While we don't have a final decision from the Mozilla-side, @agl's arguments are persuasive about the UA's inability to codify our intent here. The threat modelling exercise for this led to #1336, which I feel is a more important concern to nail down than the concept of visibility for cross-origin frames. I also think user interaction is potentially more important than visibility (#1293). I will see if I can gather the necessary feedback internally to close this issue in the next ~week. -- GitHub Notification of comment by jcjones Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1303#issuecomment-572251369 using your GitHub accountReceived on Wednesday, 8 January 2020 20:51:29 UTC
This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:38:37 UTC