W3C home > Mailing lists > Public > public-webauthn@w3.org > June 2019

Re: [webauthn] Pass through other assertion formats (#1232)

From: John Bradley via GitHub <sysbot+gh@w3.org>
Date: Fri, 07 Jun 2019 23:34:16 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-500070118-1559950455-sysbot+gh@w3.org>
My more basic question is who really needs this? 
The use case seems to be for phones that have UAF authenticators in ROE that someone wants to wrap a BLE transport around so the phone can be a CTAP2 authenticator for a desktop.

As I understand it all Android phones 7+ have Webauthn platform authenticators now and Google is in the process of adding CTAP over BLE and caBLE so that they can be remote authenticators.   So current Android phones don't really seem to fit this description. 

On iOS apple may take a bit longer to roll out their platform authenticator, so this might be a target.  However, all Fido authenticators on iOS are in software not in a ROE other than using the keychain.  Those could just as easily be updated to Fido2 native authenticators rather than doing this wraping.

I am left to conclude that we are talking about a small number of phones that may have UAF built in perhaps on Samsung?  But those would have to be pre android 7.  Anything later and the android platform is going to be doing Fido over BLE.  I don't even know if a non core OS app could also do Fido over BLE at the same time without breaking things.  

This seems a lot of work for potentially a small to non-existent number of devices.

Can someone point to a real example of a phone that would do this?
If not it seems a lot of work for a hypothetical problem.

John B.


-- 
GitHub Notification of comment by ve7jtb
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/1232#issuecomment-500070118 using your GitHub account
Received on Friday, 7 June 2019 23:34:18 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:37 UTC