W3C home > Mailing lists > Public > public-webauthn@w3.org > January 2017

WebAuthn WD-02 implemented in Firefox Nightly

From: J.C. Jones <jc@mozilla.com>
Date: Thu, 12 Jan 2017 17:46:47 -0700
Message-ID: <CAObDDPCjZ2i6B7wTWnZa5V4ERWuNAywmKGkZULxw4DGE3GQp1A@mail.gmail.com>
To: W3C WebAuthn WG <public-webauthn@w3.org>
All,

Firefox Nightly has our implementation of the WD-02 draft of WebAuthn
backed by a U2F soft-token available for experimentation. It's using the
U2F formats I described by email last month in "Mapping out the U2F
Attestation Format".

There's a debug tool online at https://webauthn.bin.coffee/ that prints the
objects out upon testing.

To experiment with it, you'll need to use a copy of Nightly from this
week (available
here, scroll down
<https://www.mozilla.org/en-US/firefox/channel/desktop/?v=a>), then
navigate to "about:config" and search for "*webauth*". You need to *enable*
the preferences '*security.webauth.w3c'* and '
*security.webauth.u2f_enable_softtoken*' (note, the second one will change
to '*security.webauth.webauthn_enable_softtoken*' in a few days).

Caveat:
* The "relaxing the same-origin policy" functionality is not yet
implemented, due to the ongoing discussions. It's just a stub that isn't
doing the right things security-wise - yet!

I don't have much public for testing / experimentation with the outputs;
I'll have something similar to https://u2f.bin.coffee/ as soon as I can,
though.


Happy hacking,
J.C.
Received on Friday, 13 January 2017 00:47:40 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 11:25:15 UTC