Web Authentication (webauthn) #2423

Closed
richardszalay opened this Issue Apr 12, 2016 · 25 comments

Comments

Projects
None yet
@richardszalay

Spec: http://w3c.github.io/webauthn/

Edge: Supports an early revision - vendor prefixed and currently restricted to Windows Hello (https://blogs.windows.com/msedgedev/2016/04/12/a-world-without-passwords-windows-hello-in-microsoft-edge/)
Chrome: ?
Firefox: ?

@richardszalay richardszalay changed the title from Web Authentication to Web Authentication (webauthn) Apr 12, 2016

@xtian

This comment has been minimized.

Show comment
Hide comment
@xtian

xtian Nov 18, 2016

Contributor

+1

Contributor

xtian commented Nov 18, 2016

+1

@williambanks

This comment has been minimized.

Show comment
Hide comment

bump

@equalsJeffH

This comment has been minimized.

Show comment
Hide comment
@equalsJeffH

equalsJeffH May 23, 2017

WebAuthn 5th working draft revision (WD-05) is an informal "implementors draft"
http://identitymeme.org/archives/2017/05/07/web-authentication-working-draft-rev-5-wd-05/

FYI: Intent to implement and ship: Web Authentication (Mozilla, 14 Nov 2016)
https://lists.w3.org/Archives/Public/public-webauthn/2016Nov/0177.html

Edge is implementing WD-05
https://lists.w3.org/Archives/Public/public-webauthn/2016Nov/0177.html

Intent to Implement: Web Authentication API for Chrome
https://groups.google.com/a/chromium.org/forum/#!searchin/blink-dev/authentication/blink-dev/qCJhuuZH5p0/le6l1t37AQAJ

WebAuthn 5th working draft revision (WD-05) is an informal "implementors draft"
http://identitymeme.org/archives/2017/05/07/web-authentication-working-draft-rev-5-wd-05/

FYI: Intent to implement and ship: Web Authentication (Mozilla, 14 Nov 2016)
https://lists.w3.org/Archives/Public/public-webauthn/2016Nov/0177.html

Edge is implementing WD-05
https://lists.w3.org/Archives/Public/public-webauthn/2016Nov/0177.html

Intent to Implement: Web Authentication API for Chrome
https://groups.google.com/a/chromium.org/forum/#!searchin/blink-dev/authentication/blink-dev/qCJhuuZH5p0/le6l1t37AQAJ

@Calico90

This comment has been minimized.

Show comment
Hide comment
@Calico90

Calico90 Jun 2, 2017

Contributor

+1 (and please add it in the Security category, not Other).

Contributor

Calico90 commented Jun 2, 2017

+1 (and please add it in the Security category, not Other).

@oskarer

This comment has been minimized.

Show comment
Hide comment
@dsanders11

This comment has been minimized.

Show comment
Hide comment

+1

@304NotModified

This comment has been minimized.

Show comment
Hide comment
Contributor

304NotModified commented Apr 11, 2018

@dstorey

This comment has been minimized.

Show comment
Hide comment
@dstorey

dstorey Apr 20, 2018

Contributor

This should probably replace FIDO1 that is currently on CanIUse… (WebAuth was originally FIDO2)

Contributor

dstorey commented Apr 20, 2018

This should probably replace FIDO1 that is currently on CanIUse… (WebAuth was originally FIDO2)

@304NotModified

This comment has been minimized.

Show comment
Hide comment
Contributor

304NotModified commented Apr 20, 2018

@equalsJeffH

This comment has been minimized.

Show comment
Hide comment
@equalsJeffH

equalsJeffH May 8, 2018

I would not replace https://caniuse.com/#feat=u2f with webauthn -- rather keep them both. at some point chrome will deprecate u2f but that will not be occurring right away.

It would really be nice to get webauthn aka "Web Authentication" to be listed on CanIUse, pretty please :)

I would not replace https://caniuse.com/#feat=u2f with webauthn -- rather keep them both. at some point chrome will deprecate u2f but that will not be occurring right away.

It would really be nice to get webauthn aka "Web Authentication" to be listed on CanIUse, pretty please :)

@mkurz

This comment has been minimized.

Show comment
Hide comment
@mkurz

mkurz May 8, 2018

Contributor

+1

Contributor

mkurz commented May 8, 2018

+1

@abergs

This comment has been minimized.

Show comment
Hide comment
@abergs

abergs May 9, 2018

Yes we need to get webauthn up there.

abergs commented May 9, 2018

Yes we need to get webauthn up there.

@Fyrd

This comment has been minimized.

Show comment
Hide comment
Owner

Fyrd commented May 10, 2018

Now available at https://caniuse.com/#feat=webauthn

@Fyrd Fyrd closed this May 10, 2018

@dstorey

This comment has been minimized.

