- From: =JeffH via GitHub <sysbot+gh@w3.org>
- Date: Thu, 12 Aug 2021 08:14:23 +0000
- To: public-webauthn@w3.org
@timcappalli & @akshayku
> there may be situations in the future where it is important to differentiate between `app` and `browser` and even additional contexts like `wallet`.
Yes, I suspected such thoughts were lurking about --- I begged the question so we could explicitly discuss them, rather than it be a fait-accompli.
We already note that the scope is either entire-device "...or a loosely-defined, smaller scope called 'app'."
I wonder whether having more fine-grained distinctions than "entire-device" vs "app" will be actually useful in the long run given that some question the usefulness of the per-"app" notion.
But if we do decide to allow for such "flexibility in the future", I'd define scope as single-byte `uint`:
```
; Whether this key is scoped to the entire device, or a loosely-defined,
; smaller scope called "app". [ ... ]
scp: uint .size 1, ; a value of '0' means "entire device" ("all apps") scope.
; '1' means per-"app" scope.
```
Note: the above incorporates @emlun's suggestion of using "scp" as a contraction for "scope". Also, there's probably a way in CDDL to both explicitly constrain `scp` to a single byte and enumerate its presently-allowed values, but its being defined within the `AttObjForDevicePublicKey` group may constrain that (CDDL-syntax-wise) ?
--
GitHub Notification of comment by equalsJeffH
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1658#issuecomment-897438815 using your GitHub account
--
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Thursday, 12 August 2021 08:14:25 UTC