W3C home > Mailing lists > Public > public-webauthn@w3.org > December 2021

Re: [webauthn] Cross origin authentication without iframes (accommodating SPC in WebAuthn) (#1667)

From: Stephen McGruer via GitHub <sysbot+gh@w3.org>
Date: Wed, 15 Dec 2021 13:52:24 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-994811520-1639576343-sysbot+gh@w3.org>
Thanks Akshay, I appreciate your input. I'll keep y'all updated as to which way the WPWG resolves, and we can then take it down whichever venue is appropriate.

> Conditional UX is a optional enhancement. You are only thinking about platform credentials for conditional UX. Any solution has to work with all kind of authenticators. Conditional UX has unsolved complications for security keys. Potentially unsolvable if we consider roamability nature of security keys and untrusted platform. In that case, we may have to fallback on RP making a explicit call with specific intent.

FWIW, we have considered this a little. My thinking is a flow [like this](https://raw.githubusercontent.com/w3c/secure-payment-confirmation/main/sequence-diagrams/SPC%20Authentication%20-%20Conditional%20UX%20(Same-Origin).png), but I acknowledge its not the smoothest experience.

-- 
GitHub Notification of comment by stephenmcgruer
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1667#issuecomment-994811520 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 15 December 2021 13:52:26 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:45 UTC