<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div></div><div>In that case, I agree that it does not make much sense to implement the FIDO U2F API.</div><div><br></div><div>I would definitely be interested in working on Web Authentication for WebKit. Rick - I think collaborating with people working on Chromium and Edge would be great.</div><div><br></div><div>Thanks!</div><div><br></div><div>- Jacob Greenfield</div><div><br>On Feb 22, 2017, at 18:13, Rick Byers <<a href="mailto:rbyers@chromium.org">rbyers@chromium.org</a>> wrote:<br><br></div><blockquote type="cite"><div><div dir="ltr">As I understand, there's active development going on in both chromium and Edge for Web Authentication right now. I'm sure those folks would love to collaborate with someone working in WebKit (and I'm happy to make introductions).</div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Feb 22, 2017 at 6:08 PM, Sam Weinig <span dir="ltr"><<a href="mailto:weinig@apple.com" target="_blank">weinig@apple.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word"><div><div class="h5"><br><div><blockquote type="cite"><div>On Feb 22, 2017, at 1:22 PM, Ryosuke Niwa <<a href="mailto:rniwa@webkit.org" target="_blank">rniwa@webkit.org</a>> wrote:</div><br class="m_-9105233053174353009Apple-interchange-newline"><div><div dir="ltr">On Wed, Feb 22, 2017 at 12:56 PM, Rick Byers <span dir="ltr"><<a href="mailto:rbyers@chromium.org" target="_blank">rbyers@chromium.org</a>></span> wrote:<br><div><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div dir="ltr">Chrome ships with a built-in extension that exposes the high-level API (which I think we all agree is a hack). We recently had <a href="https://groups.google.com/a/chromium.org/d/msg/blink-dev/wfIVkXvQ7kQ/VfuOr_FhBwAJ" target="_blank">this discussion</a> about the right path forward here, and agreed that we should instead <a href="https://groups.google.com/a/chromium.org/forum/#!searchin/blink-dev/u2f%7Csort:relevance/blink-dev/qCJhuuZH5p0/le6l1t37AQAJ" target="_blank">focus our efforts</a> on the <a href="https://w3c.github.io/webauthn/" target="_blank">Web Authentication API</a> instead, since it seemed much more likely to be something that would become interoperable between browsers.</div></blockquote><div><br></div><div>Boris's comment in the referenced thread <span style="font-family:arial,helvetica,sans-serif">makes me think that we should just implement <a href="https://w3c.github.io/webauthn/" target="_blank">https://w3c.github.<wbr>io/webauthn/</a> if any:</span><div><br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><span style="font-family:arial,helvetica,sans-serif;font-size:13px">1) [Gecko/Firefox] have an implementation of the FIDO U2F API behind a pref so people <br></span><span style="font-family:arial,helvetica,sans-serif;font-size:13px">can experiment with it. </span><br style="font-family:arial,helvetica,sans-serif;font-size:13px"><span style="font-family:arial,helvetica,sans-serif;font-size:13px">2) </span><span style="font-family:arial,helvetica,sans-serif;font-size:13px">[Gecko/Firefox]</span><span style="font-family:arial,helvetica,sans-serif;font-size:13px"> plan to ship the API being developed at <br></span><a href="https://w3c.github.io/webauthn/" rel="nofollow" style="color:rgb(102,17,204);margin:0px;padding:0px;border:0px;text-decoration:none;font-family:arial,helvetica,sans-serif;font-size:13px" target="_blank">https://w3c.github.io/webauthn<wbr>/</a><span style="font-family:arial,helvetica,sans-serif;font-size:13px"> once it stabilizes. </span><br style="font-family:arial,helvetica,sans-serif;font-size:13px"><span style="font-family:arial,helvetica,sans-serif;font-size:13px">> 3) </span><span style="font-family:arial,helvetica,sans-serif;font-size:13px">[Gecko/Firefox]</span><span style="font-family:arial,helvetica,sans-serif;font-size:13px"> have no plans to ship the FIDO U2F API, now or in the future. </span></blockquote><div><br></div><div>As such, I don't think we should be implementing FIDO U2F API on trunk.</div><div><br></div><div class="gmail_extra"><div class="m_-9105233053174353009gmail_signature">- R. Niwa</div><div class="m_-9105233053174353009gmail_signature"><br></div></div></div></div></div></div></div></div>
</div></blockquote></div><br></div></div><div>Given that data, I agree with Ryosuke, and adding an implementing of the FIDO <font face="arial, helvetica, sans-serif" size="2">U2F API doesn’t seem like a great fit for WebKit.</font></div><div><font face="arial, helvetica, sans-serif" size="2"><br></font></div><div><font face="arial, helvetica, sans-serif" size="2">That said, Jacob, do you have any interest in working on an implementation of the Web Authentication specification?</font></div><span class="HOEnZb"><font color="#888888"><div><font face="arial, helvetica, sans-serif" size="2"><br></font></div><div><font face="arial, helvetica, sans-serif" size="2">- Sam</font></div><div> </div></font></span></div></blockquote></div><br></div>
</div></blockquote></body></html>