[w3c/webauthn] dbcf59: Fix #1285 - Remove icons from PublicKeyCredentialE... from J.C. Jones on 2019-10-30 (public-webauthn@w3.org from October 2019)

From: J.C. Jones <noreply@github.com>
Date: Wed, 30 Oct 2019 12:53:25 -0700
To: public-webauthn@w3.org
Message-ID: <w3c/webauthn/push/refs/heads/master/03f840-28e8d9@github.com>

  Branch: refs/heads/master
  Home:   https://github.com/w3c/webauthn
  Commit: dbcf596676749e996cf02dfb2afc0685e7861c0f
      https://github.com/w3c/webauthn/commit/dbcf596676749e996cf02dfb2afc0685e7861c0f
  Author: J.C. Jones <jc@mozilla.com>
  Date:   2019-10-30 (Wed, 30 Oct 2019)

  Changed paths:
    M index.bs

  Log Message:
  -----------
  Fix #1285 - Remove icons from PublicKeyCredentialEntity

As discussed in issue #1285, the image URL fields for PublicKeyCredentialEntity,
while intended for user interface design, are potent correlation mechanisms if
they are downloaded by RPs. RPs would have to take extraordinary care, beyond
reasonable measures, to avoid uses by RPs with mal-intent to cross-correlate
accounts. It is better for User Agents to use existing origin/icon mechanisms for
their UX designs, or to define new such mechanisms as-needed, that are
origin-wide rather than provide the possibility to embed detailed tracking
information into these URLs.


  Commit: 28e8d9d1e5e69470e052b2dcc427a6fa4c50efa9
      https://github.com/w3c/webauthn/commit/28e8d9d1e5e69470e052b2dcc427a6fa4c50efa9
  Author: J.C. Jones <jc@mozilla.com>
  Date:   2019-10-30 (Wed, 30 Oct 2019)

  Changed paths:
    M index.bs

  Log Message:
  -----------
  Merge pull request #1337 from jcjones/1285-image_deprecation

Fix #1285 - Remove icons from PublicKeyCredentialEntity


Compare: https://github.com/w3c/webauthn/compare/03f840658c76...28e8d9d1e5e6

Received on Wednesday, 30 October 2019 19:53:28 UTC