Is there additional fingerprinting risk here? I'm happy to see this move forward even if there is, but we should call it out.
On Tuesday, November 19, 2024 at 9:24:50 AM UTC-8 Andrii Natiahlyi wrote: > Hello Mike, > > Thank you for your feedback. > > Regarding Gecko, I requested a Mozilla position on this emerging web > specification <https://github.com/mozilla/standards-positions/issues/1114> > . > > > Given that any capability can be omitted, do we expect {} to be > conforming, however unlikely (I think yes?)? > > And yes, you're correct. Even though it's unlikely, we do expect an empty > set `{}` to be conforming. > > Best, > Andrii > > > On Mon, Nov 18, 2024 at 7:43 PM Mike Taylor <miketa...@chromium.org> > wrote: > >> On 11/14/24 9:39 AM, 'Andrii Natiahlyi' via blink-dev wrote: >> >> Contact emails natiah...@google.com, a...@google.com >> >> Explainer None >> >> Specification https://w3c.github.io/webauthn/#sctn-getClientCapabilities >> >> Summary >> >> getClientCapabilities() method allows to determine which WebAuthn >> features are supported by the user's client. The method returns a list of >> supported capabilities, allowing developers to tailor authentication >> experiences and workflows based on the client's specific functionality. >> >> >> Blink component Blink>WebAuthentication >> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3EWebAuthentication> >> >> TAG review None >> >> It may be useful to send a non-blocking/FYI review here, since this is a >> flavor of feature detection. >> >> >> TAG review status Not applicable >> >> Risks >> >> >> Interoperability and Compatibility >> >> None >> >> >> *Gecko*: No signal >> >> Can we ask for one? >> >> >> *WebKit*: Shipped/Shipping ( >> https://developer.apple.com/documentation/safari-release-notes/safari-17_4-release-notes#WebAuthn >> ) >> >> *Web developers*: No signals >> >> *Other signals*: >> >> WebView application risks >> >> Does this intent deprecate or change behavior of existing APIs, such that >> it has potentially high risk for Android WebView-based applications? >> >> None >> >> >> Debuggability >> >> None >> >> This should probably be N/A - DevTools doesn't need anything special here. >> >> >> >> Will this feature be supported on all six Blink platforms (Windows, Mac, >> Linux, ChromeOS, Android, and Android WebView)? Yes >> >> Is this feature fully tested by web-platform-tests >> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> >> ? Yes >> >> https://wpt.fyi/results/webauthn/getclientcapabilities.https.html >> >> Given that any capability can be omitted, do we expect {} to be >> conforming, however unlikely (I think yes?)? >> >> >> >> DevTrial instructions >> https://docs.google.com/document/d/e/2PACX-1vR3yUwIFZ0LbKpJ6J4GBamP-IrBgkal3arJ_CZLbRZwBDhFTZpdpVYMsPuvB6Mjnl0heE-6r9wE7Sfw/pub >> >> Flag name on about://flags enable-experimental-web-platform-features >> >> Finch feature name WebAuthenticationClientCapabilities >> >> Requires code in //chrome? False >> >> Tracking bug https://g-issues.chromium.org/issues/360327828 >> >> Availability expectation Safari has shipped an implementation already. >> >> Estimated milestones >> Shipping on desktop 133 >> DevTrial on desktop 131 >> Shipping on Android 133 >> DevTrial on Android 131 >> Shipping on WebView 133 >> >> Anticipated spec changes >> >> Open questions about a feature may be a source of future web compat or >> interop issues. Please list open issues (e.g. links to known github issues >> in the project for the feature specification) whose resolution may >> introduce web compat/interop risk (e.g., changing to naming or structure of >> the API in a non-backward-compatible way). >> None >> >> Link to entry on the Chrome Platform Status >> https://chromestatus.com/feature/5128205875544064?gate=5206408640069632 >> >> Links to previous Intent discussions Intent to Prototype: >> https://groups.google.com/a/chromium.org/g/blink-dev/c/Wb8VjXe_zT8 >> Ready for Trial: >> https://groups.google.com/a/chromium.org/g/blink-dev/c/YTkGIdlQMAw >> >> >> This intent message was generated by Chrome Platform Status >> <https://chromestatus.com/>. >> >> -- >> >> Andrii Natiahlyi >> >> Software Engineer >> >> natiah...@google.com >> >> Google Germany GmbH >> >> Erika-Mann-Straße 33 >> >> 80636 München >> >> Geschäftsführer: Paul Manicle, Liana Sebastian >> >> Registergericht und -nummer: Hamburg, HRB 86891 >> >> Sitz der Gesellschaft: Hamburg >> -- >> You received this message because you are subscribed to the Google Groups >> "blink-dev" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to blink-dev+unsubscr...@chromium.org. >> To view this discussion visit >> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAMrd0vy9wGn_fEQ4e9mX87cgz_jReJw7zOhbTrDweKARCUwyRw%40mail.gmail.com >> >> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAMrd0vy9wGn_fEQ4e9mX87cgz_jReJw7zOhbTrDweKARCUwyRw%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> >> -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/27406fd9-34a7-48a9-adcc-4f8681a46a17n%40chromium.org.
