Re: Proposed API extension for Fido U2F devices

On 02/04/2014 10:41 PM, Juan Lang wrote:
> Hi folks,
> I'm aware that hardware-backed keys are out of scope for the current 
> round of WebCrypto work, so I don't expect this to be ready for 
> standardization for some time. Nevertheless, I've got a proposed 
> extension to WebCrypto to support Fido Alliance (fidoalliance.org 
> <http://fidoalliance.org>) universal second factor (U2F) devices:
> https://docs.google.com/a/chromium.org/document/d/1EEFAMIYNqZ7XHCntghD9meJwKgNOX7ZN-jl5LJQxOVQ/edit#
>
> I apologize that the proposal may lack some context, like, just what 
> is a U2F device, and what language does it speak? I promise update it 
> with pointers to public docs once they are made public. In the 
> meantime, I'll act as a poor substitute by answering questions myself, 
> either in the doc or in email.
>
> I'd appreciate any feedback you might have. Thanks very much,
> --Juan

I haven't had to look at this in detail, but upon first look it seems 
sensible. The general direction is one that the W3C is actively 
interested in. While this would be outside the current charter, we will 
re-charter the Working Group once the current version of WebCrypto (at 
earliest) has exited Last Call and working with FIDO Alliance would 
likely be mutually beneficial.

     cheers,
       harry

Received on Sunday, 9 February 2014 10:04:56 UTC