Re: [blink-dev] Intent to Prototype: Allow for WebAuthn credential creation in a cross-origin iframe

That all makes sense to me. I was just hoping to find it explained somewhere. Reilly Grant | Software Engineer | reil...@chromium.org | Google Chrome On Sat, Nov 11, 2023 at 12:16 PM Rick Byers wrote: > Note FedCM, PaymentRequest and Storage access API

Re: [blink-dev] Intent to Prototype: Allow for WebAuthn credential creation in a cross-origin iframe

Note FedCM, PaymentRequest and Storage access API effectively all follow this policy too. 3PCD doesn't block cross-origin information sharing, it just requires user consent (and hopefully understanding) for doing so. These patterns all seem strictly stronger in terms of transparency and control

Re: [blink-dev] Intent to Prototype: Allow for WebAuthn credential creation in a cross-origin iframe

To clarify - WebAuthn credentials are already available for reading in a cross-origin iframe, as long the "publickey-credentials-get" permission policy is set. So the question probably stands for WebAuthn in general, rather than just this change to allow creation as well? I'm cc-ing agl@ as the

Re: [blink-dev] Intent to Prototype: Allow for WebAuthn credential creation in a cross-origin iframe

Is this proposal compatible with the deprecation of third-party cookies and partitioned storage? Since credentials are origin-bound, what credentials are available to a frame on origin A embedded under origin B? Reilly Grant | Software Engineer | reil...@chromium.org | Google Chrome

[blink-dev] Intent to Prototype: Allow for WebAuthn credential creation in a cross-origin iframe

Contact emailssmcgr...@chromium.org ExplainerNone Specification https://w3c.github.io/webauthn/#publickey-credentials-create-feature Summary This feature allows web developers to create WebAuthn[0] credentials (that is, "publickey" credentials, aka passkeys) in cross-origin iframes. Two