Re: [webauthn] Cross origin authentication without iframes (#1667) from Akshay Kumar via GitHub on 2021-11-03 (public-webauthn@w3.org from November 2021)

From: Akshay Kumar via GitHub <sysbot+gh@w3.org>
Date: Wed, 03 Nov 2021 16:17:15 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-959612136-1635956233-sysbot+gh@w3.org>

I like this namespace pattern. We have something similar for CTAP in OpenSSH where RPID is being set as `ssh:<>`.  It also allows existing authenticators to not change as well as still gives us flexibility on what we want to allow in cross-origins. 

In addition to above namespace proposal, we can say that only SPC API can invoke cross-origin authentication request outside of iframes and user agent will prefix `spc:` automatically to the RPID being passed along. And in non-spc scenario, cross-origin authentication without iframes is not allowed.

-- 
GitHub Notification of comment by akshayku
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1667#issuecomment-959612136 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 3 November 2021 16:17:17 UTC