New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add permissions policy support for webauthn #136
Comments
On whether to have credential-type-specific controls (i.e. allowing “webauthn”) or more general controls (i.e. allowing “credman”): I think I would favour credential-type-specific controls. Otherwise, if other credentials types were added in the future with different security considerations then there would be friction because of the potential set of sites that have delegated “credman” powers to iframes, but without having considered whatever new concerns that might arise with future credential types. |
This comment has been minimized.
This comment has been minimized.
Actually, upon further review, nominal changes to Credman in specific support of WebAuthn-cum-Credman's present dependency upon permissions policy are warranted, so am re-opening this issue. Note that there are also further presently undecided questions regarding permissions policy and Credman, see issue #135. Details: As noted in WebAuthn for both of PublicKeyCredential’s
And also noted in WebAuthn's section 5.9. Permissions Policy integration:
|
webauthn has needs to integrate with Feature Policy: w3c/webauthn#911 "integrate with feature policy..."
This issue is only to note the above. There are overall questions wrt whether we do credential feature polic{y,ies} as per-credential or all-creds-included: see issue #135.
The text was updated successfully, but these errors were encountered: