W3C home > Mailing lists > Public > public-webauthn@w3.org > November 2019

Re: [webauthn] Refer to IntersectionObserver from the Security Considerations (#1105)

From: J.C. Jones via GitHub <sysbot+gh@w3.org>
Date: Wed, 13 Nov 2019 20:07:07 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-553579378-1573675625-sysbot+gh@w3.org>
I thought it was at TPAC, but I could be mistaken.

I've no doubts as to the capabilities of IOv2 of notifying us of the conditions of the iframe, but someone - @agl maybe? - asked the question of how many pixels in area we needed an iframe to present on screen to permit WebAuthn. Could they be all white on a white background? Is there a limit to the aspect ratio?

I believe Ricky from Apple (I don't know their Github nick) then asked about the iframe being large enough to permit the user to interact with it, and thus trigger WebAuthn that way. (Which is, to note, one possible answer to issue #1293, but per the lessons WebPush in #1336, Firefox is also speculating as to requiring that the user have interacted with the content at all.)

IOv2 gives us the power to make decisions here, but I haven't a real notion of how to answer these raised questions, which leads me to question the utility of IOv2 for WebAuthn's use case at all, simply because what's good enough?

-- 
GitHub Notification of comment by jcjones
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1105#issuecomment-553579378 using your GitHub account
Received on Wednesday, 13 November 2019 20:07:08 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:59:08 UTC