[webkit-dev] Implementing Universal Second Factor (U2F)

Ryosuke Niwa rniwa at webkit.org
Wed Feb 22 13:22:21 PST 2017

On Wed, Feb 22, 2017 at 12:56 PM, Rick Byers <rbyers at chromium.org> wrote:

> Chrome ships with a built-in extension that exposes the high-level API
> (which I think we all agree is a hack).  We recently had this discussion
> <https://groups.google.com/a/chromium.org/d/msg/blink-dev/wfIVkXvQ7kQ/VfuOr_FhBwAJ>
> about the right path forward here, and agreed that we should instead focus
> our efforts
> <https://groups.google.com/a/chromium.org/forum/#!searchin/blink-dev/u2f%7Csort:relevance/blink-dev/qCJhuuZH5p0/le6l1t37AQAJ>
> on the Web Authentication API <https://w3c.github.io/webauthn/> instead,
> since it seemed much more likely to be something that would become
> interoperable between browsers.

Boris's comment in the referenced thread makes me think that we should just
implement https://w3c.github.io/webauthn/ if any:

1) [Gecko/Firefox] have an implementation of the FIDO U2F API behind a pref
> so people
> can experiment with it.
> 2) [Gecko/Firefox] plan to ship the API being developed at
> https://w3c.github.io/webauthn/ once it stabilizes.
> > 3) [Gecko/Firefox] have no plans to ship the FIDO U2F API, now or in
> the future.

As such, I don't think we should be implementing FIDO U2F API on trunk.

- R. Niwa
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-dev/attachments/20170222/4b69bf9f/attachment.html>

More information about the webkit-dev mailing list