It is a little bit odd that an organization claiming to be "open" doesn't openly discuss fundamental features like Native Messaging before committing resources to such projects.
https://bugzilla.mozilla.org/show_bug.cgi?id=1267362#c7
FWIW, I'm continuing with the approach that was published on related W3C and Mozilla lists more than a year ago.
Apple have effectively taken this route as well although they only target a single application, Apple Pay for the Web:
https://github.com/w3c/websec/issues/91#issuecomment-235160950
BTW, Apple Pay features an innovative solution for getting away from security questions that users don't understand which in short is that Merchants must prove to the App that they belong to the Apple Payment Network before it starts. This process is entirely transparent for end-users.
Anders
https://github.com/cyberphone/web2native-bridge