On 12/02/2015 11:37 PM, Frederic Martin wrote:
As I said in the other email,
I don't understand how this could be implemented when the spec has left the
>key piece undefined, as far as I see.
You are completely right ! For now, FIDO 2 is currently being written (far far
far from finished) and can't be implemented, so let's focus on existing
solutions with existing specifications and existing products (the ones that
work with google/gmail, github, dropbox and many federated identity portals.
FIDO U2F specifications are complete for USB/HID devices & desktop browsers.
Can you show me how a web page gets access to some API entry point? I haven't
seen any spec defining how
the relevant MessagePort or some u2f object can be accessed.
To me the spec looks very much incomplete, in the sense that based on it one
can't create
interoperable implementations.
-Olli
Additional information (copy/paste from a previous post of mine above
with small updates):
- FIDO 2.0 will not replace FIDO U2F
- There will probably not be any kind of FIDO U2F 2.0 inside FIDO 2.0
- FIDO 2.0 has no goal to be compatible with FIDO U2F (and won't be)
- FIDO U2F is already here and here to stay. It is a great WORKING
solution: a secure second factor for strong web authentication
through a simple HID based API.
- There is already plenty of FIDO U2F related source code available
to help people building great solutions (Chromium client source code,
Google JS library source code and different Java/PHP/Go/etc. server code)
- Nearly all FIDO U2F products have really secure architectures
(i.e. nearly every products are using secure elements / smart cards
components, even if not mandatory, that's great)
- FIDO U2F over NFC and BLE specifications are currently being
finalized, so there will be flexibility to cover mobile platforms.
- FIDO 2.0 W3c submission have no real details regarding technical
implementation because FIDO 2 is only for now a very confusing draft
with strange (*cough*) directions, so do not put too many hopes
into FIDO 2.0 (that's really not important for now)
=> So let's focus on U2F :)
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
