- From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
- Date: Wed, 04 Aug 2021 20:13:28 +0000
- To: public-webauthn@w3.org
I don't think any multi-party transaction has been proposed here. The proposal is not to allow site A (merchant) to register credentials on behalf of site B (payment provider), rather that site A may embed site B in an iframe, in which site B may register credentials for site B. Communication between the user and site B will be direct and not pass through site A on the way (i.e., public keys and identifiers will not be exposed to site A), and site B is in full control of the registration ceremony just like it would be with a full page redirect. (I don't have a strong opinion either in favor or against, just trying to clear up what looks to me like a misconception.) -- GitHub Notification of comment by emlun Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1656#issuecomment-892942944 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 4 August 2021 20:13:30 UTC