- marked as minor
Basic, Messages - Why can't an Issuer Identifier have a path component?
Issue #322
resolved
Basic and Messages define "Issuer Identifier" as "A verifiable identifier of an Issuer. An issuer Identifier is a HTTPS URL with no path component."
Nowhere do we say why it can't have a path component. We should either say why it can't or allow it.
Comments (6)
-
-
-
assigned issue to
- changed status to open
.well-known and SWD does not allow it.
Certificate is issued to host.
-
assigned issue to
-
Issue
#325was marked as a duplicate of this issue. -
Issue
#331was marked as a duplicate of this issue. -
Simple Web Discovery only supports one endpoint per host.
Host is also what SSL certificates relate to.
Having more than one issuer per host greatly complicates things.
-
- changed status to resolved
Fixes
#322add security concern re SWD being per host as one reason issuers are per host - Log in to comment
It was a WG consensus.
If the issuer that is different from Javascript origin allows cross issuer scripting, which is not good.