Re: [webauthn] Cross origin authentication without iframes (#1667)

> @stephenmcgruer - maybe I am being stupid but I can't think of a use case that is impossible if SPC simply required merchants to embed an RP iframe.
>
> I presume the issue with this is not the technical limitations?

Looking only at 3DS*, I would generally agree with that statement.

As per the presentation I gave in the WebAuthn WG two weeks ago, the main reasons are reducing friction, avoiding merchants having to embed resources from arbitrary banks, and the aforementioned reliability of issuer web-services. Stripe had a [great writeup on this](https://lists.w3.org/Archives/Public/public-webauthn-pay/2020Jan/0002.html) a long time ago, and I would welcome input from @jcemer if they wish to add more explanations, reasons, and/or data :).

* Outside of 3DS my payment method knowledge is much poorer; I cannot think of any existing flows that would require this, but they may exist and I would look to the Web Payments WG to help us figure that out.

-- 
GitHub Notification of comment by stephenmcgruer
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1667#issuecomment-915996759 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Thursday, 9 September 2021 11:20:24 UTC