- From: =JeffH via GitHub <sysbot+gh@w3.org>
- Date: Wed, 19 Feb 2020 20:39:23 +0000
- To: public-webauthn@w3.org
On 2020-02-19 webauthn call: @sbweeden issues with cross-origin iframes: * dirk has reported that some pymts folk want only 1st party network connections * introduces complexity to RPs to host the PISPs iframes wrt 3d party credentials approach: * the pisp needs to be known to issuer at time of cred creation -- in contrast using RP ID mapping (eg facetID approach from uaf/u2f) provides late binding @nadalin * banks have expressed not having the user establish rel with issuer on behalf of PISP is too much friction (?) * this will be discussed again in public-webauthn-pay@ call in 2 weeks * requests leave this issue open and we see what happens @agl requests that we need detailed info on why cross-origin iframes are insufficient or onerous in web context @christiaanbrand requests input from the (web) payments folk here also @jcjones notes that if we add yet another so-called same-origin-policy violation/relaxation we're further stirring the architecture pot.... -- GitHub Notification of comment by equalsJeffH Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1372#issuecomment-588439393 using your GitHub account
Received on Wednesday, 19 February 2020 20:39:25 UTC