- From: Emil Lundberg <emil@yubico.com>
- Date: Tue, 5 Mar 2019 15:35:55 +0100
- To: Robert Lee <robert@loveathome.us>, W3C Web Authn WG <public-webauthn@w3.org>
- Message-ID: <CANMnvkzE6+bE5E+b3rc_r+T69v-6o8Myz4-RReMnQCYT_x_JqQ@mail.gmail.com>
Hi, thanks for your interest in WebAuthn! I don't know what can be inferred passively from user agent strings and the like, but I'll bounce this on to the public discussion list at public-webauthn@w3c.org. What I do know exists is the `isUserVerifyingPlatformAuthenticatorAvailable()` method [1] in the WebAuthn API. This method will return `true `if there is a platform authenticator capable of some kind of user verification (UV). It won't let you detect every platform authenticator, but I would guess that most platform authenticators do support some kind of UV, most often a fingerprint reader. I hope that helps, and I hope others on the maillist can provide more information about other methods of capability detection. [1]: https://www.w3.org/TR/2019/REC-webauthn-1-20190304/#isUserVerifyingPlatformAuthenticatorAvailable /Emil On Tue, 5 Mar 2019 at 14:10 Robert Lee <robert@loveathome.us> wrote: > Greetings, > > I'm working on an effort to support Webauthn for an online application. > To capture opportunity size, I'd like to be able to determine what > percentage of my current customers could support a Webauthn registration. > As a starting point, I'm wanting to target "platform authenticator" enabled > devices (like android 7+, windows 10, osx with touchbar), etc. > > What are the current best ways to measure this? Is it required do query > every visitor directly, or is it something that could potentially be > gleaned from user agent strings or other signatures? > > Thank you, > > Robert > -- Emil Lundberg Software Developer | Yubico <http://www.yubico.com/>
Received on Tuesday, 5 March 2019 14:36:31 UTC