( this issue is/was ostensibly about using webauthn in cross-origin iframes, perhaps a new issue ought to be opened for the "SPC bit" discussion. ) WRT @emlun and @ve7jtb's [above proposal](https://github.com/w3c/webauthn/issues/1667#issuecomment-957887836), while I'm sympathetic with the goal of finding a clean way to denote webauthn/fido creds as being "enabled"/"authorized" for use in payments contexts, the primary issue I see with this particular approach is that the [RP ID is defined](https://w3c.github.io/webauthn/#rp-id) as a [valid domain string](https://url.spec.whatwg.org/#valid-domain-string), not a URL (or [serialized origin](https://html.spec.whatwg.org/multipage/origin.html#ascii-serialisation-of-an-origin)). Setting them to the latter may be problematic. -- GitHub Notification of comment by equalsJeffH Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1667#issuecomment-958444131 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-configReceived on Tuesday, 2 November 2021 23:48:32 UTC
This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:44 UTC