add permissions policy support for webauthn #136
Comments
equalsJeffH
changed the title
|
On whether to have credential-type-specific controls (i.e. allowing “webauthn”) or more general controls (i.e. allowing “credman”): I think I would favour credential-type-specific controls. Otherwise, if other credentials types were added in the future with different security considerations then there would be friction because of the potential set of sites that have delegated “credman” powers to iframes, but without having considered whatever new concerns that might arise with future credential types. |
This comment has been minimized.
This comment has been minimized.
|
Actually, upon further review, nominal changes to Credman in specific support of WebAuthn-cum-Credman's present dependency upon permissions policy are warranted, so am re-opening this issue. Note that there are also further presently undecided questions regarding permissions policy and Credman, see issue #135. Details: As noted in WebAuthn for both of PublicKeyCredential’s
And also noted in WebAuthn's section 5.9. Permissions Policy integration:
|
equalsJeffH
changed the title
webauthn has needs to integrate with Feature Policy: w3c/webauthn#911 "integrate with feature policy..."
This issue is only to note the above. There are overall questions wrt whether we do credential feature polic{y,ies} as per-credential or all-creds-included: see issue #135.
The text was updated successfully, but these errors were encountered: