- From: J.C. Jones via GitHub <sysbot+gh@w3.org>
- Date: Wed, 12 Feb 2020 20:31:03 +0000
- To: public-webauthn@w3.org
Putting another hole in the same-origin policy with a new facet-like mechanism isn't necessary for the consumer example; our permissions issue in #1336 aside, the iframe mechanisms are or will be sufficient to avoid redirects, even though they aren't in Level 1. The enterprise example is rather unconvincing; I've certainly worked in such environments before, but I don't see why WebAuthn should have to adopt significant security and protocol complexity to facilitate a legacy authentication design. The goals of WebAuthn never included needing to tie cleanly into multi-domain LDAP/AD sync systems, and shouldn't: It's plenty complex as it is. -- GitHub Notification of comment by jcjones Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1372#issuecomment-585403531 using your GitHub account
Received on Wednesday, 12 February 2020 20:31:15 UTC