Re: [webauthn] Consider allowing cross-domain credential use (#1372)

> > Alternatives in this field require browser redirects or iframes that access both a.com (for authentication) and then perform federated SSO to b.com. This is an undersirable user experience in many cases.
> 
> I'm curious in what cases would the iframe UX be undesirable or insufficient.

There are enterprise examples where network partitioning makes only b.com (and not a.com) accessible from browser at a particular point in time. 

There are consumer examples where b.com does not want to expose redirects to a.com all the way back to the browser - b.com wants to control the UX at all times. This latter example is similar to the requirement Dirk discussed regarding payments processing at a PSP (not wanting any redirect to the customer's bank). 

-- 
GitHub Notification of comment by sbweeden
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1372#issuecomment-584948893 using your GitHub account

Received on Wednesday, 12 February 2020 00:43:19 UTC