Re: [w3ctag/design-reviews] SMS Receiver API (#391) from sam goto on 2020-02-12 (public-webapps-github@w3.org from February 2020)

From: sam goto <notifications@github.com>
Date: Tue, 11 Feb 2020 16:57:27 -0800
To: w3ctag/design-reviews <design-reviews@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3ctag/design-reviews/issues/391/584955640@github.com>

Hey all, just wanted to cross post [this](https://groups.google.com/a/chromium.org/d/msg/blink-dev/Drmmb_t4eE8/uBeH2_BcAwAJ) here and report back on how things are developing here on my side.

===

Hey all,

   Just wanted to report back on the progress we made here in this API since we initially proposed and to give a sense of where we are at.

   We recently ran an [origin trial](https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/-bdqHhCyBwM/yFoKtQQRAQAJ) with fairly good results giving us confidence about the space. Generally, origin trial participants were happy with the cost / benefit trade-off and were able to measure / quantify the impact of the adoption of the API in their user base.

   We found (from internal reviewers, partners and other browser vendors), however, that we could tighten up the security/privacy/ux properties of the feature (while still capturing most of the desirable use cases) if we constrained the API to a specific use case, namely fetching one time passwords.  

   With that in mind, we have been working towards reshaping the API from a lower level SMS transport mechanism to a higher level OTP fetching mechanism, constraining its usage but tightening up privacy/security and UX, which seemed like the right trade off to us.

   We cleaned up our [explainer](https://github.com/samuelgoto/WebOTP/blob/master/README.md) to reflect that as well as a [draft of a spec](http://samuelgoto.github.io/WebOTP) (go easy on this one, really drafty :)), as well as renamed from SMS Receiver API to WebOTP API to reflect the intent, as well as have implementation well under way. 

   Having said all that, we are planning to send an intent to ship momentarily once we wrap things up, so we could use eyeballs sanity checking and making sure we didn't let anything else fall through the cracks.

   Thanks,

   Sam

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/391#issuecomment-584955640

Received on Wednesday, 12 February 2020 00:57:40 UTC