Open micolous opened 1 year ago
Thanks for reaching out @micolous!
I didn't know about your project and it looks great! I'd love to spend some looking into kanidm and thinking about how it compares to libwebauthn, but I already really like what the kanidm team has done in terms of compliance/compat testing.
I'll reach out on gitter to discuss this further :)
Hi,
I've been working on Kanidm's Webauthn Authenticator library, which has a lot of overlap with the work you're doing with
libwebauthn
; some of which is probably interesting to you.Kanidm's library has a low level interface (for passing CTAP messages) and high level interface (for platform level stuff). The high level interface (which has a lot of overlap with your "future plans") currently has a SoftToken, and bindings for Mozilla's authenticator-rs (which I'm planning to replace) and Windows' WebAuthn API. There's someone currently writing bindings for macOS' Passkey API; and a future
xdg-credential-platform
would be an ideal target for that.On the low-level side (which is where most of the
libwebauthn
overlap is), I'm currently building up a more complete implementation to allow us to replace Mozilla's authenticator-rs library. At the moment that targets FIDO 2.0/2.1 via NFC (via PC/SC) and USB HID (via hidapi) transports, with a view to eventually supporting BLE (and probably caBLE) in a similar (cross-platform) way.Kanidm's WebAuthn (not just authenticators) library also has a bunch of compatibility tests, because it seems many things are broken in fun and exciting ways (authenticators, browsers, clients, platforms...) or just not implemented at all; and the specifications often leave a lot to be desired (or are plain wrong).
The goal with all that is to be able to provide a portable WebAuthn implementation that can be used anywhere, not just in browsers or on websites.
We normally lurk on https://gitter.im/kanidm/community if you want to say hi. π