W3C home > Mailing lists > Public > public-webauthn@w3.org > November 2021

Re: [webauthn] Cross origin authentication without iframes (#1667)

From: Akshay Kumar via GitHub <sysbot+gh@w3.org>
Date: Wed, 03 Nov 2021 16:17:15 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-959612136-1635956233-sysbot+gh@w3.org>
I like this namespace pattern. We have something similar for CTAP in OpenSSH where RPID is being set as `ssh:<>`.  It also allows existing authenticators to not change as well as still gives us flexibility on what we want to allow in cross-origins. 

In addition to above namespace proposal, we can say that only SPC API can invoke cross-origin authentication request outside of iframes and user agent will prefix `spc:` automatically to the RPID being passed along. And in non-spc scenario, cross-origin authentication without iframes is not allowed.

-- 
GitHub Notification of comment by akshayku
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1667#issuecomment-959612136 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 3 November 2021 16:17:17 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:44 UTC