Minor issue that came up when discussing SPC with someone.
In 1.2.1. Registration, we describe an example flow where the user registers in a cross-origin iframe during a transaction. A number of issues here has led to confusion aroudn whether the cross-origin iframe is required:
We refer to it as 'the first-time flow' (emphasis mine), rather than 'a first-time flow' or other more specific wording.
We say 'The sample code for registering the user follows', again rather than being more specific about this being one option for registration. (E.g. 'for registering the user in this way')
The example code documents the "payment" extension as 'required to allow credential creation in an iframe, and so that the browser knows this credential relates to SPC' - these should probably be swapped to indicate which half is more important.
I think we should fix these up at some point, to help aid understanding of SPC. We should perhaps also change 1.1.2. Registration in a third-party iframe to just be 'Registration', and then have 'in a third-party iframe' as a sub-point? I'm less confident in that though!
Minor issue that came up when discussing SPC with someone.
In 1.2.1. Registration, we describe an example flow where the user registers in a cross-origin iframe during a transaction. A number of issues here has led to confusion aroudn whether the cross-origin iframe is required:
"payment"extension as 'required to allow credential creation in an iframe, and so that the browser knows this credential relates to SPC' - these should probably be swapped to indicate which half is more important.I think we should fix these up at some point, to help aid understanding of SPC. We should perhaps also change 1.1.2. Registration in a third-party iframe to just be 'Registration', and then have 'in a third-party iframe' as a sub-point? I'm less confident in that though!