Contact emails...@chromium.org Specificationhttps://github.com/w3c/webauthn/pull/1663
Summary The devicePubKey extension to WebAuthn permits a multi-device credential to also have a device-bound key. This allows sites to incorporate device identity information into risk analysis during sign-in. For example, a multi-device credential that is being presented from an unexpected geography might be able to skip additional authenticator challenges if the specific device is already known. Devices create local keys on demand and sign the same data as with the primary private key. No cross-credential tracking is possible as the additional device-bound keys are always specific to a single credential. We wish to prototype an implementation in Chromium so that other members of the WebAuthn WG can test some interoperable implementations and build confidence that all the parts hang together correctly. Blink componentBlink <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink> TAG review statusPending Risks Interoperability and Compatibility *Gecko*: No signal *WebKit*: No signal *Web developers*: No signals *Other signals*: at least one security key vendor wishes to experiment with a Chromium implementation. WebView application risks WebAuthn is not exposed in WebView and so this change won't be visible there. Debuggability If this extension moved to a full implementation, we would likely expose it via the existing virtual authenticator support in Chromium. There it can be used with WebDriver-based tests and for manual testing via DevTools. Is this feature fully tested by web-platform-tests <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> ?Not yet—spec still changing. Flag namechrome://flags/#enable-experimental-web-platform-features Requires code in //chrome?False Estimated milestones No milestones specified Link to entry on the Chrome Platform Status https://chromestatus.com/feature/5011158688333824 -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL9PXLzf86v_Xm80yRN2gvMHes%2B_RB2Won_EmoeqLLWDkSnopw%40mail.gmail.com.
