Gap between BBK requirements and specification

# Spec: Gap between BBK requirements and specification
The [BBK requirements document](https://github.com/w3c/secure-payment-confirmation/blob/main/bbk-requirements.md) describes BBKs as having a strict 1-1 relationship with a tuple of (Browser instance, passkey, device). Currently the SPC specification does not describe how the tuple is formed or how the relationship is enforced. 
1. The [Browser Bound Key Stores](https://www.w3.org/TR/secure-payment-confirmation/#sctn-browser-bound-key-store) description "owned by the user agent" is ambiguous, and does not describe how a BBK is bound to a browser instance, additionally it does not prevent the user agent from holding many such stores. 
2. The [binding process](https://www.w3.org/TR/secure-payment-confirmation/#sctn-binding-a-keypair) describes how a BBK may be associated with a passkey, but does not enforce an exclusive association (One BBK could be bound to many passkeys following this description)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Gap between BBK requirements and specification #321

Spec: Gap between BBK requirements and specification

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Gap between BBK requirements and specification #321

Description

Spec: Gap between BBK requirements and specification

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions