double check whether the Secure Payment Confirmation effort has implications on the WebAuthn spec #1492
Comments
|
We might need a way to add the transaction text (or a hash of it) to the collectedClientData structure. |
equalsJeffH
added
the
stat:puntable
equalsJeffH
removed
the
stat:puntable
|
wrt @rlin1's #1492 (comment) above: that is a separate concern and not relevant to this particular issue. |
|
@rlin1 Note that there are two entirely different takes on the transaction data: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
WRT Secure Payment Confirmation,
it is possible, but am not sure how likely, that we might want to put a Note or other mention of different RP hostname mapping/handling in the layer underneath the webauthn api. this is because the webauthn spec is the specification of the protocol between the RP and the authenticator (N.B. CTAP is a spec of just one manifestation of the comms btwn the client platform and the authnr, and it conveys the signed object back from the authnr to the client platform as an opaque blob -- webauthn is the definitive spec of its contents, and thus the "protocol spec" for authnr <----> RP).
The text was updated successfully, but these errors were encountered: