Common RP ID in Related Origin Requests

[hetin k]

Hi Team,

If example.com is selected as the common RP ID, all other domains—such as example.in, example.eu, and example.au—will make cross-origin requests to the .well-known URL hosted on example.com. 

Could this cross-domain API call raise any compliance concerns (e.g., GDPR or other regional data protection regulations)?

[Tim Cappalli]

That is something your legal / compliance team should determine for your organization before utilizing the capability.

---

From: fido...@fidoalliance.org <fido...@fidoalliance.org> on behalf of hetin k <het...@gmail.com>
Sent: Thursday, July 10, 2025 3:49:53 PM
To: FIDO Dev (fido-dev) <fido...@fidoalliance.org>
Subject: [FIDO-DEV] Common RP ID in Related Origin Requests

 

Hi Team,

If example.com is selected as the common RP ID, all other domains—such as example.in, example.eu, and example.au—will make cross-origin requests to the .well-known URL hosted on example.com. 

Could this cross-domain API call raise any compliance concerns (e.g., GDPR or other regional data protection regulations)?

--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+u...@fidoalliance.org.
To view this discussion visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/c08564a3-e78e-4746-8d78-735ac4a807f8n%40fidoalliance.org.