<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div></div><div>In that case, I agree that it does not make much sense to implement the FIDO U2F API.</div><div><br></div><div>I would definitely be interested in working on Web Authentication for WebKit. Rick - I think collaborating with people working on Chromium and Edge would be great.</div><div><br></div><div>Thanks!</div><div><br></div><div>- Jacob Greenfield</div><div><br>On Feb 22, 2017, at 18:13, Rick Byers &lt;<a href="mailto:rbyers@chromium.org">rbyers@chromium.org</a>&gt; wrote:<br><br></div><blockquote type="cite"><div><div dir="ltr">As I understand, there's active development going on in both chromium and Edge for Web Authentication right now.&nbsp; I'm sure those folks would love to collaborate with someone working in WebKit (and I'm happy to make introductions).</div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Feb 22, 2017 at 6:08 PM, Sam Weinig <span dir="ltr">&lt;<a href="mailto:weinig@apple.com" target="_blank">weinig@apple.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word"><div><div class="h5"><br><div><blockquote type="cite"><div>On Feb 22, 2017, at 1:22 PM, Ryosuke Niwa &lt;<a href="mailto:rniwa@webkit.org" target="_blank">rniwa@webkit.org</a>&gt; wrote:</div><br class="m_-9105233053174353009Apple-interchange-newline"><div><div dir="ltr">On Wed, Feb 22, 2017 at 12:56 PM, Rick Byers <span dir="ltr">&lt;<a href="mailto:rbyers@chromium.org" target="_blank">rbyers@chromium.org</a>&gt;</span> wrote:<br><div><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div dir="ltr">Chrome ships with a built-in extension that exposes the high-level API (which I think we all agree is a hack).&nbsp; We recently had <a href="https://groups.google.com/a/chromium.org/d/msg/blink-dev/wfIVkXvQ7kQ/VfuOr_FhBwAJ" target="_blank">this discussion</a> about the right path forward here, and agreed that we should instead <a href="https://groups.google.com/a/chromium.org/forum/#!searchin/blink-dev/u2f%7Csort:relevance/blink-dev/qCJhuuZH5p0/le6l1t37AQAJ" target="_blank">focus our efforts</a> on the <a href="https://w3c.github.io/webauthn/" target="_blank">Web Authentication API</a>&nbsp;instead, since it seemed much more likely to be something that would become interoperable between browsers.</div></blockquote><div><br></div><div>Boris's comment in the referenced thread&nbsp;<span style="font-family:arial,helvetica,sans-serif">makes me think that we should just implement&nbsp;<a href="https://w3c.github.io/webauthn/" target="_blank">https://w3c.github.<wbr>io/webauthn/</a> if any:</span><div><br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><span style="font-family:arial,helvetica,sans-serif;font-size:13px">1) [Gecko/Firefox] have an implementation of the FIDO U2F API behind a pref so people&nbsp;<br></span><span style="font-family:arial,helvetica,sans-serif;font-size:13px">can experiment with it.&nbsp;</span><br style="font-family:arial,helvetica,sans-serif;font-size:13px"><span style="font-family:arial,helvetica,sans-serif;font-size:13px">2)&nbsp;</span><span style="font-family:arial,helvetica,sans-serif;font-size:13px">[Gecko/Firefox]</span><span style="font-family:arial,helvetica,sans-serif;font-size:13px">&nbsp;plan to ship the API being developed at&nbsp;<br></span><a href="https://w3c.github.io/webauthn/" rel="nofollow" style="color:rgb(102,17,204);margin:0px;padding:0px;border:0px;text-decoration:none;font-family:arial,helvetica,sans-serif;font-size:13px" target="_blank">https://w3c.github.io/webauthn<wbr>/</a><span style="font-family:arial,helvetica,sans-serif;font-size:13px">&nbsp;once it stabilizes.&nbsp;</span><br style="font-family:arial,helvetica,sans-serif;font-size:13px"><span style="font-family:arial,helvetica,sans-serif;font-size:13px">&gt; 3)&nbsp;</span><span style="font-family:arial,helvetica,sans-serif;font-size:13px">[Gecko/Firefox]</span><span style="font-family:arial,helvetica,sans-serif;font-size:13px">&nbsp;have no plans to ship the FIDO U2F API, now or in the future.&nbsp;</span></blockquote><div><br></div><div>As such, I don't think we should be implementing FIDO U2F API on trunk.</div><div><br></div><div class="gmail_extra"><div class="m_-9105233053174353009gmail_signature">- R. Niwa</div><div class="m_-9105233053174353009gmail_signature"><br></div></div></div></div></div></div></div></div>
</div></blockquote></div><br></div></div><div>Given that data, I agree with Ryosuke, and adding an implementing of the FIDO&nbsp;<font face="arial, helvetica, sans-serif" size="2">U2F API doesn’t seem&nbsp;like a great fit for WebKit.</font></div><div><font face="arial, helvetica, sans-serif" size="2"><br></font></div><div><font face="arial, helvetica, sans-serif" size="2">That said, Jacob, do you have any interest in working on an&nbsp;implementation of the&nbsp;Web Authentication&nbsp;specification?</font></div><span class="HOEnZb"><font color="#888888"><div><font face="arial, helvetica, sans-serif" size="2"><br></font></div><div><font face="arial, helvetica, sans-serif" size="2">- Sam</font></div><div>&nbsp;</div></font></span></div></blockquote></div><br></div>
</div></blockquote></body></html>