Why is the Token Binding ID a base64url encoded DOMString rather than an ArrayBuffer?

[selfissued]

Given we're changing the Token Binding representation anyway, is there a reason that the Token Binding ID representation needs to stay a base64url encoded DOMString rather than be changed to an ArrayBuffer containing the raw Token Binding ID bytes?

[arnar]

Are you suggesting CollectedClientData be implicitly converted to JSON, taking care of e.g. ArrayBuffer?

In #803 you linked to this, but I'm having some trouble finding how ArrayBuffers are converted to JSON.

[arnar]

(cc @kpaulh)

[selfissued]

That's right. If this is converted to JSON, then it makes sense to leave it as is. I wanted to at least ask the question.

[agl]

(Just from the call. I opined that this needs to be a string because the CollectedClientData is serialised as JSON and thus cannot contain ArrayBuffers. We're going to ask Kim to weigh in.)

[kpaulh]

I agree with @agl; ArrayBuffers would cause problems for serialization. Also, we don't pack CollectedClientData in Blink in our implementation, so ArrayBuffers would be really annoying to deal with, if possible at all.

[agl]

(I think this is resolved and can be closed.)

[selfissued]

Closing with no action, based on @kpaulh 's feedback.