FIDO2 and AppID Facets
Shane Weeden
I have a reasonable understanding of the current processing guidelines around same-origin-with-ancestors, but wondered if there was any specific reason (maybe privacy concerns for the user) for abandoning the facets approach.
Rolf Lindemann
Hi Shane,
> I noticed that WebAuthn and FIDO2 make no reference to the facets spec (https://fidoalliance.org/specs/fido-u2f-v1.2-ps-20170411/fido-appid-and-facets-v1.2-ps-20170411.html) and that only U2F & UAF seem to be referenced.
That is correct. In FIDO2/Web Authentication we leave the AppID/FacetID mapping task to the platform.
See here for an example of how android maps Apps to web sites: https://developers.google.com/identity/smartlock-passwords/android/associate-apps-and-sites.
> I guess one approach is to have a common IDP/OP and register via WebAuthn there, then do federation to all the other branded sites
Yes, that is the current way to do it.
There was a proposal made to use Feature Policy for that purpose, see https://github.com/w3c/webauthn/issues/374#issuecomment-291761341.
But for the immediate future the federation approach is the way to handle such case.
Kind regards,
Rolf
--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+u...@fidoalliance.org.
To post to this group, send email to fido...@fidoalliance.org.
Visit this group at https://groups.google.com/a/fidoalliance.org/group/fido-dev/.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/7d40d7f2-8369-480f-9df8-5b1df26633ab%40fidoalliance.org.