[Webkit-unassigned] [Bug 217929] New: Feature Request: Ability to store secrets protected by Face ID and Touch ID
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Oct 19 16:30:58 PDT 2020
https://bugs.webkit.org/show_bug.cgi?id=217929
Bug ID: 217929
Summary: Feature Request: Ability to store secrets protected by
Face ID and Touch ID
Product: WebKit
Version: Safari 14
Hardware: All
OS: All
Status: NEW
Severity: Enhancement
Priority: P2
Component: WebKit Misc.
Assignee: webkit-unassigned at lists.webkit.org
Reporter: rob at agilebits.com
This article sparked some chatter here at 1Password: https://webkit.org/blog/11312/meet-face-id-and-touch-id-for-the-web/. I've been anticipating this capability for a while and am excited it's here. I'd love to see the WebKit team take biometry one step further.
At 1Password, "signing in" is not just authentication. We need to derive an encryption key to decrypt your secrets. In the native apps, we've been able to unlock using just Face ID or Touch ID because of the access to the device's keychain. But at this point, Face ID and Touch ID on the web are restricted to authentication only, WebAuthn specifically.
We'd be very interested in seeing a biometry API that afforded decryption capabilities. A basic implementation might be something like a domain-scoped keychain where a secret could be stored and retrieved. Or perhaps just an API that would allow encrypting and decrypting, and the data could be stored in local storage or on a server.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20201019/499a0470/attachment.htm>
More information about the webkit-unassigned
mailing list