On Thu, Oct 14, 2021 at 5:53 PM 'David Waite' via blink-dev < blink-dev@chromium.org> wrote:
> Not knowing Blink's policies here, I'd like to point out that while the PR > was merged, the WebAuthn WG charter that would lead to Level 3 has not yet > been approved. > You can learn more about Blink's policies here on this page <https://www.chromium.org/blink/guidelines/web-platform-changes-guidelines>; the section titled "Specifications" is probably the most relevant. > > On Thursday, October 14, 2021 at 2:49:39 AM UTC-6 yoav...@chromium.org > wrote: > >> On Wed, Oct 13, 2021 at 6:17 PM 'zakaria ridouh' via blink-dev < >> blin...@chromium.org> wrote: >> >>> *Contact emails* >>> >>> rid...@google.com >>> >>> >>> *Explainer* >>> >>> Add the authenticator attachment (platform/cross-platform) used during >>> both registration and authentication to the public key credential payload >>> returned from the browser to the RP/relying party (website/application etc). >>> >>> >>> This feature enables the following flow: >>> >>> If the proposed authenticator attachment field of the >>> attestation/assertion is “cross-platform”, and isUVPAA (i.e a >>> user-verifying platform authenticator is available, already available >>> within Chrome) returns true, then sites should have the ability to offer to >>> the user to register the current device's platform authenticator. >>> >>> >>> This provides a superior user experience, by removing the need for the >>> user to authenticate using a cross platform authenticator, and instead use >>> the built in authenticator. >>> >>> >>> -- Development Bug: >>> https://bugs.chromium.org/p/chromium/issues/detail?id=1243721 >>> >> >> Apologies, but it's not clear to me what this does. A higher-level >> explainer may be helpful here. >> >> >>> >>> *Specification* >>> >>> W3C Spec Change Merged. >>> >>> https://github.com/w3c/webauthn/pull/1668 >>> >>> >>> *Summary* >>> >>> Add the authenticator attachment (platform/cross-platform) used during >>> both registration and authentication to the public key credential payload >>> returned from the browser to the relying party (website/application etc). >>> >>> >>> *Blink component* >>> >>> Blink>WebAuthentication >>> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3EWebAuthentication> >>> >>> >>> *TAG review* >>> >>> N/A >>> >> >> Why is a TAG review not applicable? >> >> *TAG review status* >>> >>> N/A >>> >>> >>> *Risks* >>> >>> N/A >>> >>> >>> *Interoperability and Compatibility* >>> >>> Gecko: No signal >>> >>> WebKit: No signal >>> >> >> Could you ask for signals? https://bit.ly/blink-signals >> Otherwise, we can't assess the interoperability risk of this change. >> (i.e. whether other browser engines are likely to follow) >> >> >>> Web developers: No signals >>> >> >> Are developers likely to adopt this? If not, why are we adding this? >> https://goo.gle/developer-signals >> >> >>> Edge: Support Signals >>> >> Any links? >> >> >>> >>> *Debuggability:* >>> >>> Use WebAuthn tab on Chrome Dev Tools, and based on which transport is >>> picked, the authenticator attachment value on Public Key Credential >>> following successful registration or authentication will be different >>> (platform vs cross-platform). >>> >>> >>> *Is this feature fully tested by **web-platform-tests* >>> <https://chromium.googlesource.com/chromium/src/+/master/docs/testing/web_platform_tests.md> >>> *?* >>> >>> Yes. Link to WPT CL: >>> https://chromium-review.googlesource.com/c/chromium/src/+/3198901 >>> >>> >>> *Flag name* >>> >>> #enable-web-authentication-authenticator-attachment >>> >>> >>> *Requires code in //chrome?* >>> >>> False >>> >>> >>> *Tracking bug* >>> >>> https://bugs.chromium.org/p/chromium/issues/detail?id=1243721 >>> >>> >>> *Launch bug* >>> >>> N/A >>> >>> >>> *Estimated milestones* >>> >>> No milestones specified >>> >>> >>> *Link to entry on the Chrome Platform Status* >>> >>> https://chromestatus.com/feature/5698986645127168 >>> >>> >>> This intent message was generated by Chrome Platform Status >>> <https://www.chromestatus.com/>. >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "blink-dev" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to blink-dev+...@chromium.org. >>> To view this discussion on the web visit >>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CACR%2Ba_t2QFLf14CKJkG0JfefghZJ2D-ysNBf8BkTGUc%2BX_KU9A%40mail.gmail.com >>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CACR%2Ba_t2QFLf14CKJkG0JfefghZJ2D-ysNBf8BkTGUc%2BX_KU9A%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> >> > *CONFIDENTIALITY NOTICE: This email may contain confidential and > privileged material for the sole use of the intended recipient(s). Any > review, use, distribution or disclosure by others is strictly prohibited. > If you have received this communication in error, please notify the sender > immediately by e-mail and delete the message and any file attachments from > your computer. Thank you.* > > -- > You received this message because you are subscribed to the Google Groups > "blink-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to blink-dev+unsubscr...@chromium.org. > To view this discussion on the web visit > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/9037455b-754d-42f2-9023-dfba895a5fecn%40chromium.org > <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/9037455b-754d-42f2-9023-dfba895a5fecn%40chromium.org?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAM0wra95W5Tr%3Dc2arhrdUJKORYc4Obwur9F8CDfpiUmxB8Wjew%40mail.gmail.com.
