Re: [webauthn] Cross origin authentication without iframes (accommodating SPC in WebAuthn) (#1667)

Thanks Akshay, I appreciate your input. I'll keep y'all updated as to which way the WPWG resolves, and we can then take it down whichever venue is appropriate.

> Conditional UX is a optional enhancement. You are only thinking about platform credentials for conditional UX. Any solution has to work with all kind of authenticators. Conditional UX has unsolved complications for security keys. Potentially unsolvable if we consider roamability nature of security keys and untrusted platform. In that case, we may have to fallback on RP making a explicit call with specific intent.

FWIW, we have considered this a little. My thinking is a flow [like this](https://raw.githubusercontent.com/w3c/secure-payment-confirmation/main/sequence-diagrams/SPC%20Authentication%20-%20Conditional%20UX%20(Same-Origin).png), but I acknowledge its not the smoothest experience.

-- 
GitHub Notification of comment by stephenmcgruer
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1667#issuecomment-994811520 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 15 December 2021 13:52:26 UTC