Intent to Ship: Web Authentication

1249 views
Skip to first unread message

J.C. Jones

unread,
Dec 5, 2017, 3:45:17 PM12/5/17
to dev-pl...@lists.mozilla.org, Taubert, Tim
Summary: Support public key cryptographic authentication devices
through Web Authentication.

Web Authentication is backward compatible with FIDO U2F second-factor
tokens, and also supports more advanced capabilities in future FIDO
2.0 devices. We intend to ship support for USB-connected FIDO U2F
devices initially, with other transports and FIDO 2.0 device support
to follow in 2018.

Tracking bug: https://bugzilla.mozilla.org/show_bug.cgi?id=webauthn

Spec: https://www.w3.org/TR/webauthn/

(Note that the latest working draft,
https://www.w3.org/TR/2017/WD-webauthn-20171205/, is considered by the
WG to be feature complete, and no more normative changes are
anticipated.)

Estimated target release: 60

Preference behind which this is implemented:
security.webauth.webauthn

DevTools support:
N/A

Support by other browser engines:
- Blink: In-progress [1]
- Edge: In-progress [2]
- Webkit: No public announcements

Testing:
Mochitests in-tree; https://webauthn.io/; https://webauthn.bin.coffee/
; Web Platform Tests in-progress


Cheers,
J.C. Jones and Tim Taubert

[1] https://www.chromestatus.com/feature/5669923372138496
[2] https://msdn.microsoft.com/en-us/library/mt697638(v=vs.85).aspx

Jonathan Watt

unread,
Dec 6, 2017, 9:23:55 AM12/6/17
to J.C. Jones, dev-pl...@lists.mozilla.org, Taubert, Tim
This is really awesome and a significant advance on other 2FA solutions. I've
been looking forward to us shipping this. Thank you for all your hard work!

Jonathan Watt

unread,
Dec 6, 2017, 9:23:59 AM12/6/17
to J.C. Jones, dev-pl...@lists.mozilla.org, Taubert, Tim
This is really awesome and a significant advance on other 2FA solutions. I've
been looking forward to us shipping this. Thank you for all your hard work!

On 05/12/2017 20:44, J.C. Jones wrote:

James Graham

unread,
Dec 6, 2017, 12:25:40 PM12/6/17
to dev-pl...@lists.mozilla.org
On 05/12/17 20:44, J.C. Jones wrote:
> Summary: Support public key cryptographic authentication devices
> through Web Authentication.

This sounds pretty cool!

> Testing:
> Mochitests in-tree; https://webauthn.io/; https://webauthn.bin.coffee/
> ; Web Platform Tests in-progress

Are the web-platform-tests going to be done before we ship?

For my information, what was missing from wpt that meant you had to
write mochitests? (I don't doubt that there are good reasons, it's just
understanding what they are helps shape future work).

J.C. Jones

unread,
Dec 6, 2017, 6:24:05 PM12/6/17
to James Graham, dev-pl...@lists.mozilla.org
On Wed, Dec 6, 2017 at 10:24 AM, James Graham <ja...@hoppipolla.co.uk>
wrote:

> Are the web-platform-tests going to be done before we ship?
>

I hope so, though as-of-now no one from Mozilla is contributing to the
web-platform-tests [1]. Originally some FIDO Alliance-associated folk were
going to take the lead on them, but I've not been tracking it.


> For my information, what was missing from wpt that meant you had to write
> mochitests? (I don't doubt that there are good reasons, it's just
> understanding what they are helps shape future work).
>

I think most everything except the tests for tab-switch and maybe some of
the more exotic cross-origin behaviors can move to web-platform-tests, and
I hope that our existing mochitest logic can be mostly ported over there.
The only reason for not doing these as web-platform-tests to begin with was
cross-company communication inefficiencies. I fully expect this to be
remedied in 2018.

[1] https://github.com/w3c/web-platform-tests/tree/master/webauthn
Reply all
Reply to author
Forward
0 new messages