Anders, The first target I'm working on is Desktop, though I've plans in 2017 to support WebAuthn on Android and iOS [1], too. WebAuthn already has definitions suitable for Android's Key Attestation [2] and SafetyNet formats [3], so they'll need implementations that tie into the dom::WebAuthentication class.
Cheers, J.C. [1] https://wiki.mozilla.org/Security/CryptoEngineering#Web_Authentication [2] https://w3c.github.io/webauthn/#android-key-attestation [3] https://w3c.github.io/webauthn/#android-safetynet-attestation On Wed, Nov 30, 2016 at 10:54 PM, Anders Rundgren < anders.rundgren....@gmail.com> wrote: > On Wednesday, November 30, 2016 at 5:42:30 PM UTC+1, Anders Rundgren wrote: > > It is a pity that external tokens have become the > > focus when the majority will rather rely on embedded > > security solutions which nowadays is a standard feature > > in Android and Windows platforms. > > Slight clarification to the above: The IoT folks pretty much build 100% on > embedded security with car-keys as an obvious exception. > > On mobile I would say that over 99% of all existing security solutions > based on cryptographic keys are relying on embedded (or "App level") keys > with Apple Pay as the most advanced example. > > That is, the token vendors and security folks do not represent the actual > market comprising of end-users and service providers. > > Maybe this is a project primarily targeting the desktop? > _______________________________________________ > dev-platform mailing list > dev-platform@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-platform > _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
