- From: Emil Lundberg <emil@yubico.com>
- Date: Wed, 24 Apr 2019 12:59:17 +0200
- To: public-webauthn@w3.org
> The simple case is when all have a common root domain, example.com, > and web applications are deployed at > www.example.com. foo.example.com > and bar.example.com. > > Is setting RPDI to example.com good enough? Any > suggestions? Yes, in that case you should set the RP ID to example.com. > What about the not so simple case when there is no common root domain? This is not supported by WebAuthn. > Is there a reason why facets (or something similar) are not available > for FIDO2/WebAuthn? I personally don't know, but my guess is that the facet resolution logic adds too much complexity for too little benefit. Perhaps someone else on the list can elaborate on this decision. /Emil On 2019-04-23 19:05, Marius Scurtescu wrote: > Trying to figure how is WebAuthn supposed to work in an environment > where there are multiple domains. > > The simple case is when all have a common root domain, example.com > <http://example.com>, and web applications are deployed at > www.example.com <http://www.example.com>. foo.example.com > <http://foo.example.com> and bar.example.com <http://bar.example.com>. > > Is setting RPDI to example.com <http://example.com> good enough? Any > suggestions? > > What about the not so simple case when there is no common root domain? > > Is there a better mailing list to raise this issue? > > Is there a reason why facets (or something similar) are not available > for FIDO2/WebAuthn? See: > https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-appid-and-facets-v2.0-id-20180227.html > https://groups.google.com/a/fidoalliance.org/forum/#!topic/fido-dev/zP7XTnEywB4 > > Thanks, > Marius >
Received on Wednesday, 24 April 2019 10:59:45 UTC