[webkit-dev] Request for position: WebAuthn support for credBlob and minimum PIN length

Adam Langley agl at chromium.org
Wed Mar 24 11:43:46 PDT 2021 

Dear WebKit folks,

We (Chromium) are fleshing out our support for WebAuthn Level Two
<https://www.w3.org/TR/webauthn/> and CTAP 2.1
<https://fidoalliance.org/specs/fido-v2.1-rd-20210309/fido-client-to-authenticator-protocol-v2.1-rd-20210309.html>
(the
corresponding protocol between devices and security keys).

As part of that we're interested in any WebKit opinions about the following:


CTAP 2.1 credBlob extension
<https://fidoalliance.org/specs/fido-v2.1-rd-20210309/fido-client-to-authenticator-protocol-v2.1-rd-20210309.html#sctn-credBlob-extension>
 (Intent thread
<https://groups.google.com/a/chromium.org/g/blink-dev/c/Vfg2o0peyYg/m/Vp0h8i5VBQAJ>
, platform status entry <https://chromestatus.com/feature/5541178411843584>
):

This is a bytestring stored by the authenticator, just like the user
handle, but a separate value. Microsoft plan to use it in mixed web/native
contexts to store the hash of some externally-provided information in order
to authenticate it.

(This only involves an IDL change in Chromium due to the way that we
implemented authenticator extensions, it might not need code changes in
WebKit.)


Minimum PIN lengths
<https://fidoalliance.org/specs/fido-v2.1-rd-20210309/fido-client-to-authenticator-protocol-v2.1-rd-20210309.html#sctn-feature-descriptions-minPinLength>
(not
yet the subject of an Intent to Ship):

This allows enterprises to configure a minimum PIN length greater than the
default value of four. It  also involves an extension
<https://fidoalliance.org/specs/fido-v2.1-rd-20210309/fido-client-to-authenticator-protocol-v2.1-rd-20210309.html#sctn-minpinlength-extension>
to
report, to the enterprise, what minimum is in effect. The extension will
involve IDL changes in Chromium for the same reason, and our PIN-related
management UIs would have to be updated to respect the configured minimum.


Cheers

AGL
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-dev/attachments/20210324/fee69e02/attachment.htm>

More information about the webkit-dev mailing list