-
Section 6.1.1 mentions:
> (The authenticator) should implement per RP-ID signature counters. This prevents the signature counter value from being shared between Relying Parties and being possib…
-
Websites should have an explicit way to restrict any kind of cross-origin load to protect themselves against Spectre attacks. Content such as images, video, and audio may be sensitive and websites may…
-
Weekly a ser disparada no dia 19/04/2018
Ajude a BrazilJS Weekly postando sua dica, link ou sugestão aqui nos comentários desta issue.
Ao longo da semana vamos debatendo e juntando os melhores lin…
-
update extensions framework to include interfacing with user agent permissions framework
-
TL;DR: When/if a client platform uses the Privacy CA model described in the spec, it would be beneficial for the RP to specify if they want an attestation from the Privacy CA. We should introduce an (…
-
The WebAuthentication interface is, but the "authentication" attribute is not. That seems a bit odd. If this is purposeful, it's worth a note explaining why.
-
Hi all,
I really don't think this PR (#409) should have been merged.
First, the corresponding PR in CTAP has not been merged or is it not a dependency?
Second, I don't think this is needed. …
leshi updated
7 years ago
-
Hello, illustrious TAG members! Would you mind spending a few minutes skimming https://w3c.github.io/webappsec/specs/credentialmanagement/ and jotting down your thoughts?
Thanks!