LGTM1. The internal privacy/security review concluded that the design of the developer flow's integration with an autofill prompt substantially mitigates privacy concerns around knowing whether the user has credentials. `isConditionalMediationAvailable` is tied to the underlying platform which we already reveal to the site through UA client hints and highly correlated with `isUserVerifyingPlatformAuthenticatorAvailable`, though it does allow marginal distinction between Win11+ and other Windows versions. Given that we're relying on the underlying platform authenticator, this is a leak we're unlikely to be able to address.
The benefits of driving more cross-browser usage of WebAuthn are substantially security-positive, however, and pushing the passkey story forward is a solid justification for shipping this mechanism IMO. Safari and Edge being on board mitigates to some extent the lack of engagement from Mozilla. Thank you for filing the standards position request anyway; I've poked some folks on the side to see if there's someone who might be interested in paying more attention. In the meantime, good luck shipping this! -mike On Tuesday, September 20, 2022 at 12:03:08 AM UTC+2 Nina Satragno wrote: > Filed https://github.com/mozilla/standards-positions/issues/692, thanks! > > On Mon, Sep 19, 2022 at 5:36 PM Jeffrey Yasskin <[email protected]> > wrote: > >> On Mon, Sep 19, 2022 at 2:25 PM Nina Satragno <[email protected]> >> wrote: >> >>> ... >>> Interoperability and Compatibility >>> >>> Very low: this is a new feature that's already implemented by Safari on >>> their Technology Preview. >>> >>> Gecko: No signal >>> >> >> It's probably worth filing a standards-position >> <https://github.com/mozilla/standards-positions/issues/new> request for >> significant WebAuthn changes, even though I see from >> https://groups.google.com/a/chromium.org/g/blink-dev/c/Vfg2o0peyYg/m/Vp0h8i5VBQAJ >> >> that we can't expect Mozilla to respond. >> >> Other than that: Yay! >> >> Jeffrey >> >> > > -- > > [image: Google Logo] > Nina Satragno > Ingeniera en Informática > she/her > [email protected] > > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/2391dbcc-4153-43e4-8354-a4cf6987f1edn%40chromium.org.
