(oops, accidentally removed agl@ from To, fixing)
On 6/4/24 11:35 AM, Mike Taylor wrote:
Hi Adam,
Could you please request reviews (or N/A, if you have internal
approvals) for Privacy, Security, and Enterprise bits in your
chromestatus entry?
thx,
Mike
On 6/4/24 5:59 AM, Adam Langley wrote:
Contact emails
a...@chromium.org
Specification
https://w3c.github.io/webauthn/#enum-hints
Summary
The new `hints` parameter[1] in WebAuthn requests allows sites to
provide guidance to browsers to guide their UI. The canonical use
case are enterprises which know that their internal sites use only
security keys and want to be able to communicate that so that
browsers focus the UI on that case. But hints also resolve a tension
where the current `authenticatorAttachment` parameter is strict:
setting it to `platform` excludes all cross-platform options and vice
versa. This has proven less than ideal in some cases. [1]
https://w3c.github.io/webauthn/#enum-hints
Blink component
Blink>WebAuthentication
<https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3EWebAuthentication>
TAG review
None
TAG review status
Not applicable
Risks
Interoperability and Compatibility
None: new option which only tweaks UI.
/Gecko/: No signal
/WebKit/: No objections when asked in person.
/Web developers/: Positive. Several sites have requested this
functionality, which motivated the spec change. They continue to want
it and have done so for quite a while now.
WebView application risks
Does this intent deprecate or change behavior of existing APIs, such
that it has potentially high risk for Android WebView-based applications?
No.
Debuggability
Not really. This causes the browser UI to switch emphasis, but
doesn't other change any site-observable behaviour.
Will this feature be supported on all six Blink platforms
(Windows, Mac, Linux, ChromeOS, Android, and Android WebView)?
On Android & Android WebView, support would require changes to other
components: the android.credentials code in the framework and, for
older Android versions, Play Services. That might come in the future,
but it's not part of the Blink and Chrome work. (The Blink change is,
of course, required for anything else in the system to be able to
handle this parameter.)
Some versions of Windows handle WebAuthn UI themselves and, while
Chrome can change it's UI, this parameter won't immediately change
the Windows UI. However, Microsoft is positive about this change and
Chromium will be updated to pass this parameter on as soon as the
Windows API is able to receive it.
Is this feature fully tested by web-platform-tests
<https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md>?
No
Hints only affect the browser UI and unknown parameters are ignored
in WebAuthn already.
Flag name on chrome://flags
None
Finch feature name
WebAuthenticationHints
Requires code in //chrome?
True: Chrome-specific WebAuthn UI is handled in //chrome and needs to
respond to these hints. Other embedders would have to do the same to
benefit from this change.
Estimated milestones
Shipping on desktop 128
Anticipated spec changes
Open questions about a feature may be a source of future web compat
or interop issues. Please list open issues (e.g. links to known
github issues in the project for the feature specification) whose
resolution may introduce web compat/interop risk (e.g., changing to
naming or structure of the API in a non-backward-compatible way).
None
Link to entry on the Chrome Platform Status
https://chromestatus.com/feature/5145737733341184?gate=5155815622443008
--
You received this message because you are subscribed to the Google
Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to blink-dev+unsubscr...@chromium.org.
To view this discussion on the web visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL9PXLzcnJ9xLwJZzQJBL0UJdnDGb7tB5Uu7cYqB%2Bdcdb%2BCfTQ%40mail.gmail.com
<https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL9PXLzcnJ9xLwJZzQJBL0UJdnDGb7tB5Uu7cYqB%2Bdcdb%2BCfTQ%40mail.gmail.com?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the Google Groups
"blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to blink-dev+unsubscr...@chromium.org.
To view this discussion on the web visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/24d1ed57-7ed0-429e-be56-e85ddd70e2ce%40chromium.org.
