I like this namespace pattern. We have something similar for CTAP in OpenSSH where RPID is being set as `ssh:<>`. It also allows existing authenticators to not change as well as still gives us flexibility on what we want to allow in cross-origins. In addition to above namespace proposal, we can say that only SPC API can invoke cross-origin authentication request outside of iframes and user agent will prefix `spc:` automatically to the RPID being passed along. And in non-spc scenario, cross-origin authentication without iframes is not allowed. -- GitHub Notification of comment by akshayku Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1667#issuecomment-959612136 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-configReceived on Wednesday, 3 November 2021 16:17:17 UTC
This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:44 UTC