[webkit-dev] Request for position: Support using WebOTP API in cross-origin iframes

Yi Gu yigu at chromium.org
Fri Mar 26 06:03:35 PDT 2021


Dear WebKit folks,

We (Chromium) are adding support to use WebOTP API <http://web.dev/web-otp>in
cross-origin iframes. As part of that we're interested in WebKit opinions
around this API.

In general WebKit and Chromium agree on the SMS format that is used in a
SMS verification process. The specification
<https://wicg.github.io/sms-one-time-codes> editors are from Apple and
Google. On the format front, WebKit raised the initial request
<https://github.com/WICG/sms-one-time-codes/issues/4> of using
sms-one-time-code in nested frames to support third party or a separate
service run by the same party. Cross-origin iframe support was included in
the launch of the declarative API.
<https://developer.apple.com/news/?id=z0i801mg>

The difference is that Chromium uses this SMS format in an imperative API
and that is WebOTP. WebKit's position in this API was "neutral" when we
first launched it in M84. We'd like to get your fresh opinion around this
API and the support in cross-origin iframes.

Some useful links:
Chrome Platform Status
<https://www.chromestatus.com/feature/5679508336148480>
Specification <https://wicg.github.io/web-otp/#sctn-permissions-policy>
Design doc
<https://docs.google.com/document/d/1dR-5-1O3SqAbQCRj_cBaQ7nQD5YlWzExcusmPcO2Xqs/edit?usp=sharing>
TAG <https://github.com/w3ctag/design-reviews/issues/604>

Cheers

Yi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-dev/attachments/20210326/db6dd5b2/attachment.htm>


More information about the webkit-dev mailing list