[webauthn] Unwanted Browser Dependencies (#1638)

cyberphone has just created a new issue for https://github.com/w3c/webauthn:

== Unwanted Browser Dependencies ==
Bear with me, I have limited insights in how FIDO and Browsers cooperate with the exception of the WebAuthn API.

Anyway, based on public information and practical tests, it appears hard/impossible avoiding separate enrollments for each browser.  This will most certainly affect the interest using "alternative" browsers.

In case Google's SPC pans out, this problem gets worse.

Some kind of workaround seems to be required.

<hr>

In an alternative to SPC, FIDO Web Pay (FWP), the intent is that the "wallet" eventually becomes a part of the _client platform_ rather than the browser.  This arrangement offers some benefits including:
- Making it easier for alternative browser vendors adopting the FWP system since they would not have to build a copy of FWP themselves; a thin wrapper would suffice.
- Relieving users from having to enroll payment credentials for each browser they want to use.
- Limiting the number of systems to certify in the case certification becomes a requirement.
- Opens the door to usage by native applications which may be needed for enabling reuse of payment credentials at Point-of-Sale (PoS) terminals.

@dveditz @jcjones 

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1638 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Friday, 2 July 2021 06:52:30 UTC