Is there additional fingerprinting risk here? I'm happy to see this move 
forward even if there is, but we should call it out.

On Tuesday, November 19, 2024 at 9:24:50 AM UTC-8 Andrii Natiahlyi wrote:

> Hello Mike,
>
> Thank you for your feedback.
>
> Regarding Gecko, I requested a Mozilla position on this emerging web 
> specification <https://github.com/mozilla/standards-positions/issues/1114>
> .
>
> > Given that any capability can be omitted, do we expect {} to be 
> conforming, however unlikely (I think yes?)?
>
> And yes, you're correct. Even though it's unlikely, we do expect an empty 
> set `{}` to be conforming.
>
> Best,
> Andrii
>
>
> On Mon, Nov 18, 2024 at 7:43 PM Mike Taylor <miketa...@chromium.org> 
> wrote:
>
>> On 11/14/24 9:39 AM, 'Andrii Natiahlyi' via blink-dev wrote:
>>
>> Contact emails natiah...@google.com, a...@google.com
>>
>> Explainer None
>>
>> Specification https://w3c.github.io/webauthn/#sctn-getClientCapabilities
>>
>> Summary 
>>
>> getClientCapabilities() method allows to determine which WebAuthn 
>> features are supported by the user's client. The method returns a list of 
>> supported capabilities, allowing developers to tailor authentication 
>> experiences and workflows based on the client's specific functionality.
>>
>>
>> Blink component Blink>WebAuthentication 
>> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3EWebAuthentication>
>>
>> TAG review None
>>
>> It may be useful to send a non-blocking/FYI review here, since this is a 
>> flavor of feature detection.
>>
>>
>> TAG review status Not applicable
>>
>> Risks 
>>
>>
>> Interoperability and Compatibility 
>>
>> None
>>
>>
>> *Gecko*: No signal
>>
>> Can we ask for one?
>>
>>
>> *WebKit*: Shipped/Shipping (
>> https://developer.apple.com/documentation/safari-release-notes/safari-17_4-release-notes#WebAuthn
>> )
>>
>> *Web developers*: No signals
>>
>> *Other signals*:
>>
>> WebView application risks 
>>
>> Does this intent deprecate or change behavior of existing APIs, such that 
>> it has potentially high risk for Android WebView-based applications?
>>
>> None
>>
>>
>> Debuggability 
>>
>> None
>>
>> This should probably be N/A - DevTools doesn't need anything special here.
>>
>>
>>
>> Will this feature be supported on all six Blink platforms (Windows, Mac, 
>> Linux, ChromeOS, Android, and Android WebView)? Yes
>>
>> Is this feature fully tested by web-platform-tests 
>> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md>
>> ? Yes 
>>
>> https://wpt.fyi/results/webauthn/getclientcapabilities.https.html
>>
>> Given that any capability can be omitted, do we expect {} to be 
>> conforming, however unlikely (I think yes?)?
>>
>>
>>
>> DevTrial instructions 
>> https://docs.google.com/document/d/e/2PACX-1vR3yUwIFZ0LbKpJ6J4GBamP-IrBgkal3arJ_CZLbRZwBDhFTZpdpVYMsPuvB6Mjnl0heE-6r9wE7Sfw/pub
>>
>> Flag name on about://flags enable-experimental-web-platform-features
>>
>> Finch feature name WebAuthenticationClientCapabilities
>>
>> Requires code in //chrome? False
>>
>> Tracking bug https://g-issues.chromium.org/issues/360327828
>>
>> Availability expectation Safari has shipped an implementation already.
>>
>> Estimated milestones 
>> Shipping on desktop 133 
>> DevTrial on desktop 131 
>> Shipping on Android 133 
>> DevTrial on Android 131 
>> Shipping on WebView 133 
>>
>> Anticipated spec changes 
>>
>> Open questions about a feature may be a source of future web compat or 
>> interop issues. Please list open issues (e.g. links to known github issues 
>> in the project for the feature specification) whose resolution may 
>> introduce web compat/interop risk (e.g., changing to naming or structure of 
>> the API in a non-backward-compatible way).
>> None
>>
>> Link to entry on the Chrome Platform Status 
>> https://chromestatus.com/feature/5128205875544064?gate=5206408640069632
>>
>> Links to previous Intent discussions Intent to Prototype: 
>> https://groups.google.com/a/chromium.org/g/blink-dev/c/Wb8VjXe_zT8
>> Ready for Trial: 
>> https://groups.google.com/a/chromium.org/g/blink-dev/c/YTkGIdlQMAw
>>
>>
>> This intent message was generated by Chrome Platform Status 
>> <https://chromestatus.com/>.
>>
>> -- 
>>
>> Andrii Natiahlyi
>>
>> Software Engineer
>>
>> natiah...@google.com
>>
>> Google Germany GmbH
>>
>> Erika-Mann-Straße 33
>>
>> 80636 München
>>
>> Geschäftsführer: Paul Manicle, Liana Sebastian
>>
>> Registergericht und -nummer: Hamburg, HRB 86891
>>
>> Sitz der Gesellschaft: Hamburg
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "blink-dev" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to blink-dev+unsubscr...@chromium.org.
>> To view this discussion visit 
>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAMrd0vy9wGn_fEQ4e9mX87cgz_jReJw7zOhbTrDweKARCUwyRw%40mail.gmail.com
>>  
>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAMrd0vy9wGn_fEQ4e9mX87cgz_jReJw7zOhbTrDweKARCUwyRw%40mail.gmail.com?utm_medium=email&utm_source=footer>
>> .
>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to blink-dev+unsubscr...@chromium.org.
To view this discussion visit 
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/27406fd9-34a7-48a9-adcc-4f8681a46a17n%40chromium.org.

Reply via email to