Hi Emanuele,
My feeling is that RPs will transition from FIDO as a second factor,
i.e. username + password + test of user presence, to FIDO as a strong
authentication, i.e. username + device passphrase, for roaming
authenticators alongside username-less for platform authenticators. This
way, RPs can change their authentication flow step by steps without ever
requiring the user to register again their FIDO devices.
Resident keys only enables username-less authentication. You do not need
it at all for passwordless authentication. Also you can still have
multiple accounts per device without resident keys just like U2F did.
Resident keys will be useful for platform authenticator and bring a
really fluid authentication flow. But roaming authenticators will still
have a low limit of the total number of resident credentials it can hold
to the point I believe it won't be really practical: it will be limited
to enterprise usage like logging in on a device. I assume that RPs will
have to support both username and username-less authentication flows.
On the side of browsers, by the end of next month, all major browsers on
Windows 10, Edge, Chrome and Firefox, will support the WebAuthn API
provided by Windows 10 1809 and higher. As a result, all of them should
support resident keys at the same time. It is also my understanding that
Google had partially working code for resident keys, but it is currently
too buggy and deactivated.
Best regards,
> <mailto:
emanuel...@gmail.com>>
> --
> You received this message because you are subscribed to the Google
> Groups "FIDO Dev (fido-dev)" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to
fido-dev+u...@fidoalliance.org
> <mailto:
fido-dev+u...@fidoalliance.org>.
> To post to this group, send email to
fido...@fidoalliance.org
> <mailto:
fido...@fidoalliance.org>.
> Visit this group at
>
https://groups.google.com/a/fidoalliance.org/group/fido-dev/.
> To view this discussion on the web visit
>
https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/FB352146-0D64-4185-8C8A-307D56F9AB84%40gmail.com
> <
https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/FB352146-0D64-4185-8C8A-307D56F9AB84%40gmail.com?utm_medium=email&utm_source=footer>.
--
Thomas Duboucher