- From: Ki-Eun Shin via GitHub <sysbot+gh@w3.org>
- Date: Mon, 08 May 2023 06:16:07 +0000
- To: public-webauthn@w3.org
Kieun has just created a new issue for https://github.com/w3c/webauthn: == Clarify how the given origin in the ClientDataJSON matches to the expected one == ## Proposed Change In the spec, there are multiple occurrence around origin matching. For example, in section [7.1. Registering a New Credential](https://w3c.github.io/webauthn/#sctn-registering-a-new-credential), there is a following step. > 9. Verify that the value of C.[origin](https://w3c.github.io/webauthn/#dom-collectedclientdata-origin) matches the [Relying Party](https://w3c.github.io/webauthn/#relying-party)'s [origin](https://html.spec.whatwg.org/multipage/origin.html#concept-origin). Some of implementations in OSS just maintain list of acceptable origins and simply compares the given origin with the list by simply text equality. It would be better to explain or add text about the matching logic in more detail. Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1889 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 8 May 2023 06:16:09 UTC