- From: Jordan Sexton via GitHub <sysbot+gh@w3.org>
- Date: Thu, 24 Aug 2023 16:56:52 +0000
- To: public-webauthn@w3.org
This might be the wrong place to chime in, I'm sorry if so. A potential value I've been thinking about for being able to create and get credentials from a worker context is that potentially malicious scripts or browser extension content scripts may have access to the window. Such scripts could either trigger a request to get credentials, which may have associated secrets using `prf` or `largeBlob`, or they may be able to intercept these calls or read these values or other information about the credential like the `userHandle`. I may be thinking about this wrong, but being able to make these calls from a worker could be beneficial if such scripts have less access. -- GitHub Notification of comment by jordansexton Please view or discuss this issue at https://github.com/w3c/webauthn/issues/199#issuecomment-1692079234 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Thursday, 24 August 2023 16:56:55 UTC