[webauthn] `rpID` origin relaxation? from Mike West via GitHub on 2017-02-13 (public-webauthn@w3.org from February 2017)

From: Mike West via GitHub <sysbot+gh@w3.org>
Date: Mon, 13 Feb 2017 09:44:25 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-207165258-1486979064-sysbot+gh@w3.org>

mikewest has just created a new issue for 
https://github.com/w3c/webauthn:

== `rpID` origin relaxation? ==
@annevk pointed out the algorithm in 
https://w3c.github.io/webauthn/#makeCredential which makes use of bits
 and pieces of `document.domain` that I would dearly love to remove 
from the platform. :)

It doesn't look like this (or the corresponding bits of 
`getAssertion()`) intend to change the document's origin, but it's not
 clear to me what impact they do have. Is the intent to support 
sharing auth tokens cross-origin? If so, could you help me understand 
why the origin model fails to support the use cases y'all have in 
mind?

Thanks!

Please view or discuss this issue at 
https://github.com/w3c/webauthn/issues/338 using your GitHub account

Received on Monday, 13 February 2017 09:44:33 UTC