W3C home > Mailing lists > Public > public-webauthn@w3.org > April 2019

how to handle multiple domains

From: Marius Scurtescu <marius.scurtescu@coinbase.com>
Date: Tue, 23 Apr 2019 10:05:11 -0700
Message-ID: <CABpvcNvFLS05uEJYT1=5AxEZxCGh0Ver96_fG5EuByKnV6g3aQ@mail.gmail.com>
To: public-webauthn@w3.org
Trying to figure how is WebAuthn supposed to work in an environment where
there are multiple domains.

The simple case is when all have a common root domain, example.com, and web
applications are deployed at www.example.com. foo.example.com and
bar.example.com.

Is setting RPDI to example.com good enough? Any suggestions?

What about the not so simple case when there is no common root domain?

Is there a better mailing list to raise this issue?

Is there a reason why facets (or something similar) are not available for
FIDO2/WebAuthn? See:
https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-appid-and-facets-v2.0-id-20180227.html
https://groups.google.com/a/fidoalliance.org/forum/#!topic/fido-dev/zP7XTnEywB4

Thanks,
Marius
Received on Wednesday, 24 April 2019 10:45:34 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:37 UTC