Show comment
Hide comment
@dstorey

dstorey May 10, 2018

Contributor

@fryd This isn't correct. Edge supports WebAuth since EdgeHTML13, just with an earlier draft syntax.
You can see for example the HTML5Test detection that keys off the old syntax http://html5test.com/compare/feature/security.authentication.html
The version of the spec we supported was webauthn-20170216

Contributor

dstorey commented May 10, 2018

@fryd This isn't correct. Edge supports WebAuth since EdgeHTML13, just with an earlier draft syntax.
You can see for example the HTML5Test detection that keys off the old syntax http://html5test.com/compare/feature/security.authentication.html
The version of the spec we supported was webauthn-20170216

@dstorey

This comment has been minimized.

Show comment
Hide comment
@dstorey

dstorey May 10, 2018

Contributor

…while EdgeHTML18 has just been updated to support the final syntax and remove the old one.

Contributor

dstorey commented May 10, 2018

…while EdgeHTML18 has just been updated to support the final syntax and remove the old one.

@Fyrd

This comment has been minimized.

Show comment
Hide comment
@Fyrd

Fyrd May 10, 2018

Owner

@dstorey Thanks, will update. Do you expect it to no longer be behind a flag for EdgeHTML18?

Owner

Fyrd commented May 10, 2018

@dstorey Thanks, will update. Do you expect it to no longer be behind a flag for EdgeHTML18?

@dstorey

This comment has been minimized.

Show comment
Hide comment
@dstorey

dstorey May 10, 2018

Contributor

The final version won't be behind a flag in 18. The current version using Navigator.authentication et al isn't behind a flag already (which is why HTML5test picks it up)

Contributor

dstorey commented May 10, 2018

The final version won't be behind a flag in 18. The current version using Navigator.authentication et al isn't behind a flag already (which is why HTML5test picks it up)

@dstorey

This comment has been minimized.

Show comment
Hide comment
@dstorey

dstorey May 10, 2018

Contributor

sorry, I meant msCredentials on window. There have been so many versions :D I think navigator.authentication might be behind a flag in Edge17. Will need to test

Contributor

dstorey commented May 10, 2018

sorry, I meant msCredentials on window. There have been so many versions :D I think navigator.authentication might be behind a flag in Edge17. Will need to test

@Fyrd

This comment has been minimized.

Show comment
Hide comment
@Fyrd

Fyrd May 10, 2018

Owner

Okay, well let me know what you think of how it appears now, feel free to submit a PR with any corrections if necessary. :)

Owner

Fyrd commented May 10, 2018

Okay, well let me know what you think of how it appears now, feel free to submit a PR with any corrections if necessary. :)

@dstorey

This comment has been minimized.

Show comment
Hide comment
@dstorey

dstorey May 10, 2018

Contributor

I think the other versions should be at least partial, as a prefixed enabled version is partially implemented. Functionality wise they're the same.

Contributor

dstorey commented May 10, 2018

I think the other versions should be at least partial, as a prefixed enabled version is partially implemented. Functionality wise they're the same.

@chris-morgan

This comment has been minimized.

Show comment
Hide comment
@chris-morgan

chris-morgan May 11, 2018

For completeness: it’s been available in Firefox via the security.webauth.webauthn flag since 57. (It was there in 56, but comparatively useless as U2F support hadn’t landed yet, so it was soft tokens only, if I recall correctly.)

For completeness: it’s been available in Firefox via the security.webauth.webauthn flag since 57. (It was there in 56, but comparatively useless as U2F support hadn’t landed yet, so it was soft tokens only, if I recall correctly.)

@dstorey

This comment has been minimized.

Show comment
Hide comment
@dstorey

dstorey May 11, 2018

Contributor

This should also probably cover if U2F and/or biometrics too. Not sure what the other browsers support.

Contributor

dstorey commented May 11, 2018

This should also probably cover if U2F and/or biometrics too. Not sure what the other browsers support.

@equalsJeffH

This comment has been minimized.

Show comment
Hide comment
@equalsJeffH

equalsJeffH May 14, 2018

I would not replace https://caniuse.com/#feat=u2f with webauthn -- rather keep them both. at some point chrome and firefox will deprecate u2f but that will not be occurring right away.

It would really be nice to get webauthn aka "Web Authentication" to be listed on CanIUse, pretty please :)

I would not replace https://caniuse.com/#feat=u2f with webauthn -- rather keep them both. at some point chrome and firefox will deprecate u2f but that will not be occurring right away.

It would really be nice to get webauthn aka "Web Authentication" to be listed on CanIUse, pretty please :)

@304NotModified

This comment has been minimized.

Show comment
Hide comment
@304NotModified

304NotModified May 14, 2018

Contributor

It would really be nice to get webauthn aka "Web Authentication" to be listed on CanIUse, pretty please :)

It's already online? #2423 (comment)

Contributor

304NotModified commented May 14, 2018

It would really be nice to get webauthn aka "Web Authentication" to be listed on CanIUse, pretty please :)

It's already online? #2423 (comment)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment