Re: [webauthn] Cross origin authentication without iframes (#1667)

@emlun Wrote:
> 1. Merchant somehow asks user for some user ID and for which bank it is. Maybe a credit card number, or a user ID and domain stored in a browser wallet, etc.

This is where the troubles begin.   Merchants asking for something related to the user versus having that in a browser wallet is a _watershed issue_ because the latter does in a _proper_ design (e.g. **Apple Pay**), eliminate the need sharing PII like user Ids or card numbers with merchants.

-- 
GitHub Notification of comment by cyberphone
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1667#issuecomment-910201197 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 1 September 2021 11:38:32 UTC