W3C home > Mailing lists > Public > public-webauthn@w3.org > March 2021

Re: [EXTERNAL] Re: Implementation report for WebAuthn 2 needs an update

From: Akshay Kumar <Akshay.Kumar@microsoft.com>
Date: Tue, 30 Mar 2021 18:57:24 +0000
To: Adam Langley <agl@google.com>, Philippe Le Hégaret <plh@w3.org>
CC: W3C Web Authn WG <public-webauthn@w3.org>, Jiewen Tan <jiewen_tan@apple.com>, Ricky Mondello <rmondello@apple.com>, Daniel Veditz <dveditz@mozilla.com>
Message-ID: <DM6PR21MB12289F6AA9558CD106527039867D9@DM6PR21MB1228.namprd21.prod.outlook.com>
Edge's implementation is same as of chrome.

-Akshay


________________________________
From: Adam Langley <agl@google.com>
Sent: Tuesday, March 30, 2021 11:32 AM
To: Philippe Le Hégaret <plh@w3.org>
Cc: W3C Web Authn WG <public-webauthn@w3.org>; Jiewen Tan <jiewen_tan@apple.com>; Ricky Mondello <rmondello@apple.com>; Daniel Veditz <dveditz@mozilla.com>
Subject: [EXTERNAL] Re: Implementation report for WebAuthn 2 needs an update

On Tue, Mar 30, 2021 at 10:42 AM Philippe Le Hegaret <plh@w3.org<mailto:plh@w3.org>> wrote:
> Tested in
> https://github.com/web-platform-tests/wpt/blob/master/webauthn/createcredential-getpublickey.https.html<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fweb-platform-tests%2Fwpt%2Fblob%2Fmaster%2Fwebauthn%2Fcreatecredential-getpublickey.https.html&data=04%7C01%7CAkshay.Kumar%40microsoft.com%7Cd51ac137b0314eda857608d8f3aa6d75%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637527260602201648%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=3OUn0JcSKTz4cp80kr%2BEf4oQx1b422uLFeDY1FcPwDE%3D&reserved=0>
> <https://github.com/web-platform-tests/wpt/blob/master/webauthn/createcredential-getpublickey.https.html<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fweb-platform-tests%2Fwpt%2Fblob%2Fmaster%2Fwebauthn%2Fcreatecredential-getpublickey.https.html&data=04%7C01%7CAkshay.Kumar%40microsoft.com%7Cd51ac137b0314eda857608d8f3aa6d75%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637527260602211650%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=%2FaehkDXK5YgiZDUifcGjVgzZ2dcsjLW6EJidPs2Bdpk%3D&reserved=0>>

Same, no implementation outside Chrome/Edge.

I noticed that the test wasn't looking at getTransports but it is
supported in Chrome/Edge. I checked that one manually as well and
arrived to the same conclusion.

We can add a WPT for getTransports if useful.

Also found no progress from Firefox or WebKit on getTransports:
  https://bugzilla.mozilla.org/show_bug.cgi?id=1536155<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.mozilla.org%2Fshow_bug.cgi%3Fid%3D1536155&data=04%7C01%7CAkshay.Kumar%40microsoft.com%7Cd51ac137b0314eda857608d8f3aa6d75%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637527260602211650%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=PzAIIcl%2FwMgqeKanBGdejw5JnaFyzgezGSZTBrWgfeg%3D&reserved=0>
  https://bugs.webkit.org/show_bug.cgi?id=204807<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugs.webkit.org%2Fshow_bug.cgi%3Fid%3D204807&data=04%7C01%7CAkshay.Kumar%40microsoft.com%7Cd51ac137b0314eda857608d8f3aa6d75%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637527260602221640%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=WT9YYBD7%2Bz1vh6SPR%2Bl7gE6KXucuO9l6tfEfwrCy%2B1Q%3D&reserved=0>

>     New Enterprise Attestation, Apple Attestation
>
>
> Not covered in WPTs.

Are we aware of implementations?

Chrome implements enterprise attestation as of Chrome 90, but I'm not aware of any publicly obtainable authenticators that support it.

Apple's attestation is implemented by iOS and macOS.

It looks like the results from wpt.fyi won't be enough of a story so we
need more information to complete the implementation experience [1]. It
could be that Google and Edge don't share much of the code anyway for
example. Or that no difficulties are foreseen by other implementors and
they just didn't get around those functions.

I don't know how much Edge's implementation differs from Chrome: I only know Chrome's implementation I'm afraid.


Cheers

AGL
Received on Tuesday, 30 March 2021 18:57:41 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:43 UTC