Re: [webauthn] Cross origin authentication without iframes (#1667) from Anders Rundgren via GitHub on 2021-09-01 (public-webauthn@w3.org from September 2021)

From: Anders Rundgren via GitHub <sysbot+gh@w3.org>
Date: Wed, 01 Sep 2021 11:38:30 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-910201197-1630496309-sysbot+gh@w3.org>

@emlun Wrote:
> 1. Merchant somehow asks user for some user ID and for which bank it is. Maybe a credit card number, or a user ID and domain stored in a browser wallet, etc.

This is where the troubles begin.   Merchants asking for something related to the user versus having that in a browser wallet is a _watershed issue_ because the latter does in a _proper_ design (e.g. **Apple Pay**), eliminate the need sharing PII like user Ids or card numbers with merchants.

-- 
GitHub Notification of comment by cyberphone
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1667#issuecomment-910201197 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 1 September 2021 11:38:32 UTC