I worry about fingerprinting as well and would like to see it called out specifically.
thx ..Tom (mobile) On Wed, Nov 20, 2024, 9:14 AM Alex Russell <slightly...@chromium.org> wrote: > Is there additional fingerprinting risk here? I'm happy to see this move > forward even if there is, but we should call it out. > > On Tuesday, November 19, 2024 at 9:24:50 AM UTC-8 Andrii Natiahlyi wrote: > >> Hello Mike, >> >> Thank you for your feedback. >> >> Regarding Gecko, I requested a Mozilla position on this emerging web >> specification >> <https://github.com/mozilla/standards-positions/issues/1114>. >> >> > Given that any capability can be omitted, do we expect {} to be >> conforming, however unlikely (I think yes?)? >> >> And yes, you're correct. Even though it's unlikely, we do expect an empty >> set `{}` to be conforming. >> >> Best, >> Andrii >> >> >> On Mon, Nov 18, 2024 at 7:43 PM Mike Taylor <miketa...@chromium.org> >> wrote: >> >>> On 11/14/24 9:39 AM, 'Andrii Natiahlyi' via blink-dev wrote: >>> >>> Contact emails natiah...@google.com, a...@google.com >>> >>> Explainer None >>> >>> Specification https://w3c.github.io/webauthn/#sctn-getClientCapabilities >>> >>> Summary >>> >>> getClientCapabilities() method allows to determine which WebAuthn >>> features are supported by the user's client. The method returns a list of >>> supported capabilities, allowing developers to tailor authentication >>> experiences and workflows based on the client's specific functionality. >>> >>> >>> Blink component Blink>WebAuthentication >>> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3EWebAuthentication> >>> >>> TAG review None >>> >>> It may be useful to send a non-blocking/FYI review here, since this is a >>> flavor of feature detection. >>> >>> >>> TAG review status Not applicable >>> >>> Risks >>> >>> >>> Interoperability and Compatibility >>> >>> None >>> >>> >>> *Gecko*: No signal >>> >>> Can we ask for one? >>> >>> >>> *WebKit*: Shipped/Shipping ( >>> https://developer.apple.com/documentation/safari-release-notes/safari-17_4-release-notes#WebAuthn >>> ) >>> >>> *Web developers*: No signals >>> >>> *Other signals*: >>> >>> WebView application risks >>> >>> Does this intent deprecate or change behavior of existing APIs, such >>> that it has potentially high risk for Android WebView-based applications? >>> >>> None >>> >>> >>> Debuggability >>> >>> None >>> >>> This should probably be N/A - DevTools doesn't need anything special >>> here. >>> >>> >>> >>> Will this feature be supported on all six Blink platforms (Windows, Mac, >>> Linux, ChromeOS, Android, and Android WebView)? Yes >>> >>> Is this feature fully tested by web-platform-tests >>> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> >>> ? Yes >>> >>> https://wpt.fyi/results/webauthn/getclientcapabilities.https.html >>> >>> Given that any capability can be omitted, do we expect {} to be >>> conforming, however unlikely (I think yes?)? >>> >>> >>> >>> DevTrial instructions >>> https://docs.google.com/document/d/e/2PACX-1vR3yUwIFZ0LbKpJ6J4GBamP-IrBgkal3arJ_CZLbRZwBDhFTZpdpVYMsPuvB6Mjnl0heE-6r9wE7Sfw/pub >>> >>> Flag name on about://flags enable-experimental-web-platform-features >>> >>> Finch feature name WebAuthenticationClientCapabilities >>> >>> Requires code in //chrome? False >>> >>> Tracking bug https://g-issues.chromium.org/issues/360327828 >>> >>> Availability expectation Safari has shipped an implementation already. >>> >>> Estimated milestones >>> Shipping on desktop 133 >>> DevTrial on desktop 131 >>> Shipping on Android 133 >>> DevTrial on Android 131 >>> Shipping on WebView 133 >>> >>> Anticipated spec changes >>> >>> Open questions about a feature may be a source of future web compat or >>> interop issues. Please list open issues (e.g. links to known github issues >>> in the project for the feature specification) whose resolution may >>> introduce web compat/interop risk (e.g., changing to naming or structure of >>> the API in a non-backward-compatible way). >>> None >>> >>> Link to entry on the Chrome Platform Status >>> https://chromestatus.com/feature/5128205875544064?gate=5206408640069632 >>> >>> Links to previous Intent discussions Intent to Prototype: >>> https://groups.google.com/a/chromium.org/g/blink-dev/c/Wb8VjXe_zT8 >>> Ready for Trial: >>> https://groups.google.com/a/chromium.org/g/blink-dev/c/YTkGIdlQMAw >>> >>> >>> This intent message was generated by Chrome Platform Status >>> <https://chromestatus.com/>. >>> >>> -- >>> >>> Andrii Natiahlyi >>> >>> Software Engineer >>> >>> natiah...@google.com >>> >>> Google Germany GmbH >>> >>> Erika-Mann-Straße 33 >>> <https://www.google.com/maps/search/Erika-Mann-Stra%C3%9Fe+33+%0D%0A+++++++++++++++80636+M%C3%BCnchen?entry=gmail&source=g> >>> >>> <https://www.google.com/maps/search/Erika-Mann-Stra%C3%9Fe+33+%0D%0A+++++++++++++++80636+M%C3%BCnchen?entry=gmail&source=g> >>> >>> 80636 München >>> <https://www.google.com/maps/search/Erika-Mann-Stra%C3%9Fe+33+%0D%0A+++++++++++++++80636+M%C3%BCnchen?entry=gmail&source=g> >>> >>> Geschäftsführer: Paul Manicle, Liana Sebastian >>> >>> Registergericht und -nummer: Hamburg, HRB 86891 >>> >>> Sitz der Gesellschaft: Hamburg >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "blink-dev" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to blink-dev+unsubscr...@chromium.org. >>> To view this discussion visit >>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAMrd0vy9wGn_fEQ4e9mX87cgz_jReJw7zOhbTrDweKARCUwyRw%40mail.gmail.com >>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAMrd0vy9wGn_fEQ4e9mX87cgz_jReJw7zOhbTrDweKARCUwyRw%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> >>> -- > You received this message because you are subscribed to the Google Groups > "blink-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to blink-dev+unsubscr...@chromium.org. > To view this discussion visit > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/27406fd9-34a7-48a9-adcc-4f8681a46a17n%40chromium.org > <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/27406fd9-34a7-48a9-adcc-4f8681a46a17n%40chromium.org?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAK2Cwb7s0615yfX6trtE1eLHGOvK0Lq7sHrZRga17aZQeu6jQQ%40mail.gmail.com.
