Dear WebKit folks, We (Chromium) are fleshing out our support for WebAuthn Level Two <https://www.w3.org/TR/webauthn/> and CTAP 2.1 <https://fidoalliance.org/specs/fido-v2.1-rd-20210309/fido-client-to-authenticator-protocol-v2.1-rd-20210309.html> (the corresponding protocol between devices and security keys).
As part of that we're interested in any WebKit opinions about the following: CTAP 2.1 credBlob extension <https://fidoalliance.org/specs/fido-v2.1-rd-20210309/fido-client-to-authenticator-protocol-v2.1-rd-20210309.html#sctn-credBlob-extension> (Intent thread <https://groups.google.com/a/chromium.org/g/blink-dev/c/Vfg2o0peyYg/m/Vp0h8i5VBQAJ> , platform status entry <https://chromestatus.com/feature/5541178411843584> ): This is a bytestring stored by the authenticator, just like the user handle, but a separate value. Microsoft plan to use it in mixed web/native contexts to store the hash of some externally-provided information in order to authenticate it. (This only involves an IDL change in Chromium due to the way that we implemented authenticator extensions, it might not need code changes in WebKit.) Minimum PIN lengths <https://fidoalliance.org/specs/fido-v2.1-rd-20210309/fido-client-to-authenticator-protocol-v2.1-rd-20210309.html#sctn-feature-descriptions-minPinLength> (not yet the subject of an Intent to Ship): This allows enterprises to configure a minimum PIN length greater than the default value of four. It also involves an extension <https://fidoalliance.org/specs/fido-v2.1-rd-20210309/fido-client-to-authenticator-protocol-v2.1-rd-20210309.html#sctn-minpinlength-extension> to report, to the enterprise, what minimum is in effect. The extension will involve IDL changes in Chromium for the same reason, and our PIN-related management UIs would have to be updated to respect the configured minimum. Cheers AGL
_______________________________________________ webkit-dev mailing list webkit-dev@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-dev