- From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
- Date: Tue, 17 Nov 2020 14:15:22 +0000
- To: public-webauthn@w3.org
Sorry, I'm not sure how to parse that syntax. Do you mean this... >(iframes of `foo.com` [...] using the `foo.com` blob) can track users across sites or this? >(iframes of `foo.com` embedded on (different sites using the `foo.com` blob)) can track users across sites If the former, then yes - if the iframe can successfully authenticate a user with a WebAuthn credential (which requires an active user gesture) then the iframe can of course identify the user. But I fail to see what that has to do with the blob. If the latter, it's not supposed to be possible for different sites to exercise each other's credentials in a compliant browser. -- GitHub Notification of comment by emlun Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1518#issuecomment-728956004 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Tuesday, 17 November 2020 14:15:24 UTC