Update browser.secureStorage proposal with authentication levels #226
Conversation
oliverdunk
added
the
topic: secure storage
There was a problem hiding this comment.
Since this proposal is authored and edited by @oliverdunk, I'm inclined to accept whatever changes he makes in order to reduce the friction of iterating on this proposal. Discussions of specific concerns with the current draft can take place in appropriately tagged issues. What do you think @xeenon, @zombie, @mukul-p, and @Rob--W?
I'm of course in favor of merging things, appreciate you trying to keep things moving! That said - don't feel a rush to merge this. There's no point merging things with no intent of implementing them so I see getting feedback here as really important. |
| "MACOS_KEYCHAIN_FACE", | ||
| "MACOS_KEYCHAIN_TOUCHID" |
There was a problem hiding this comment.
This would apply to iOS as well. I would prefer to not bake the platform into the contents like this. I much preferred the previous generic wording.
|
I synced with Simeon and got some feedback here. I'm going to make a new draft based on that soon. |
|
@oliverdunk would you like to merge these changes as is or create a new PR for with the updates you're working on? |
|
@dotproto: Let's close this for now and I'll re-open once I have a new draft. Thanks for checking in! |
Following discussion at the last meeting (#215) and in #190, this PR updates the browser.secureStorage proposal to improve two aspects of the API:
BIOMETRICSfor example, without making things too specific and allowing them to specify a particular piece of hardware to use.ANYauthentication level.The
implementationkey has also been added which the browser can use to share more data with the developer about the OS-specific hardware it might use. This is not standardised and is purely informational.Resolves #190