[webkit-dev] Implementing Universal Second Factor (U2F)

[Sam Weinig]

> On Feb 22, 2017, at 1:22 PM, Ryosuke Niwa <rniwa at webkit.org> wrote:
> 
> On Wed, Feb 22, 2017 at 12:56 PM, Rick Byers <rbyers at chromium.org <mailto:rbyers at chromium.org>> wrote:
> Chrome ships with a built-in extension that exposes the high-level API (which I think we all agree is a hack).  We recently had this discussion <https://groups.google.com/a/chromium.org/d/msg/blink-dev/wfIVkXvQ7kQ/VfuOr_FhBwAJ> about the right path forward here, and agreed that we should instead focus our efforts <https://groups.google.com/a/chromium.org/forum/#!searchin/blink-dev/u2f%7Csort:relevance/blink-dev/qCJhuuZH5p0/le6l1t37AQAJ> on the Web Authentication API <https://w3c.github.io/webauthn/> instead, since it seemed much more likely to be something that would become interoperable between browsers.
> 
> Boris's comment in the referenced thread makes me think that we should just implement https://w3c.github.io/webauthn/ <https://w3c.github.io/webauthn/> if any:
> 
> 1) [Gecko/Firefox] have an implementation of the FIDO U2F API behind a pref so people 
> can experiment with it. 
> 2) [Gecko/Firefox] plan to ship the API being developed at 
> https://w3c.github.io/webauthn/ <https://w3c.github.io/webauthn/> once it stabilizes. 
> > 3) [Gecko/Firefox] have no plans to ship the FIDO U2F API, now or in the future. 
> 
> As such, I don't think we should be implementing FIDO U2F API on trunk.
> 
> - R. Niwa
> 

Given that data, I agree with Ryosuke, and adding an implementing of the FIDO U2F API doesn’t seem like a great fit for WebKit.

That said, Jacob, do you have any interest in working on an implementation of the Web Authentication specification?

- Sam
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-dev/attachments/20170222/05fb8de6/attachment.html>