- From: David Waite via GitHub <sysbot+gh@w3.org>
- Date: Mon, 05 Apr 2021 10:18:44 +0000
- To: public-webauthn@w3.org
@Mikescops with the example of an application, lets call it AsteriskAsterisk. There is a desire to authenticate access with WebAuthn. The existing model would be. - A web-based version may have an RPID based on its hosting, perhaps "asteriskasterisk.com" - PWA functionality which allows that web version to behave like an installed application would use the same RPID of "asteriskasterisk.com" - A native application on android or windows would use a RPID of "asteriskasterisk.com" (after some sort of application linking to the domain to whitelist the native apps) - A CLI version, if the platform allows direct usage of a FIDO authenticator or if it uses the same OS-level whitelisting above, would use the RPID of "asteriskasterisk.com" - A browser extension should therefore be defined to use a RPID of (you guessed it) "asteriskasterisk.com". I assume the password manager use case is to use platform and roaming authenticators to gate access to the password vault - do you see a reason this model would not work with such an application? A custom URL scheme of browser extensions will mostly not be standardized to be consistent - among other things, this would require them to all identify the author of the extension in the same manner. Without standardization, any custom url scheme is internal and subject to differ by tons of different factors - browser, browser release stream, extension via store vs direct download vs development, even the filesystem path of the local sandboxing container. This variance would break the ability to use the existing credential created by whichever RPID it was originally created against - you have a roaming authenticator, but it will not necessarily work when you actually roamed to a machine with a different os/browser/extension combo. -- GitHub Notification of comment by dwaite Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1372#issuecomment-813323658 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 5 April 2021 10:18:46 UTC