On 2022-03-18 21:52, David Waite wrote: > > According to the W3C TAG, calling native apps from the Web should be abolished. Effectively WebAuthn is the only endorsed way to securely authenticate over the Web. > > > Interesting, do you have a reference you might share? I have many but why not take a more recent and to this discussion highly related example: https://github.com/w3ctag/design-reviews/issues/675#issuecomment-964273692 This, IMO pretty disastrous fact, didn't even render a response. Thanx, Anders > Equally problematic is the Mobile to Desktop/Web interface where the W3C concluded that using WebAuthn + the device-specific cloud service + BLE (aka CABLE) is the way to go. I suggested years ago using NFC to deliver secure URLs but the Web-NFC folks claimed that there is no valid use case so for those who do not buy into WebAuthn, clunky and phishing-vulnerable QR code is the only universal alternative. NFC has subsequently (and logically) been removed from the PC concept altogether. > > > I doubt the platform vendors would try to create things like CaBLE if NFC or BLE would work on their own. While NFC is prevalent in mobile phones, support in desktops/laptops/tablets is decidedly less so. Bluetooth stacks are unfortunately very inconsistent (as are bluetooth antenna placements and underlying hardware) which is the source of both technical limitations and practical (aka battery-related) limitations. > > -DW > > /CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you./
Received on Saturday, 19 March 2022 07:17:00 UTC