- From: Joel Biddle via GitHub <sysbot+gh@w3.org>
- Date: Wed, 29 Nov 2023 22:33:59 +0000
- To: public-webauthn@w3.org
@agl getOrCreate > > If I understand right, the potential tracking risk you mention goes as follow: > > user goes to weird-subdomain-just-for-him.tracker.xyz > > user registers with webAuthn > > each time user visits weird-subdomain-just-for-him.tracker.xyz, that person can be tracked > > WebAuthn calls can be made on subdomains within iframes, which would be a lot more effective. The mobile APIs don't allow for an "exists" call either, and they are generally much more trustin > getOrCreate is possible if there's enough demand, thanks. It would be similar to the model of federated sign-in. @agl this would be great thank you -- GitHub Notification of comment by ragnarbull Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1749#issuecomment-1832807064 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 29 November 2023 22:34:01 UTC