mikewest
commented
3 years ago Hello, Mozillians! https://groups.google.com/a/chromium.org/g/blink-dev/c/Vfg2o0peyYg/m/Vp0h8i5VBQAJ obliquely notes that the WebAuthn folks in Chrome have had a hard time finding the right folks to talk to at Mozilla about WebAuthn2 (in that case the credBlob extension, but this position request points to some other bits). If y'all have feedback on that work generally, I'd be quite interested in hearing it!
jschanck
Request for Mozilla Position on an Emerging Web Specification
Other information
This is a request for a position on the Web Authentication Level 2 AuthenticatorSelectionCriteria.residentKey property, and the credProps extension.
The WebAuthn Level 2 spec adds an enum-valued residentKey property to the AuthenticatorSelectionCriteria dictionary. Two values of that enum, "discouraged" and "required", correspond exactly to the boolean values of the requireResidentKey property from the Level 1 spec. The third, middle value ("preferred") lets the RP express that the browser should try to create a client-side discoverable credential (also known as "resident key"), but that it may fall back to a non-discoverable credential if the authenticator presented by the user doesn't support it (e.g. a U2F/CTAP1 security key).
The credProps extension (https://w3c.github.io/webauthn/#credprops) is used to report back to the website whether the newly created credential is in fact client-side discoverable or not. This is useful to know if the website requested residentKey="preferred".
Chrome Platform Status entry: https://chromestatus.com/feature/5701094648840192