- From: Dominique Hazael-Massieux <dom@w3.org>
- Date: Tue, 5 May 2020 18:12:37 +0200
- To: public-webauthn-adoption@w3.org
Hi all, Please find below the rough notes I took during our WebAuthn Adoption Community Group teleconference today. Two main conclusions emerged from the discussion: * W3C's impact in this space might be particularly relevant in the context of developers adoption given other efforts happening elsewhere (e.g. in FIDO) * a good way to support developers new to WebAuthn would be to set up a framework for showcasing how to adopt WebAuthn in various languages/frameworks, inspired by the approach of TODO-MWC. Bart has accepted to take the first steps on this based on the Shopify workflow and implementation experience. We're planning to meet on a bi-weekly basis - Doodle poll forthcoming to find a suitable slot. Dom Bill, Visa Andrew, FIDO Tony, Microsoft Bart de W: ruby library maintainer Comments on Google Doc: Good framework Fido has work on consumer deployment, enterprise deployment, marcomm this group should focus on work that could benefit broader w3c membership John: pick up priorities for W3C developers? Arshad: Android FIDO2 library, not based on Google's WebAuthn specification is daunting need to be simplified Bart: based on ruby experience struggle with JS side: U2F base64, not in WebAuthn => more complex in 2FA Tony: WebAuthn spec: meant for browser vendors RP side: no well-defined spec for them Arshad: that's a challenge to the ecosystem => shared tutorial for RPs targeted to e.g. fresh-person Andrew: isn't that already done? Arshad: but which to trust? should w3c curate a list? John: experience from workshops: switching from u/p to webauthn we need an "hello world", the basic approach to building webauthn Arshad: web development world has dozens of frameworks, programming language John: developers will adapt to their language Luke Walker has put together some really good tutorials Andrew: we've run workshops with Luke we've also run hackathons opened to the broader developer community, leading to the production of really good apps, with help from local teams Arshad: recommended wireframe, demonstrated in one language Bart: à la todo-mvc Arshad: right looking at various wireframes John: could challenge existing groups for these languages, as a friendly competition Tony: part of the challenge is the difference in what is implemented in browsers, e.g. resident credentials may require different wireframes to cover this all Bart: starting with 2FA would get the ball rolling support the idea server libraries have demo apps but having a single template app as a way to compare/contrast could help Luke: +1 - great way for people to dive in JS open source server library in high demand too Arshad: complete WebAuthn implementation? or conduit to a FIDO2 server? Luke: server-backend Arshad: ok, in node.js how-to build WebAuthn based on 1-3 wireframes what user stories/flows? we should cater to people with little understanding of the implicit fido2 flows Andrew: some of that is under way inside FIDO, incl user journeys for RPs is it needed for the wireframe? Arshad: it would help guide developers as the roadmap of what they need to build Andrew: FIDO UX work won't be available before a couple of months Arsahd: we should start with user stories - different workflows exist maybe start with Shopify's workflows? Bart: we have this documented; I can pull screenshots happy to contribute a ruby implementation Bill: loginwithfido.com might be a good starting point too Bart: we had discussions on the terminology (security keys vs authenticators) - brand recognition is important Bill: security key - no control on name / branding FIDO brand can help with that Bart: Apple having a platform authenticator Google Cable would be key to wide adoption Bart: I can work on screenshots by next week wireframes may need a bit more Dom: Meeting cadence? Bill: suggest every other week Dom: OK will send Doodle to figure out a good time for a recurrent meeting
Received on Tuesday, 5 May 2020 16:12:42 UTC