Re: [webauthn] Device-bound key extension (#1658)

> > "scope" has expected meaning and semantics in a JWT context from usage as OAuth Access tokens.
> 
> Sure, and that's particular to OAuth Access tokens.
> 
> That does not mean some other object, such as a `devicePubKey` extension output, cannot declare it's own scope using that term.

Broadly, people talking about the spelling of that term in another related context with a completely different meaning is a bit of a flag that it might be the wrong term. That doesn't mean it might be the most descriptive English word to describe app vs device and therefore be appropriate to use despite potential confusion. So far I don't understand the purpose of that feature, so I can't contribute to that discussion.

-- 
GitHub Notification of comment by dwaite
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1658#issuecomment-897492101 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Thursday, 12 August 2021 09:35:46 UTC