[webauthn] rpID seems to have changed meaning a bit from Alexei Czeskis via GitHub on 2017-04-20 (public-webauthn@w3.org from April 2017)

From: Alexei Czeskis via GitHub <sysbot+gh@w3.org>
Date: Thu, 20 Apr 2017 23:57:10 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-223235502-1492732628-sysbot+gh@w3.org>

leshi has just created a new issue for https://github.com/w3c/webauthn:

== rpID seems to have changed meaning a bit ==
Previously, the rpID was an optional field that you only overwrite if you want to change the security semantics of how the credential was bound.

However, the rpID has now moved into the `ScopedCredentialEntity` structure:
```
dictionary ScopedCredentialEntity {
    DOMString id;
    DOMString name;
    USVString icon;
};
```

But the general meaning of this structure is "display information for the authenticator account chooser".  It feels like the move resulted in a semantic change from "security knob" to "metadata".

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/416 using your GitHub account

Received on Thursday, 20 April 2017 23:57:17 UTC