

Can we make its points more directly as follows:

Note that an RP ID is a domain string only, and does not mention a scheme or port number as an origin does. The RP ID of a PublicKeyCredential sets it scope, i.e. it determines the origins on which it may be exercised as follows:

 - The RP ID must be equal to the origin's effective domain, or a registrable suffix of the origin's effective domain.

 - The origin's scheme must be 'https'.

 - The origin's port number is unrestricted.

This is done in order ...

(+1 for adding examples as engedy@ suggests.)

wdyt?

-- 
GitHub Notification of comment by arnar
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/963#issuecomment-400042099 using your GitHub account
Received on Monday, 25 June 2018 18:02:22 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:33 UTC