Adds support for the WebAuthn largeBlob client authenticator extension. This extension allows relying parties to store opaque data associated with a credential.
Low, this is a new feature that's already part of the editor's draft [1] for WebAuthn. [1] https://w3c.github.io/webauthn/#sctn-large-blob-extension
WebAuthn is already an asynchronous API with a "long" time to get a response (in the order of seconds) since it needs user interaction. Adding this feature will not impact the "normal" webauthn flow. For relying parties (i.e. websites) using it, it won't significantly affect performance.
This feature can't be polyfilled since it relies on hardware support. Effectively the feature only exposes three methods as parameters on webauthn request options: querying for support, writing, and reading blobs. Integration with existing frameworks exercising webauthn should be straightforward.
The implementation requires compressing and uncompressing arbitrary data. This is done in the data decoder service [1], which runs in a sandboxed process. This implementation feature was security-reviewed [2]. [1] https://source.chromium.org/chromium/chromium/src/+/master:services/data_decoder/gzipper.h [2] https://chromium-review.googlesource.com/c/chromium/src/+/2464011
We are planning to slowly introduce this feature into the ecosystem to gather feedback.
None
Developers can use the devtools webauthn tab to debug this feature. https://developers.google.com/web/tools/chrome-devtools/webauthn
This feature will be supported on mac, linux, windows < 10 19h1, & chrome os. Windows >= 10 19h1 blocks access to authenticators through low-level APIs and relies on a high-level API that does not support this feature at the moment. Similarly, the android webauthn implementation relies on a higher level API that does not support this feature.