Re: [webauthn] Clarify how the given origin in the ClientDataJSON matches to the expected one (#1889)

> RP's need to ensure that the origin included in clientData is an expected origin during verification.

Does it mean the rule should say "RP origin list must contain the clientData origin; values are compared using string equality."? And case-sensitivity would be different for web vs other types of origins, I presume.

-- 
GitHub Notification of comment by ndpar
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1889#issuecomment-1581530940 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 7 June 2023 21:22:41 UTC