> On Feb 22, 2017, at 5:52 AM, Jacob Greenfield <[email protected]> wrote: > > I’m working on adding support to WebKit for FIDO U2F (JS API: > https://fidoalliance.org/specs/fido-u2f-v1.1-id-20160915/fido-u2f-javascript-api-v1.1-id-20160915.html > Architecture overview: > https://fidoalliance.org/specs/fido-u2f-v1.1-id-20160915/fido-u2f-overview-v1.1-id-20160915.html > ). The FIDO U2F specification allows a secure second factor to be used > during authentication flow, with bidirectional verification (token verifies > server, server verifies token and token’s knowledge of a specific private > key). There are current implementations in Chrome, Opera, and Blink > (Firefox). I’m primarily interested in bringing support to Safari, so that is > the focus what I am currently working on.
Hi Jacob, and welcome to WebKit. I went looking for how to use the feature in Chrome and Firefox (I assume you meant Gecko (Firefox), not Blink (Firefox)) I’m a little confused as to how this feature is exposed in the other browsers. On the topic of the low-level MessagePort API, section 3 states “This specification does not describe how such a port is made available to RP web pages, as this is (for now) implementation and browser dependent” (https://fidoalliance.org/specs/fido-u2f-v1.1-id-20160915/fido-u2f-javascript-api-v1.1-id-20160915.html#api-levels <https://fidoalliance.org/specs/fido-u2f-v1.1-id-20160915/fido-u2f-javascript-api-v1.1-id-20160915.html#api-levels>). Similarly, for the high-level API, it states in section 3.2, “Implementations may choose how to make such an API available to RP web pages. If such an API is provided, it should provide a namespace object u2f of the following interface" (https://fidoalliance.org/specs/fido-u2f-v1.1-id-20160915/fido-u2f-javascript-api-v1.1-id-20160915.html#high-level-javascript-api <https://fidoalliance.org/specs/fido-u2f-v1.1-id-20160915/fido-u2f-javascript-api-v1.1-id-20160915.html#high-level-javascript-api>). Do you have insight into how either of these APIs are exposed in other browsers? How do you plan on exposing them in WebKit? I should say, generally, I am concerned with APIs that leave important details like how the APIs are exposed to the implementation, as they lead to non-interoperable implementations. Thanks, - Sam
_______________________________________________ webkit-dev mailing list [email protected] https://lists.webkit.org/mailman/listinfo/webkit-dev
