[Webkit-unassigned] [Bug 217929] New: Feature Request: Ability to store secrets protected by Face ID and Touch ID

Mon Oct 19 16:30:58 PDT 2020

https://bugs.webkit.org/show_bug.cgi?id=217929

            Bug ID: 217929
           Summary: Feature Request: Ability to store secrets protected by
                    Face ID and Touch ID
           Product: WebKit
           Version: Safari 14
          Hardware: All
                OS: All
            Status: NEW
          Severity: Enhancement
          Priority: P2
         Component: WebKit Misc.
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: rob at agilebits.com

This article sparked some chatter here at 1Password: https://webkit.org/blog/11312/meet-face-id-and-touch-id-for-the-web/. I've been anticipating this capability for a while and am excited it's here. I'd love to see the WebKit team take biometry one step further.

At 1Password, "signing in" is not just authentication. We need to derive an encryption key to decrypt your secrets. In the native apps, we've been able to unlock using just Face ID or Touch ID because of the access to the device's keychain. But at this point, Face ID and Touch ID on the web are restricted to authentication only, WebAuthn specifically.

We'd be very interested in seeing a biometry API that afforded decryption capabilities. A basic implementation might be something like a domain-scoped keychain where a secret could be stored and retrieved. Or perhaps just an API that would allow encrypting and decrypting, and the data could be stored in local storage or on a server.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20201019/499a0470/attachment.htm>