W3C home > Mailing lists > Public > public-webauthn@w3.org > April 2019

Re: how to handle multiple domains

From: David Waite <dwaite@pingidentity.com>
Date: Wed, 24 Apr 2019 05:18:56 -0600
Message-ID: <CA+3kW=bGEEvf8jyFQaaonwrQyak4E62wT-2UXW+S9VdmVCCx0A@mail.gmail.com>
To: Emil Lundberg <emil@yubico.com>
Cc: public-webauthn@w3.org
On Wed, Apr 24, 2019 at 5:00 AM Emil Lundberg <emil@yubico.com> wrote:

> > Is there a reason why facets (or something similar) are not available
> > for FIDO2/WebAuthn?
>
> I personally don't know, but my guess is that the facet resolution logic
> adds too much complexity for too little benefit. Perhaps someone else on
> the list can elaborate on this decision.
>

I suspect that there were also identified privacy impacts, as I could set a
facet to be quite far-reaching.

To support multiple domain roots, you probably should use federation and
SSO.

My money is on a form of facets eventually coming back for non-web usage in
a very limited form, not to support multiple domains but to support direct
native app usage when associated with a domain (e.g iOS Universal Links,
Android App Links )

-DW

-- 
_CONFIDENTIALITY NOTICE: This email may contain confidential and privileged 
material for the sole use of the intended recipient(s). Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately 
by e-mail and delete the message and any file attachments from your 
computer. Thank you._
Received on Wednesday, 24 April 2019 11:19:31 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:59:04 UTC