On Mon, Jun 3, 2024 at 7:36 PM Mike Taylor <miketa...@chromium.org> wrote:
> (oops, accidentally removed agl@ from To, fixing) > On 6/4/24 11:35 AM, Mike Taylor wrote: > > Hi Adam, > > Could you please request reviews (or N/A, if you have internal approvals) > for Privacy, Security, and Enterprise bits in your chromestatus entry? > > Reviews have been requested for some time now. Cheers AGL > thx, > Mike > On 6/4/24 5:59 AM, Adam Langley wrote: > > Contact emails a...@chromium.org > > Specification https://w3c.github.io/webauthn/#enum-hints > > Summary > > The new `hints` parameter[1] in WebAuthn requests allows sites to provide > guidance to browsers to guide their UI. The canonical use case are > enterprises which know that their internal sites use only security keys and > want to be able to communicate that so that browsers focus the UI on that > case. But hints also resolve a tension where the current > `authenticatorAttachment` parameter is strict: setting it to `platform` > excludes all cross-platform options and vice versa. This has proven less > than ideal in some cases. [1] https://w3c.github.io/webauthn/#enum-hints > > > Blink component Blink>WebAuthentication > <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3EWebAuthentication> > > TAG review None > > TAG review status Not applicable > > Risks > > > Interoperability and Compatibility > > None: new option which only tweaks UI. > > *Gecko*: No signal > > *WebKit*: No objections when asked in person. > > *Web developers*: Positive. Several sites have requested this > functionality, which motivated the spec change. They continue to want it > and have done so for quite a while now. > > WebView application risks > > Does this intent deprecate or change behavior of existing APIs, such that > it has potentially high risk for Android WebView-based applications? > > No. > > > Debuggability > > Not really. This causes the browser UI to switch emphasis, but doesn't > other change any site-observable behaviour. > > Will this feature be supported on all six Blink platforms (Windows, Mac, > Linux, ChromeOS, Android, and Android WebView)? > > On Android & Android WebView, support would require changes to other > components: the android.credentials code in the framework and, for older > Android versions, Play Services. That might come in the future, but it's > not part of the Blink and Chrome work. (The Blink change is, of course, > required for anything else in the system to be able to handle this > parameter.) > > > Some versions of Windows handle WebAuthn UI themselves and, while Chrome > can change it's UI, this parameter won't immediately change the Windows UI. > However, Microsoft is positive about this change and Chromium will be > updated to pass this parameter on as soon as the Windows API is able to > receive it. > > > Is this feature fully tested by web-platform-tests > <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> > ? No > > Hints only affect the browser UI and unknown parameters are ignored in > WebAuthn already. > > > Flag name on chrome://flags None > > > Finch feature name WebAuthenticationHints > > Requires code in //chrome? True: Chrome-specific WebAuthn UI is handled > in //chrome and needs to respond to these hints. Other embedders would have > to do the same to benefit from this change. > > Estimated milestones > Shipping on desktop 128 > > > > Anticipated spec changes > > Open questions about a feature may be a source of future web compat or > interop issues. Please list open issues (e.g. links to known github issues > in the project for the feature specification) whose resolution may > introduce web compat/interop risk (e.g., changing to naming or structure of > the API in a non-backward-compatible way). > None > > Link to entry on the Chrome Platform Status > https://chromestatus.com/feature/5145737733341184?gate=5155815622443008 > -- > You received this message because you are subscribed to the Google Groups > "blink-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to blink-dev+unsubscr...@chromium.org. > To view this discussion on the web visit > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL9PXLzcnJ9xLwJZzQJBL0UJdnDGb7tB5Uu7cYqB%2Bdcdb%2BCfTQ%40mail.gmail.com > <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL9PXLzcnJ9xLwJZzQJBL0UJdnDGb7tB5Uu7cYqB%2Bdcdb%2BCfTQ%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL9PXLzyi2YtmG1wHxj1nojvaek3%2BNiybDYmv8PJ1jP_MNftnQ%40mail.gmail.com.