On 6/4/24 9:50 PM, Adam Langley wrote:
On Mon, Jun 3, 2024 at 7:36 PM Mike Taylor <miketa...@chromium.org> wrote:
(oops, accidentally removed agl@ from To, fixing)
On 6/4/24 11:35 AM, Mike Taylor wrote:
Hi Adam,
Could you please request reviews (or N/A, if you have internal
approvals) for Privacy, Security, and Enterprise bits in your
chromestatus entry?
Reviews have been requested for some time now.
Sorry - unsure if this is a chromestatus bug or I am missing something -
I see that Privacy, Security, and Enterprise were requested 9 hours ago.
Either way - thanks. :)
thx,
Mike
On 6/4/24 5:59 AM, Adam Langley wrote:
Contact emails
a...@chromium.org
Specification
https://w3c.github.io/webauthn/#enum-hints
Summary
The new `hints` parameter[1] in WebAuthn requests allows sites
to provide guidance to browsers to guide their UI. The canonical
use case are enterprises which know that their internal sites
use only security keys and want to be able to communicate that
so that browsers focus the UI on that case. But hints also
resolve a tension where the current `authenticatorAttachment`
parameter is strict: setting it to `platform` excludes all
cross-platform options and vice versa. This has proven less than
ideal in some cases. [1] https://w3c.github.io/webauthn/#enum-hints
Blink component
Blink>WebAuthentication
<https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3EWebAuthentication>
TAG review
None
TAG review status
Not applicable
Risks
Interoperability and Compatibility
None: new option which only tweaks UI.
/Gecko/: No signal
/WebKit/: No objections when asked in person.
/Web developers/: Positive. Several sites have requested this
functionality, which motivated the spec change. They continue to
want it and have done so for quite a while now.
WebView application risks
Does this intent deprecate or change behavior of existing APIs,
such that it has potentially high risk for Android WebView-based
applications?
No.
Debuggability
Not really. This causes the browser UI to switch emphasis, but
doesn't other change any site-observable behaviour.
Will this feature be supported on all six Blink
platforms (Windows, Mac, Linux, ChromeOS, Android, and
Android WebView)?
On Android & Android WebView, support would require changes to
other components: the android.credentials code in the framework
and, for older Android versions, Play Services. That might come
in the future, but it's not part of the Blink and Chrome work.
(The Blink change is, of course, required for anything else in
the system to be able to handle this parameter.)
Some versions of Windows handle WebAuthn UI themselves and,
while Chrome can change it's UI, this parameter won't
immediately change the Windows UI. However, Microsoft is
positive about this change and Chromium will be updated to pass
this parameter on as soon as the Windows API is able to receive it.
Is this feature fully tested by web-platform-tests
<https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md>?
No
Hints only affect the browser UI and unknown parameters are
ignored in WebAuthn already.
Flag name on chrome://flags
None
Finch feature name
WebAuthenticationHints
Requires code in //chrome?
True: Chrome-specific WebAuthn UI is handled in //chrome and
needs to respond to these hints. Other embedders would have to
do the same to benefit from this change.
Estimated milestones
Shipping on desktop 128
Anticipated spec changes
Open questions about a feature may be a source of future web
compat or interop issues. Please list open issues (e.g. links to
known github issues in the project for the feature
specification) whose resolution may introduce web compat/interop
risk (e.g., changing to naming or structure of the API in a
non-backward-compatible way).
None
Link to entry on the Chrome Platform Status
https://chromestatus.com/feature/5145737733341184?gate=5155815622443008
--
You received this message because you are subscribed to the
Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from
it, send an email to blink-dev+unsubscr...@chromium.org.
To view this discussion on the web visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL9PXLzcnJ9xLwJZzQJBL0UJdnDGb7tB5Uu7cYqB%2Bdcdb%2BCfTQ%40mail.gmail.com
<https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL9PXLzcnJ9xLwJZzQJBL0UJdnDGb7tB5Uu7cYqB%2Bdcdb%2BCfTQ%40mail.gmail.com?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the Google Groups
"blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to blink-dev+unsubscr...@chromium.org.
To view this discussion on the web visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/0b6692fb-7985-42b9-b549-8e2045066567%40chromium.org.
