Salutations TAG!

I'm requesting a TAG review of the Web Authentication Large Blob extension.

The Web Authentication Large Blob extension allows relying parties to store small amounts of opaque data associated with a credential on an authenticator. This is useful for authentication schemes involving storing certificates on authenticators.

• Explainer
• Specification URL
• Tests (see large-blob files).
• User research: N/A
• Security and Privacy self-review
• GitHub repo (if you prefer feedback filed there): File feedback here
• Primary contacts (and their relationship to the specification):
  • Nina Satragno (@nsatragno), Google (implementing & launching the feature)
  • Adam Langley (@agl), Google (wrote the large blob spec)
• Organization(s)/project(s) driving the specification: Google/Chrome, Microsoft
• Key pieces of existing multi-stakeholder review or discussion of this specification:
  • PRs:
    • https://github.com/w3c/webauthn/pull/1402
• External status/issue trackers for this specification (publicly visible, e.g. Chrome Status):
  • https://chromestatus.com/feature/5657899357437952

Further details:

• I have reviewed the TAG's Web Platform Design Principles
• Relevant time constraints or deadlines: N/A
• The group where the work on this specification is currently being done: WebAuthn WG
• The group where standardization of this work is intended to be done: WebAuthn WG
• Major unresolved issues with or opposition to this specification: None.
• This work is being funded by: Google, Microsoft (insofar as they have implemented the relevant APIs on Windows).

You should also know that...

This feature requires OS-level support for platforms where the OS handles WebAuthn requests (this is the case for Windows). Support on Windows has already shipped.

We'd prefer the TAG provide feedback as (please delete all but the desired option):

💬 leave review feedback as a comment in this issue and @-notify @nsatragno