[webauthn] Support for non-browser applications (#1407)

dolda2000 has just created a new issue for https://github.com/w3c/webauthn:

== Support for non-browser applications ==
I realize this might fall outside the scope of WebAuthn proper, but I think some sort of standard authentication API that works outside the context of a web browser is required if 2FA is to truly take off.

Speaking for my own situation just to provide a concrete case, I maintain a service that needs to be accessed through a Java application. Account registration and the like takes place on a website, but the main service cannot/shouldn't run in a browser, and needs to authenticate with a server. I'd like to use 2FA (or even just a software authenticator) if possible, but the lack of a standard way to access such services keeps me from doing so, and I cannot imagine I'm the only one in a similar situation.

I do realize that the CTAP specification has standardized protocols for USB/Bluetooth/NFC, but realistically I think individual implementations should be kept modular in such a way that not every program that wants to use them needs to reimplement each one and every future hardware protocol, not to mention the fact that raw USB/Bluetooth/NFC access is not available in many programming environments, including Java (at least in a standardized manner).

I imagine this would entail a central library with a standardized API, which in turn would enumerate (in a platform-specific manner, of course) available authenticator plugins, including both those that use 2FA hardware, and those that implement some local software authentication, and proxy requests between the application program and the authenticator plugin.

I was expecting something like this to already be available or at least in planning phases, but searching around I have found nothing. Apologies for the noise if I'm just being blind.

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1407 using your GitHub account

Received on Friday, 17 April 2020 01:40:28 UTC