On Mon, Jun 10, 2024 at 9:36 PM Yoav Weiss (@Shopify) < yoavwe...@chromium.org> wrote:
> TAG review statusNot applicable >> > > Can you clarify why that's the case? > This is a tiny change that is already in a WG's editor's draft. > Interoperability and Compatibility >> >> None: new option which only tweaks UI. >> >> *Gecko*: No signal >> >> *WebKit*: No objections when asked in person. >> > > Can you ask for positions? https://bit.ly/blink-signals > https://github.com/WebKit/standards-positions/issues/365 https://github.com/mozilla/standards-positions/issues/1043 > Is it possible to put together a small explainer for this. It's a bit difficult to understand what this hint would control. Do you have examples? I'm not sure that this is big enough for a formal explainer, but I can summarize quickly here: In the beginning, WebAuthn was a spec purely for security keys and overwhelmingly for enterprises. Those enterprises were eventually happy once the spec was fleshed out to cover all their needs. Then WebAuthn started being useful for non-enterprise cases too, and browser UI now includes those options. Also, the UI shows non-security-key options prominently because most users are no longer using security keys. But that makes the enterprises sad: they issue security keys to their employees and liked the old UI a lot better. So this "hints" parameter lets sites express that they want the UI to default to security keys because they know that it's an internal website and all the users are required to use their company-issued security keys with it. That's 90% of the motivation. There is also some desire in the WG to tweak the ways that some existing, somewhat similar mechanisms work and so the start of that also exists as a couple of other hints that can be expressed. The Chromium implementation does currently also recognise and respect those values too because it's trivial to include them. Cheers AGL > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL9PXLzHtofcaVHUT9FZfCtqNbsU00%3DxnLRZqA58QcJU%2BcaM5A%40mail.gmail.com.