<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="" applecontenteditable="true"><br class=""><div><blockquote type="cite" class=""><div class="">On Feb 22, 2017, at 1:22 PM, Ryosuke Niwa <<a href="mailto:rniwa@webkit.org" class="">rniwa@webkit.org</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class="">On Wed, Feb 22, 2017 at 12:56 PM, Rick Byers <span dir="ltr" class=""><<a href="mailto:rbyers@chromium.org" target="_blank" class="">rbyers@chromium.org</a>></span> wrote:<br class=""><div class=""><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div dir="ltr" class="">Chrome ships with a built-in extension that exposes the high-level API (which I think we all agree is a hack). We recently had <a href="https://groups.google.com/a/chromium.org/d/msg/blink-dev/wfIVkXvQ7kQ/VfuOr_FhBwAJ" target="_blank" class="">this discussion</a> about the right path forward here, and agreed that we should instead <a href="https://groups.google.com/a/chromium.org/forum/#!searchin/blink-dev/u2f%7Csort:relevance/blink-dev/qCJhuuZH5p0/le6l1t37AQAJ" target="_blank" class="">focus our efforts</a> on the <a href="https://w3c.github.io/webauthn/" target="_blank" class="">Web Authentication API</a> instead, since it seemed much more likely to be something that would become interoperable between browsers.</div></blockquote><div class=""><br class=""></div><div class="">Boris's comment in the referenced thread <span style="font-family:arial,helvetica,sans-serif" class="">makes me think that we should just implement <a href="https://w3c.github.io/webauthn/" class="">https://w3c.github.io/webauthn/</a> if any:</span><div class=""><br class=""><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><span style="font-family:arial,helvetica,sans-serif;font-size:13px" class="">1) [Gecko/Firefox] have an implementation of the FIDO U2F API behind a pref so people <br class=""></span><span style="font-family:arial,helvetica,sans-serif;font-size:13px" class="">can experiment with it. </span><br style="font-family:arial,helvetica,sans-serif;font-size:13px" class=""><span style="font-family:arial,helvetica,sans-serif;font-size:13px" class="">2) </span><span style="font-family:arial,helvetica,sans-serif;font-size:13px" class="">[Gecko/Firefox]</span><span style="font-family:arial,helvetica,sans-serif;font-size:13px" class=""> plan to ship the API being developed at <br class=""></span><a href="https://w3c.github.io/webauthn/" target="_blank" rel="nofollow" style="color:rgb(102,17,204);margin:0px;padding:0px;border:0px;text-decoration:none;font-family:arial,helvetica,sans-serif;font-size:13px" class="">https://w3c.github.io/<wbr class="">webauthn/</a><span style="font-family:arial,helvetica,sans-serif;font-size:13px" class=""> once it stabilizes. </span><br style="font-family:arial,helvetica,sans-serif;font-size:13px" class=""><span style="font-family:arial,helvetica,sans-serif;font-size:13px" class="">> 3) </span><span style="font-family:arial,helvetica,sans-serif;font-size:13px" class="">[Gecko/Firefox]</span><span style="font-family:arial,helvetica,sans-serif;font-size:13px" class=""> have no plans to ship the FIDO U2F API, now or in the future. </span></blockquote><div class=""><br class=""></div><div class="">As such, I don't think we should be implementing FIDO U2F API on trunk.</div><div class=""><br class=""></div><div class="gmail_extra"><div class="gmail_signature">- R. Niwa</div><div class="gmail_signature"><br class=""></div></div></div></div></div></div></div></div>
</div></blockquote></div><br class=""><div class="">Given that data, I agree with Ryosuke, and adding an implementing of the FIDO <font face="arial, helvetica, sans-serif" size="2" class="">U2F API doesn’t seem like a great fit for WebKit.</font></div><div class=""><font face="arial, helvetica, sans-serif" size="2" class=""><br class=""></font></div><div class=""><font face="arial, helvetica, sans-serif" size="2" class="">That said, Jacob, do you have any interest in working on an implementation of the Web Authentication specification?</font></div><div class=""><font face="arial, helvetica, sans-serif" size="2" class=""><br class=""></font></div><div class=""><font face="arial, helvetica, sans-serif" size="2" class="">- Sam</font></div><div class=""> </div></body></html>