Dear WebKit folks, We (Chromium) are adding support to use WebOTP API <http://web.dev/web-otp>in cross-origin iframes. As part of that we're interested in WebKit opinions around this API.
In general WebKit and Chromium agree on the SMS format that is used in a SMS verification process. The specification <https://wicg.github.io/sms-one-time-codes> editors are from Apple and Google. On the format front, WebKit raised the initial request <https://github.com/WICG/sms-one-time-codes/issues/4> of using sms-one-time-code in nested frames to support third party or a separate service run by the same party. Cross-origin iframe support was included in the launch of the declarative API. <https://developer.apple.com/news/?id=z0i801mg> The difference is that Chromium uses this SMS format in an imperative API and that is WebOTP. WebKit's position in this API was "neutral" when we first launched it in M84. We'd like to get your fresh opinion around this API and the support in cross-origin iframes. Some useful links: Chrome Platform Status <https://www.chromestatus.com/feature/5679508336148480> Specification <https://wicg.github.io/web-otp/#sctn-permissions-policy> Design doc <https://docs.google.com/document/d/1dR-5-1O3SqAbQCRj_cBaQ7nQD5YlWzExcusmPcO2Xqs/edit?usp=sharing> TAG <https://github.com/w3ctag/design-reviews/issues/604> Cheers Yi
_______________________________________________ webkit-dev mailing list webkit-dev@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-dev