Re: [webauthn] Add topOrigin to clientData for cross-origin GET in iframe (#1842) from Tim Cappalli via GitHub on 2023-04-20 (public-webauthn@w3.org from April 2023)

From: Tim Cappalli via GitHub <sysbot+gh@w3.org>
Date: Thu, 20 Apr 2023 17:09:57 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-1516674132-1682010596-sysbot+gh@w3.org>

> Add text saying clients should show both the RP ID and top origin to the user during getAssertion

@agl @akshayku any suggestions on where this should go? 

Under section 13, there's "Visibility Considerations for Embedded Usage", but the current text is targeted at RPs.
Section 14.5 is about privacy considerations for clients, so maybe this is the best spot?

-- 
GitHub Notification of comment by timcappalli
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1842#issuecomment-1516674132 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Thursday, 20 April 2023 17:09:59 UTC