Re: [webauthn] Cross-origin credential creation in iframes (#1656)

Just to reiterate on the initial ask, Stripe is a PSP that participates in Web Payment WG and we found that enrolling credentials from a cross origin iframe is useful for payments use case. 

There are different situations where a payment is performed in a cross domain iframe most commonly while performing 3DS 2 authentication. The 3DS authentication is traditionally performed using SMS OTP, previous transactions recognition or a password. From an issuer perspective, the card is initially enrolled to be authenticated no matter the user device. Allowing WebAuthn credential enrollment in a cross domain iframe allows issuers (and even PSPes) to enroll cardholder credentials right after a successful traditional 3DS authentication without relying in popups or redirecting the user to the bank website.

-- 
GitHub Notification of comment by jcemer-stripe
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1656#issuecomment-890819845 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Monday, 2 August 2021 08:13:46 UTC