[webkit-dev] Implementing Universal Second Factor (U2F)

Jacob Greenfield xales at naveria.com
Thu Feb 23 08:06:49 PST 2017


In that case, I agree that it does not make much sense to implement the FIDO U2F API.

I would definitely be interested in working on Web Authentication for WebKit. Rick - I think collaborating with people working on Chromium and Edge would be great.

Thanks!

- Jacob Greenfield

> On Feb 22, 2017, at 18:13, Rick Byers <rbyers at chromium.org> wrote:
> 
> As I understand, there's active development going on in both chromium and Edge for Web Authentication right now.  I'm sure those folks would love to collaborate with someone working in WebKit (and I'm happy to make introductions).
> 
>> On Wed, Feb 22, 2017 at 6:08 PM, Sam Weinig <weinig at apple.com> wrote:
>> 
>>> On Feb 22, 2017, at 1:22 PM, Ryosuke Niwa <rniwa at webkit.org> wrote:
>>> 
>>>> On Wed, Feb 22, 2017 at 12:56 PM, Rick Byers <rbyers at chromium.org> wrote:
>>>> Chrome ships with a built-in extension that exposes the high-level API (which I think we all agree is a hack).  We recently had this discussion about the right path forward here, and agreed that we should instead focus our efforts on the Web Authentication API instead, since it seemed much more likely to be something that would become interoperable between browsers.
>>> 
>>> Boris's comment in the referenced thread makes me think that we should just implement https://w3c.github.io/webauthn/ if any:
>>> 
>>>> 1) [Gecko/Firefox] have an implementation of the FIDO U2F API behind a pref so people 
>>>> can experiment with it. 
>>>> 2) [Gecko/Firefox] plan to ship the API being developed at 
>>>> https://w3c.github.io/webauthn/ once it stabilizes. 
>>>> > 3) [Gecko/Firefox] have no plans to ship the FIDO U2F API, now or in the future. 
>>> 
>>> As such, I don't think we should be implementing FIDO U2F API on trunk.
>>> 
>>> - R. Niwa
>>> 
>> 
>> Given that data, I agree with Ryosuke, and adding an implementing of the FIDO U2F API doesn’t seem like a great fit for WebKit.
>> 
>> That said, Jacob, do you have any interest in working on an implementation of the Web Authentication specification?
>> 
>> - Sam
>>  
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-dev/attachments/20170223/3ed97a45/attachment.html>


More information about the webkit-dev mailing list