search

w3c / secure-payment-confirmation

Secure Payment Confirmation (SPC)
https://w3c.github.io/secure-payment-confirmation/
Other
106 stars 48 forks source link

How will new passkey providers impact SPC #260

Open ve7jtb opened 9 months ago

ve7jtb commented 9 months ago

We now have password providers. like 1Password and Dashlane that intercept Webauthn on desktop not making credentials created in them available to SPC.

Over Hybrid there may be changes required to expose credentials.

On mobile there are now pluggable passkey providers in iOS and soon Android.
We should attempt to understand any UX implications of these changes.

ianbjacobs commented 7 months ago

@ve7jtb, I see this proposal has been merged into WebAuthn: https://github.com/w3c/webauthn/pull/1957

Can you say how this affects SPC (if at all)? Thanks!

ianbjacobs commented 3 weeks ago

See issue #271, which seeks to add device binding in light of the impact on passkeys.