> According to the W3C TAG, calling native apps from the Web should be > abolished. Effectively WebAuthn is the only endorsed way to securely > authenticate over the Web. > Interesting, do you have a reference you might share? > Equally problematic is the Mobile to Desktop/Web interface where the W3C > concluded that using WebAuthn + the device-specific cloud service + BLE > (aka CABLE) is the way to go. I suggested years ago using NFC to deliver > secure URLs but the Web-NFC folks claimed that there is no valid use case > so for those who do not buy into WebAuthn, clunky and phishing-vulnerable > QR code is the only universal alternative. NFC has subsequently (and > logically) been removed from the PC concept altogether. > I doubt the platform vendors would try to create things like CaBLE if NFC or BLE would work on their own. While NFC is prevalent in mobile phones, support in desktops/laptops/tablets is decidedly less so. Bluetooth stacks are unfortunately very inconsistent (as are bluetooth antenna placements and underlying hardware) which is the source of both technical limitations and practical (aka battery-related) limitations. -DW -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
Received on Friday, 18 March 2022 20:53:53 UTC