Re: [webauthn] CollectedClientData fields are not ordered correctly and crossOrigin should be required (#2101) from Emil Lundberg via GitHub on 2024-08-07 (public-webauthn@w3.org from August 2024)

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Wed, 07 Aug 2024 14:17:39 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-2273589553-1723040257-sysbot+gh@w3.org>

I agree it makes sense for `crossOrigin` to be defined before `topOrigin`. Fixed in PR #2114.

> Regardless, serialization and [the limited verification algorithm](https://www.w3.org/TR/webauthn-3/#clientdatajson-verification) require `crossOrigin` to exist; so shouldn't the IDL be updated to reflect that?

It doesn't appear to be explicitly documented (#1276), but as hinted in #1631, I'm quite sure it's not `required` because RPs cannot rely on it being present in case the client is an L1 implementation.

-- 
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2101#issuecomment-2273589553 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 7 August 2024 14:17:40 UTC