- From: Goosth via GitHub <sysbot+gh@w3.org>
- Date: Mon, 22 Nov 2021 06:27:20 +0000
- To: public-webauthn@w3.org
This is a great discussion. I'd like to just ensure we're clear on the set of use-cases that an Relying Party (Bank/Account Provider/Issuer) may want to use a credential for. If we consider banking, they would still want to use this specific credential to * Login in to Digital banking (with discoverable credentials) * Confirm a Payment in the RP's 1p domain (OIDC redirect such as Open Banking redirect) in top level domain * Confirm a Payment in the RP's 1p domain (OIDC redirect such as Open Banking redirect) in 3rd Party iFrame Whatever solution we consider to enable this to be called from another domain should not remove/prevent those use-cases. Limiting the SPC credential to only work cross domain or only allow payments would not be desirable, since it would severely limit's it's usability. For example, in 3D Secure, the cross domain SPC capability will be used by advanced merchants, while most other merchants will still just redirect to the RP to challenge and confirm the payment. And here we will then want the RP to be able to enable payments. -- GitHub Notification of comment by Goosth Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1667#issuecomment-975171376 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 22 November 2021 06:27:22 UTC