- From: David Waite via GitHub <sysbot+gh@w3.org>
- Date: Thu, 05 Sep 2019 03:07:22 +0000
- To: public-webauthn@w3.org
> in an ideal world any Fido key would work with any iOS app via HID and a simple lightning to USB-A adaptor like the cámara connector kit. Of course, there are several platforms already which go beyond this and abstract the interface for communicating with CTAP endpoints - both for security reasons as well as to expose any platform authenticators. Examples would include Windows Hello and the `Fido2ApiClient` class in Android. On these platforms, a typical app would only have an entitlement to request credentials for web domains that the app can 'prove' it is associated with. On an Apple platform for example, one might expect this to be done via a mechanism like the `.well-known/apple-app-site-association` resource. On platforms which expose such APIs, there also is usually an entitlement for apps which require the ability to request credentials against all domains (such as web browsers) The reason I point this out here is that such platforms may not consider alternative transports to be under the same API or be restricted the same way in use. An authenticator using MFi IAP for instance already has a mechanism in case where the vendor restricts which apps have access to the accessory. Even in the presence of platform support which would never use the "lightning" transport, advertising availability of such a transport may still provide value. -- GitHub Notification of comment by dwaite Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1294#issuecomment-528177115 using your GitHub account
Received on Thursday, 5 September 2019 03:07:25 UTC