Websites can and do get credentials from mobile wallet apps through a variety of mechanisms today (custom URL handlers, QR code scanning, etc.). This Web Platform feature would allow sites to request identity information from wallets via Android's IdentityCredential CredMan system. It is extensible to support multiple credential formats (eg. ISO mDoc and W3C verifiable credential) and allows multiple wallet apps to be used. Mechanisms are being added to help reduce the risk of ecosystem-scale abuse of real-world identity (see https://docs.google.com/document/u/1/d/1L68tmNXCQXucsCV8eS8CBd_F9FZ6TNwKNOaFkA8RfwI/edit).
There are multiple standards efforts involved here. We have been working with WebKit and Mozilla in the WICG on defining this specific API. But the greater interoperability risk will come from the data that is sent and returned via this API. Details of that are still in discussions but mostly driven outside the web browser community in the OpenID Foundation (eg. OpenID4VP: https://openid.net/specs/openid-4-verifiable-presentations-1_0.html) and ISO (18013-7 "mdoc": https://www.iso.org/standard/82772.html)
There's a possibility that these credentials will be used alongside other types of credentials in the future - such as optionally minting a passkey when a digital credential is used to sign up for a site, or by allowing sign-up with either a digital credential or a federated credential via FedCM. As such we argued it was best to put this work in the context of the Credential Management API, and hence the support is added in 'navigator.identity.get() API .
The primary activation concern is enabling existing deployments using technology like OpenID4VP to be able to also support this API. As such we have left the request protocol unspecified at this layer, to be specified along with existing request protocols to maximize activation opportunity.
See https://github.com/WICG/digital-credentials/blob/main/horizontal-reviews/security-privacy.md and https://github.com/WICG/digital-credentials/issues/115
Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications?
I'd like to request permission to extend an OT for this API. The experiment has been running for Android only so far, but in the meanwhile: 1- There has been progress on the spec https://wicg.github.io/digital-credentials/ and it is expected to graduate to the FedID WG soon. 2- We have added Desktop cross-device support. Therefore, we are requesting the extension.
None
None necessary - just new JS API. For testing we may want to add a developer option to provide a fake wallet (as for the devtools fake authenticator for WebAuthn), but this is not urgent.
Android and Desktop Only
https://wpt.fyi/results/digital-credentials?label=master&label=experimental&aligned
Origin trial desktop first | 134 |
Origin trial desktop last | 139 |
Origin trial extension 1 end milestone | 139 |
Origin trial Android first | 128 |
Origin trial Android last | 133 |
DevTrial on Android | 119 |
Hi Sam,
Can you clarify what milestones you're requesting the extension
for? Is it 134 to 139?
I see evidence of substantial progress which is great, but an OT can only be renewed for up to 3 milestones.
thanks,
Mike
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/6786814c.2b0a0220.1b83ac.051d.GAE%40google.com.
Thanks - LGTM to extend from M134 to M136.
Hi Mike,
Thank you for the prompt response, and I am sorry for the confusion, I thought an extension for up to 6 milestones is possible.
The OT expires in 133, so I would like to extend it to 136.
Thank you,Mohamed
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.