That note confuses me as well. :) Can we make its points more directly as follows: Note that an RP ID is a domain string only, and does not mention a scheme or port number as an origin does. The RP ID of a PublicKeyCredential sets it scope, i.e. it determines the origins on which it may be exercised as follows: - The RP ID must be equal to the origin's effective domain, or a registrable suffix of the origin's effective domain. - The origin's scheme must be 'https'. - The origin's port number is unrestricted. This is done in order ... (+1 for adding examples as engedy@ suggests.) wdyt? -- GitHub Notification of comment by arnar Please view or discuss this issue at https://github.com/w3c/webauthn/issues/963#issuecomment-400042099 using your GitHub accountReceived on Monday, 25 June 2018 18:02:22 UTC
This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:33 UTC