Re: [webauthn] privacy implications of cross-origin iframe (#2321) from Tim Cappalli via GitHub on 2025-08-14 (public-webauthn@w3.org from August 2025)

From: Tim Cappalli via GitHub <noreply@w3.org>
Date: Thu, 14 Aug 2025 17:54:48 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-3189381745-1755194086-noreply@w3.org>

> Is this intended to support signing in to one relying party when that party is embedded on a different site? 

Yes, the primary use case is a payment service provider embedded in a merchant checkout flow.

> In what way are passkeys partitioned when accessed by a cross-origin embedded iframe?

There is no concept of partitioning in WebAuthn, as there is nothing to partition.



-- 
GitHub Notification of comment by timcappalli
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2321#issuecomment-3189381745 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Thursday, 14 August 2025 17:54:49 UTC