[webauthn] How do I use a smart phone as an authenticator when the web application is running on a laptop/desktop? from roblapp via GitHub on 2018-06-18 (public-webauthn@w3.org from June 2018)

From: roblapp via GitHub <sysbot+gh@w3.org>
Date: Mon, 18 Jun 2018 13:55:30 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-333280588-1529330129-sysbot+gh@w3.org>

roblapp has just created a new issue for https://github.com/w3c/webauthn:

== How do I use a smart phone as an authenticator when the web application is running on a laptop/desktop? ==
I am a little confused as to how the following use case would work... or if it would be supported by the specification:

A user wants to login to an enterprise web application on their laptop or desktop, using their smart phone as an authenticator.

To clarify... the user would type in their username in the web application running in the browser on their laptop. They then click a button that says something like "Password-less Login With Smartphone". They would then click this button at which point they would be prompted on their smartphone for a fingerprint scan. Upon a successful scan they would be logged in to the site. This flow is outlined as an example workflow in the specification here. Also, [Google did a nice presentation](https://www.youtube.com/watch?v=kGGMgEfSzMw&t=1015s) where they gave an example of something similar except that the web application they were running was already running on the smart phone that was used for authenticating (not a desktop or laptop). I am interested in the use case where a user is running a web application on their laptop or desktop and want to use their smart phone as the authenticator.

This leads me to the following question(s):

At a high level, what is the process for setting up a smart phone as an authenticator? Is this a use case that Web Authentication supports?

What I am looking for is a very high level of how somehow should setup the browser to interact with their smart phone the same way it would when using Yubikey or another similar device. All of the examples I have seen either use Yubikeys/other USB devices as the authenticator or in the case of smart phones the examples outline the process when the web application is being accessed from the smart phone itself. Any insights would be very helpful.

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/954 using your GitHub account

Received on Monday, 18 June 2018 13:55:35 UTC