I worry about fingerprinting as well and would like to see it called
out specifically.
thx ..Tom (mobile)
On Wed, Nov 20, 2024, 9:14 AM Alex Russell <slightly...@chromium.org>
wrote:
Is there additional fingerprinting risk here? I'm happy to see
this move forward even if there is, but we should call it out.
On Tuesday, November 19, 2024 at 9:24:50 AM UTC-8 Andrii Natiahlyi
wrote:
Hello Mike,
Thank you for your feedback.
Regarding Gecko, I requested a Mozilla position on this
emerging web specification
<https://github.com/mozilla/standards-positions/issues/1114>.
> Given that any capability can be omitted, do we expect {} to
be conforming, however unlikely (I think yes?)?
And yes, you're correct. Even though it's unlikely, we do
expect an empty set `{}` to be conforming.
Best,
Andrii
On Mon, Nov 18, 2024 at 7:43 PM Mike Taylor
<miketa...@chromium.org> wrote:
On 11/14/24 9:39 AM, 'Andrii Natiahlyi' via blink-dev wrote:
Contact emails
natiah...@google.com, a...@google.com
Explainer
None
Specification
https://w3c.github.io/webauthn/#sctn-getClientCapabilities
Summary
getClientCapabilities() method allows to determine which
WebAuthn features are supported by the user's client. The
method returns a list of supported capabilities, allowing
developers to tailor authentication experiences and
workflows based on the client's specific functionality.
Blink component
Blink>WebAuthentication
<https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3EWebAuthentication>
TAG review
None
It may be useful to send a non-blocking/FYI review here,
since this is a flavor of feature detection.
TAG review status
Not applicable
Risks
Interoperability and Compatibility
None
/Gecko/: No signal
Can we ask for one?
/WebKit/: Shipped/Shipping
(https://developer.apple.com/documentation/safari-release-notes/safari-17_4-release-notes#WebAuthn)
/Web developers/: No signals
/Other signals/:
WebView application risks
Does this intent deprecate or change behavior of existing
APIs, such that it has potentially high risk for Android
WebView-based applications?
None
Debuggability
None
This should probably be N/A - DevTools doesn't need
anything special here.
Will this feature be supported on all six Blink
platforms (Windows, Mac, Linux, ChromeOS,
Android, and Android WebView)?
Yes
Is this feature fully tested by
web-platform-tests
<https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md>?
Yes
https://wpt.fyi/results/webauthn/getclientcapabilities.https.html
Given that any capability can be omitted, do we expect {}
to be conforming, however unlikely (I think yes?)?
DevTrial instructions
https://docs.google.com/document/d/e/2PACX-1vR3yUwIFZ0LbKpJ6J4GBamP-IrBgkal3arJ_CZLbRZwBDhFTZpdpVYMsPuvB6Mjnl0heE-6r9wE7Sfw/pub
Flag name on about://flags
enable-experimental-web-platform-features
Finch feature name
WebAuthenticationClientCapabilities
Requires code in //chrome?
False
Tracking bug
https://g-issues.chromium.org/issues/360327828
Availability expectation
Safari has shipped an implementation already.
Estimated milestones
Shipping on desktop 133
DevTrial on desktop 131
Shipping on Android 133
DevTrial on Android 131
Shipping on WebView 133
Anticipated spec changes
Open questions about a feature may be a source of future
web compat or interop issues. Please list open issues
(e.g. links to known github issues in the project for the
feature specification) whose resolution may introduce web
compat/interop risk (e.g., changing to naming or
structure of the API in a non-backward-compatible way).
None
Link to entry on the Chrome Platform Status
https://chromestatus.com/feature/5128205875544064?gate=5206408640069632
Links to previous Intent discussions
Intent to Prototype:
https://groups.google.com/a/chromium.org/g/blink-dev/c/Wb8VjXe_zT8
Ready for Trial:
https://groups.google.com/a/chromium.org/g/blink-dev/c/YTkGIdlQMAw
This intent message was generated by Chrome Platform
Status <https://chromestatus.com/>.
--
Andrii Natiahlyi
Software Engineer
natiah...@google.com
Google Germany GmbH
Erika-Mann-Straße 33
<https://www.google.com/maps/search/Erika-Mann-Stra%C3%9Fe+33+%0D%0A+++++++++++++++80636+M%C3%BCnchen?entry=gmail&source=g>
<https://www.google.com/maps/search/Erika-Mann-Stra%C3%9Fe+33+%0D%0A+++++++++++++++80636+M%C3%BCnchen?entry=gmail&source=g>
80636 München
<https://www.google.com/maps/search/Erika-Mann-Stra%C3%9Fe+33+%0D%0A+++++++++++++++80636+M%C3%BCnchen?entry=gmail&source=g>
Geschäftsführer: Paul Manicle, Liana Sebastian
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
--
You received this message because you are subscribed to
the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails
from it, send an email to blink-dev+unsubscr...@chromium.org.
To view this discussion visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAMrd0vy9wGn_fEQ4e9mX87cgz_jReJw7zOhbTrDweKARCUwyRw%40mail.gmail.com
<https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAMrd0vy9wGn_fEQ4e9mX87cgz_jReJw7zOhbTrDweKARCUwyRw%40mail.gmail.com?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the Google
Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to blink-dev+unsubscr...@chromium.org.
To view this discussion visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/27406fd9-34a7-48a9-adcc-4f8681a46a17n%40chromium.org
<https://groups.google.com/a/chromium.org/d/msgid/blink-dev/27406fd9-34a7-48a9-adcc-4f8681a46a17n%40chromium.org?utm_medium=email&utm_source=footer>.
