On Thursday, October 14, 2021 at 1:49:39 AM UTC-7 yoav...@chromium.org wrote:
> Apologies, but it's not clear to me what this does. A higher-level > explainer may be helpful here. > When returning a WebAuthn assertion, browsers will say whether the assertion came from a removable device or not. I.e. if you touch a security key it'll say "cross-platform", but if you use Touch ID / Windows Hello it'll say "platform". Sites could already figure this out because they learn the supported transports of an authenticator during registration and removable devices offer things like "usb" or "ble", while the platform authenticators (Touch ID / Hello) say "internal". But we want to make this simpler for sites so that they have a clear signal when offering to register the platform as an authenticator might be useful. The vision is that, when phones are fully usable as security keys, users will be able to sign into sites on a desktop browser with them. But that site might want to know that a "removable" device was used (e.g. a phone) because registering the platform authenticator for future sign-ins is probably a better experience. >> *TAG review* >> >> N/A >> > > Why is a TAG review not applicable? > Seems like a very minor change and TAG is a very heavy process. > Web developers: No signals >> > > Are developers likely to adopt this? If not, why are we adding this? > https://goo.gle/developer-signals > Other parts of an ecosystem need to slot into place in order for everything to hang together: phones as security keys, syncing credentials, conditional UI, etc. So developers are probably uninterested in this part in isolation, but all together there's a fair amount of interest. GitHub, at least, are public about WebAuthn L2 being insufficient without several of changes in this set: 1 <https://github.com/w3c/webauthn/issues/1568> 2 <https://github.com/w3c/webauthn/issues/1567> 3 <https://github.com/w3c/webauthn/issues/1565>. > >> Edge: Support Signals >> > Any links? > Microsoft supporting here <https://github.com/w3c/webauthn/issues/1637#issuecomment-874804170>. (See "Assertion Transports" section; WG discussion changed "transports" to "attachment", which is what this thread is talking about.) Cheers AGL -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/62f2706a-e520-4aac-9765-7eb6d8648fcen%40chromium.org.
