- From: Adam Langley via GitHub <sysbot+gh@w3.org>
- Date: Sat, 31 Jul 2021 00:23:28 +0000
- To: public-webauthn@w3.org
> QR codes are the simplest, easiest way to solve this problem From the perspective of the _Web_ Authentication group, a solution that assumes that RPs have to have a native app shouldn't be satisfying. And, if we're building an authentication scheme, having a big chunk where RPs are expected to build their own solution feels like a gap. > Consumer displays QR code on phone to desktop Desktops with cameras are far from ubiquitous. Rather I expect the QR would be shown on the desktop and scanned with a phone. But WebAuthn can do better than QR scanning with a native app. WebAuthn to a phone requires proximity (usually via BLE) and so sites that try proxying a QR image won't work. > To unnecessarily complicate the FIDO ecosystem Above, John asked whether this issue was just about allowing create() in iframes. It is, but the question suggests that it wasn't sufficiently clear. While the implications of enabling creation in iframes should be considered, the actual change is tiny. WebAuthn already supports assertions from iframes so this is just changing the ancestor requirement on create(). -- GitHub Notification of comment by agl Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1656#issuecomment-890263401 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Saturday, 31 July 2021 00:23:30 UTC