<div dir="ltr">Chrome ships with a built-in extension that exposes the high-level API (which I think we all agree is a hack). We recently had <a href="https://groups.google.com/a/chromium.org/d/msg/blink-dev/wfIVkXvQ7kQ/VfuOr_FhBwAJ">this discussion</a> about the right path forward here, and agreed that we should instead <a href="https://groups.google.com/a/chromium.org/forum/#!searchin/blink-dev/u2f%7Csort:relevance/blink-dev/qCJhuuZH5p0/le6l1t37AQAJ">focus our efforts</a> on the <a href="https://w3c.github.io/webauthn/">Web Authentication API</a> instead, since it seemed much more likely to be something that would become interoperable between browsers.<div><br></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Feb 22, 2017 at 3:46 PM, Sam Weinig <span dir="ltr"><<a href="mailto:weinig@apple.com" target="_blank">weinig@apple.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word"><span class=""><br><div><blockquote type="cite"><div>On Feb 22, 2017, at 5:52 AM, Jacob Greenfield <<a href="mailto:xales@naveria.com" target="_blank">xales@naveria.com</a>> wrote:</div><br class="m_8510688780965587118Apple-interchange-newline"><div><div>I’m working on adding support to WebKit for FIDO U2F (JS API: <a href="https://fidoalliance.org/specs/fido-u2f-v1.1-id-20160915/fido-u2f-javascript-api-v1.1-id-20160915.html" target="_blank">https://fidoalliance.org/<wbr>specs/fido-u2f-v1.1-id-<wbr>20160915/fido-u2f-javascript-<wbr>api-v1.1-id-20160915.html</a> Architecture overview: <a href="https://fidoalliance.org/specs/fido-u2f-v1.1-id-20160915/fido-u2f-overview-v1.1-id-20160915.html" target="_blank">https://fidoalliance.org/<wbr>specs/fido-u2f-v1.1-id-<wbr>20160915/fido-u2f-overview-v1.<wbr>1-id-20160915.html</a> ). The FIDO U2F specification allows a secure second factor to be used during authentication flow, with bidirectional verification (token verifies server, server verifies token and token’s knowledge of a specific private key). There are current implementations in Chrome, Opera, and Blink (Firefox). I’m primarily interested in bringing support to Safari, so that is the focus what I am currently working on.<br></div></div></blockquote><div><br></div></div></span><div>Hi Jacob, and welcome to WebKit.</div><div><br></div><div>I went looking for how to use the feature in Chrome and Firefox (I assume you meant Gecko (Firefox), not Blink (Firefox)) I’m a little confused as to how this feature is exposed in the other browsers. On the topic of the low-level MessagePort API, section 3 states “This specification does not describe how such a port is made available to RP web pages, as this is (for now) implementation and browser dependent” (<a href="https://fidoalliance.org/specs/fido-u2f-v1.1-id-20160915/fido-u2f-javascript-api-v1.1-id-20160915.html#api-levels" target="_blank">https://fidoalliance.org/<wbr>specs/fido-u2f-v1.1-id-<wbr>20160915/fido-u2f-javascript-<wbr>api-v1.1-id-20160915.html#api-<wbr>levels</a>). Similarly, for the high-level API, it states in section 3.2, “Implementations may choose how to make such an API available to RP web pages. If such an API is provided, it should provide a namespace object u2f of the following interface" (<a href="https://fidoalliance.org/specs/fido-u2f-v1.1-id-20160915/fido-u2f-javascript-api-v1.1-id-20160915.html#high-level-javascript-api" target="_blank">https://fidoalliance.org/<wbr>specs/fido-u2f-v1.1-id-<wbr>20160915/fido-u2f-javascript-<wbr>api-v1.1-id-20160915.html#<wbr>high-level-javascript-api</a>).</div><div><br></div><div>Do you have insight into how either of these APIs are exposed in other browsers? How do you plan on exposing them in WebKit?</div><div><br></div><div>I should say, generally, I am concerned with APIs that leave important details like how the APIs are exposed to the implementation, as they lead to non-interoperable implementations. </div><div><br></div><div>Thanks,</div><div>- Sam</div><div><br></div></div><br>______________________________<wbr>_________________<br>
webkit-dev mailing list<br>
<a href="mailto:webkit-dev@lists.webkit.org">webkit-dev@lists.webkit.org</a><br>
<a href="https://lists.webkit.org/mailman/listinfo/webkit-dev" rel="noreferrer" target="_blank">https://lists.webkit.org/<wbr>mailman/listinfo/webkit-dev</a><br>
<br></blockquote></div><br></div>