> According to the W3C TAG, calling native apps from the Web should be
> abolished. Effectively WebAuthn is the only endorsed way to securely
> authenticate over the Web.
>
Interesting, do you have a reference you might share?
> Equally problematic is the Mobile to Desktop/Web interface where the W3C
> concluded that using WebAuthn + the device-specific cloud service + BLE
> (aka CABLE) is the way to go. I suggested years ago using NFC to deliver
> secure URLs but the Web-NFC folks claimed that there is no valid use case
> so for those who do not buy into WebAuthn, clunky and phishing-vulnerable
> QR code is the only universal alternative. NFC has subsequently (and
> logically) been removed from the PC concept altogether.
>
I doubt the platform vendors would try to create things like CaBLE if NFC
or BLE would work on their own. While NFC is prevalent in mobile phones,
support in desktops/laptops/tablets is decidedly less so. Bluetooth stacks
are unfortunately very inconsistent (as are bluetooth antenna placements
and underlying hardware) which is the source of both technical limitations
and practical (aka battery-related) limitations.
-DW
--
_CONFIDENTIALITY NOTICE: This email may contain confidential and privileged
material for the sole use of the intended recipient(s). Any review, use,
distribution or disclosure by others is strictly prohibited. If you have
received this communication in error, please notify the sender immediately
by e-mail and delete the message and any file attachments from your
computer. Thank you._