[webkit-dev] Implementing Universal Second Factor (U2F)
Rick Byers
rbyers at chromium.org
Wed Feb 22 15:13:35 PST 2017
As I understand, there's active development going on in both chromium and
Edge for Web Authentication right now. I'm sure those folks would love to
collaborate with someone working in WebKit (and I'm happy to make
introductions).
On Wed, Feb 22, 2017 at 6:08 PM, Sam Weinig <weinig at apple.com> wrote:
>
> On Feb 22, 2017, at 1:22 PM, Ryosuke Niwa <rniwa at webkit.org> wrote:
>
> On Wed, Feb 22, 2017 at 12:56 PM, Rick Byers <rbyers at chromium.org> wrote:
>
>> Chrome ships with a built-in extension that exposes the high-level API
>> (which I think we all agree is a hack). We recently had this discussion
>> <https://groups.google.com/a/chromium.org/d/msg/blink-dev/wfIVkXvQ7kQ/VfuOr_FhBwAJ>
>> about the right path forward here, and agreed that we should instead focus
>> our efforts
>> <https://groups.google.com/a/chromium.org/forum/#!searchin/blink-dev/u2f%7Csort:relevance/blink-dev/qCJhuuZH5p0/le6l1t37AQAJ>
>> on the Web Authentication API <https://w3c.github.io/webauthn/> instead,
>> since it seemed much more likely to be something that would become
>> interoperable between browsers.
>>
>
> Boris's comment in the referenced thread makes me think that we should
> just implement https://w3c.github.io/webauthn/ if any:
>
> 1) [Gecko/Firefox] have an implementation of the FIDO U2F API behind a
>> pref so people
>> can experiment with it.
>> 2) [Gecko/Firefox] plan to ship the API being developed at
>> https://w3c.github.io/webauthn/ once it stabilizes.
>> > 3) [Gecko/Firefox] have no plans to ship the FIDO U2F API, now or in
>> the future.
>
>
> As such, I don't think we should be implementing FIDO U2F API on trunk.
>
> - R. Niwa
>
>
> Given that data, I agree with Ryosuke, and adding an implementing of the
> FIDO U2F API doesn’t seem like a great fit for WebKit.
>
> That said, Jacob, do you have any interest in working on an implementation
> of the Web Authentication specification?
>
> - Sam
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-dev/attachments/20170222/bbdb7d83/attachment.html>
More information about the webkit-dev
mailing list