Intent to Implement and Ship: WebAuthn getPublicKey[Algorithm]() and getAuthenticatorData()

Adam Langley

unread,

May 26, 2020, 1:25:13 PM5/26/20

to blink-dev

(This is exactly the same as this thread from 10 minutes ago, but now with the previously missing first letter of "Intent" in the subject, so that scripts will notice it.)

Contact emails a...@chromium.org Explainer https://w3c.github.io/webauthn/#sctn-public-key-easy Design docs/spec Specification: https://w3c.github.io/webauthn/#sctn-public-key-easy TAG review No. Only minor API change. Summary The draft of WebAuthn level two includes accessors that save sites from having to parse CBOR and COSE in order to use security keys. This status entry covers implementation of these accessors in Chromium. Motivation CBOR and COSE are somewhat obscure at this time and there's no need for most sites to have to worry about them as the browser is capable of translating them into more standard formats. Risks

Interoperability and Compatibility
Only new functions getting added.

Firefox: Public support (https://github.com/w3c/webauthn/pull/1395)

(J.C. reviewed spec PR.)

Edge: No public signals
Safari: No public signals
Web developers: No signals

Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?

Android support will come later. Android WebView does not support security key interactions due to the need to authenticate the calling site.

Is this feature fully tested by web-platform-tests?

Yes WPT included in CL: https://chromium-review.googlesource.com/c/chromium/src/+/2204087 Tracking bug https://bugs.chromium.org/p/chromium/issues/detail?id=1083301 Link to entry on the Chrome Platform Status https://chromestatus.com/feature/5102556109864960

Mike West

unread,

May 28, 2020, 3:15:49 PM5/28/20

to blink-dev

LGTM1.

(Note: We should add a CBOR parser to the web at some point. :) )

-mike

Chris Harrelson

unread,

May 28, 2020, 3:16:55 PM5/28/20

to Mike West, blink-dev

LGTM2

--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/d1e2c796-f35a-4b68-be22-9dabc60177bf%40chromium.org.

sligh...@chromium.org

unread,

May 28, 2020, 3:23:39 PM5/28/20

to blink-dev, mk...@chromium.org

LGTM3 with a hearty second to Mike's point. I'd very much like to see a modern CBOR parser/serializer in the platform given how it's use seems to be proliferating.

Regards

LGTM2

To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.

Reply all

Reply to author

Forward