[blink-dev] Intent to Prototype: WebAuthn devicePubKey extension support

Contact emails...@chromium.org Specificationhttps://github.com/w3c/webauthn/pull/1663 Summary The devicePubKey extension to WebAuthn permits a multi-device credential to also have a device-bound key. This allows sites to incorporate device identity information into risk analysis during sign-in.

[blink-dev] Re: Intent to Prototype: WebAuthn devicePubKey extension support

On Tue, Aug 30, 2022 at 1:58 AM Yifan Luo wrote: > Hey! > > I'm taking a look at this feature as a security reviewer and I'm a bit > lack of the background information of it. > > Would you mind adding some explainer/design doc for it? It would be great > if you could also fill in a security-priva

Re: [blink-dev] Intent to Ship: [WebAuthn] Authenticator Attachment in Public Key Credential

On Thursday, October 14, 2021 at 1:49:39 AM UTC-7 yoav...@chromium.org wrote: > Apologies, but it's not clear to me what this does. A higher-level > explainer may be helpful here. > When returning a WebAuthn assertion, browsers will say whether the assertion came from a removable device or not

Re: [blink-dev] Intent to Ship: WebAuthn PRF extension

On Sun, Aug 25, 2024 at 4:59 AM Viet Quoc Le wrote: > it's been 1 year, There any update about this on chrome. I am tried to run > passkey with Chrome Canary 130, but it seems doesn't support RPF Extension > On Thursday, July 27, 2023 at 12:26:18 AM UTC+7 Mike Taylor wrote: > iCloud Keychain and

Re: [blink-dev] Intent to Ship: WebAuthn PRF extension

On Tue, Aug 27, 2024 at 1:12 PM Vivek Bhupatiraju wrote: > Do you have a demo or sample site where this works on Chromium browsers? > Most demos I try where I set up a passkey on my Chrome profile say "prf: > {enabled: false}". For example > https://levischuck.com/blog/2023-02-prf-webauthn The

[blink-dev] Intent to deprecate forwarding of mdoc-scheme URLs as Android Intents

*Primary eng emails* a...@chromium.org, rby...@chromium.org *Summary* Creating a dedicated secure browser API for mdoc selection to replace mdoc-scheme URLs on Chrome and Android. *Motivation* Last month, we sent

Re: [blink-dev] Intent to deprecate forwarding of mdoc-scheme URLs as Android Intents

On Tue, Mar 21, 2023 at 4:25 AM Yoav Weiss wrote: > Thanks for sending this intent! :) > > It seems like you didn't use the chromestatus.com template, so a few > things are missing: > * The title is non-standard and hence didn't get caught in our tooling > * What's the timeline for which you want

Re: [blink-dev] Intent to deprecate forwarding of mdoc-scheme URLs as Android Intents

On Fri, Mar 24, 2023 at 2:45 AM Nicola Tommasi wrote: > Hi Adam, > > Thanks for sending this intent. I'm trying to understand a bit more the > proposed deprecation so I have a few questions for you: > > - Are these URIs already used by other APIs?If so, could you please make > an example? > Thes

[blink-dev] Intent to Ship: WebAuthn PRF extension

Contact emails...@chromium.org Explainerhttps://github.com/w3c/webauthn/wiki/Explainer:-PRF-extension Specificationhttps://w3c.github.io/webauthn/#prf-extension Summary The PRF extension to WebAuthn allows a pseudo-random function (i.e. HMAC), stored on the security key, to be evaluated when ge

Re: [blink-dev] Intent to Ship: WebAuthn PRF extension

On Mon, May 1, 2023 at 1:25 AM Alex Russell wrote: > This looks good on the surface, but I'm wondering if there's sample code > somewhere that can demonstrate how this would be used? > Good point. I've added an example of basic usage to the explainer page: https://github.com/w3c/webauthn/wiki/Ex

Re: [blink-dev] Intent to Ship: WebAuthn PRF extension

On Mon, May 1, 2023 at 12:47 PM Nick Steele wrote: > 1 Password is also supportive of this extension being added. Being able to > encrypt data alongside a credential would be useful to us and our users. > > I'd like some clarification on the contextual string being provided for > HMAC hashing. Wh

Re: [blink-dev] Intent to Ship: WebAuthn PRF extension

On Tue, May 2, 2023 at 8:31 AM Caleb Raitto wrote: > I think this was discussed before with mmenke@, but he's ooo: > > How does this feature work in cross-site iframes? What prevents the PRF > from acting as a cross site identifier (are credentials usable in cross > site iframes)? > WebAuthn wor

Re: [blink-dev] Intent to Ship: WebAuthn PRF extension

On Tue, May 2, 2023 at 9:55 AM Caleb Raitto wrote: > Thanks, makes sense -- can a note about this be added to the privacy > section of the explainer / spec? > I think the Privacy section covers that now. If you see gaps, please do let me know. Cheers AGL -- You received this message because

Re: [blink-dev] Intent to Ship: WebAuthn PRF extension

On Wed, May 3, 2023 at 4:07 AM Yoav Weiss wrote: > *WebKit*: No signal >> > > Have we asked? If not, can you file for positions according to > https://bit.ly/blink-signals? > I've spoke to Apple people directly, but happy to file a request too: https://github.com/mozilla/standards-positions/iss

Re: [blink-dev] Intent to Ship: WebAuthn PRF extension

On Fri, May 5, 2023 at 11:00 AM Caleb Raitto wrote: > On Thursday, May 4, 2023 at 6:11:17 PM UTC-4 Adam Langley wrote: > > On Tue, May 2, 2023 at 9:55 AM Caleb Raitto wrote: > > Thanks, makes sense -- can a note about this be added to the privacy > section of the explainer / spec? > > > I think

Re: [blink-dev] Intent to Ship: WebAuthn PRF extension

On Sat, Jul 22, 2023 at 2:15 PM Vivek Bhupatiraju wrote: > Are there any updates on this Intent To Ship? I would also love this > extension as it allows for an amazing UX for encryption. > Default-enabled in Chrome M116, so you should be able to experiment with it on Beta channel ahead of the M1