search

AlfioEmanueleFresta / xdg-credentials-portal

FIDO2 (WebAuthn) and FIDO U2F platform library for Linux written in Rust; includes a proposal for a new D-Bus Portal interface for FIDO2, accessible from Flatpak apps and Snaps 🔑
GNU Lesser General Public License v2.1
367 stars 13 forks source link

relationship to authenticator-rs? #37

Open Be-ing opened 1 year ago

Be-ing commented 1 year ago

I'm confused what this project's relationship is, if any, with authenticator-rs. If I understand correctly, this project started by using authenticator-rs, but reimplemented USB HID support without it, and now this project also supports BLE? It seems that authenticator-rs development has stalled for a while and it only supports USB HID on Linux.

IIUC, this project aims to be a Linux-specific abstraction over the various hardware protocols for FIDO passkeys whereas authenticator-rs aims to be a cross-platform abstraction over different OS APIs? In that case, would it make sense for authenticator-rs to replace its Linux backend to use this project? Also, I think it would be helpful to rename libwebauthn to something platform-specific like webauthn-linux.

msirringhaus commented 1 year ago

Just a quick note: Development of authenticator-rs has not stalled, but is pretty active, albeit on a different branch at the moment. Which is why the graphs don't show it. A merge to main should happen soon-ish. It is however still true that it currently only supports USB on Linux. It does cross-platform over different OS APIs, but the goal (at least my goal) is to also implement different transport protocols like NFC, etc. in the future. It is somewhat unfortunate that this repo was created in a period where authenticator-rs development was indeed stalled, otherwise we potentially could have joined forces here.

AlfioEmanueleFresta commented 1 year ago

Thanks for reaching out @Be-ing, @msirringhaus. Sorry for the delay, as I was on a OSS hiatus due to work commitments.

My priorities have now shifted towards Passkeys. Specifically, allowing the use of passkeys created on other devices such as Android or iOS phones, via the CABLE v2 draft spec, already implemented by Chrome, Windows Hello, and Mac Keychain.

I'm more interested in developing Linux platform APIs and UX akin to Windows Hello, or Android Credentials Manager, rather than the authenticator communication library itself. It is indeed true that I started this project whilst authenticator-rs progress on CTAP2 was stalled, but I am happy to reconsider switching to authenticator-rs for the CTAP2/HID implementation.

My vision is that, similarly to other platforms, applications need not to bring their own FIDO2 implementation, or need hardware permissions, but can delegate to the platform via APIs. The platform would provide UI to the user allowing thm to select which device (eg. a local authenticator, a remote passkey), or passkey sync service (eg. Bitwarden, Google Password Manager, etc.) to use to satisfy the request.

@msirringhaus I'd like to learn more about any plans for Passkeys you might have and how we can collaborate. I'd love to join forces and we could benefit from sharing code (e.g. starting with adopting a common interface for ctap-types). Feel free to reach out to me via email if of any interest.