Re: going though comments from 2.2.6 Accessible Authentication and new wording.

Hi Lisa,

> Also firefox seem to be quite advanced in their webauth implementation (see https://wiki.mozilla.org/Security/CryptoEngineering#Web_Authentication) and looking though the wg minuets it seems Edge also has implementation (https://blogs.windows.com/msedgedev/2016/04/12/a-world-without-passwords-windows-hello-in-microsoft-edge/) - there may be better links but these seem to show that enough features are implemented to meet our needs for conformance to our SC.

I think you are confusing ‘implemented’ and available, Chrome has implemented and released the features, but the others have not. They have also not committed to when those features will be released. I would expect 2018, but if they hit issues, perhaps not.


> Where do you see that it is experimental? looking at your link I could just find the following: "Web Authentication API SUPPORTED Build Number 14291+ "

Where it says: “As of EdgeHTML 14, the implementation is prefixed”

For us to rely on an implementation (i.e. accessibility support) there needs to be something there.

NB: I’m much less concerned by things like adding-icons or adjusting text, but this is about security.



> You can  use multi-factor identification with Bluetooth or generate a RC code (on the browser)

That’s not a web-standard method, I went through how those options are expensive here:
https://lists.w3.org/Archives/Public/w3c-wai-gl/2017OctDec/0722.html


We need a standardised method, and even then it does not cover 2 factors!
-Alastair

Received on Tuesday, 19 December 2017 16:03:21 UTC