New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 757077 link

Starred by 4 users

Issue metadata

Status: Assigned
Owner:
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 3
Type: Feature
Launch-Accessibility: NeedInfo
Launch-Exp-Leadership: NA
Launch-Leadership: NotReviewed
Launch-Legal: NotReviewed
Launch-Privacy: NotReviewed
Launch-Security: No
Launch-Test: No
Launch-UI: NotReviewed

Blocked on:
issue 811549
issue 757274



Sign in to add a comment

Haven-based integrated security key support

Project Member Reported by zalcorn@chromium.org, Aug 18 2017

Issue description

Feature description: Allow devices with Haven security chips to act as security keys for 2FA.

Eng owner: rkc
Product owner: zalcorn

PRD: go/cros-gnubby-ui

#################################################################
# Fill these surveys out as you are ready for various reviews.  #
#################################################################

Accessibility survey: The accessibility survey is included in a review bug
that will be filed by lpalmaro@. Please answer all questions there.

Legal survey: Email ctanaka@ (for non-Chrome OS) or jlchen@ (for Chrome OS)
to request a legal review.

Privacy survey: When you flip Launch-Status to Review-Requested, the
privacy team will be notified. Once they've triaged your
launch, a blocking privacy review bug will be filed. Fill out the privacy
survey included in that bug. Email yitingc@ for any questions.

Test survey (https://goto.google.com/chrome-test-questions):

UI survey: Email chrome-ui-review@ (for non-Chrome OS) or chromeos-ui-
review@ (for Chrome OS) to request a UI review if your launch will change
any user-visible strings, assets, animations, or workflows.

 
Blockedon: 757274
Labels: -M-64 M-65 Launch-M-Target-65-Dev Launch-M-Target-65-Beta Launch-M-Target-65-Stable
Labels: -M-65 -Launch-M-Target-65-Dev -Launch-M-Target-65-Beta -Launch-M-Target-65-Stable
Cc: puneetster@chromium.org
Labels: -Pri-2 Pri-1
Would like to see this feature implemented so raising priority.
Cc: vpalatin@chromium.org
Labels: Launch-M-Target-66-Dev Launch-M-Target-66-Beta Launch-M-Target-66-Stable

Comment 7 by dchan@chromium.org, Feb 2 2018

Cc: kmshelton@chromium.org
Labels: TEST-kmshelton
Please file test review ASAP, no need to wait for code complete.

To file test review:
1- File a test review request at: http://go/cros-launch-test
2- Set the test review request as blocking of this launch bug.
3- Add testreview-{bugNumber} label

Test review contact will be kmshelton@

Blockedon: 811549
Cc: mnissler@chromium.org
Mattias, is this something that you think Allen can take a look at?
Labels: -Launch-Security-NotReviewed Launch-Security-No
Current security perspective: The existing implementation we use for Google corp is not compatible with our Chrome OS user isolation story. More background here: https://docs.google.com/document/d/1CjnW8n4JfI4Ffi9xtV0RB-1tZQVVe8yedFUT2Yny76c/edit 

This needs to be figured out before launch, so flagging Launch-Security-No for now to raise awareness.
Labels: -Launch-M-Target-66-Dev -Launch-M-Target-66-Beta -Launch-M-Target-66-Stable M-67 Launch-M-Target-67-Dev Launch-M-Target-67-Beta Launch-M-Target-67-Stable
Given security-no and that implementation hasn't started, punting to M67.
We'll build the intended UI to work with the experimental Google corp version, but hold off on any public launch until security concerns are resolved.
Cc: dskaram@chromium.org
> Launch-Security-No
> Current security perspective: The existing implementation we use 
> for Google corp is not compatible with our Chrome OS user isolation story.

Given this was the UI bug, I don't think the pointed limitation really affects it.

(and btw, the 'existing implementation' works *exactly* the same way as a Yubikey nano which is blessed, so 'not compatible' is a strong stance for the desired enhancements)

> Given security-no and that implementation hasn't started, punting to M67.
> We'll build the intended UI to work with the experimental Google corp version,

the PRD was stating that the corp version was P0.
Cc: cbrand@google.com
> Given this was the UI bug, I don't think the pointed limitation really affects it.

Is there a separate launch bug for the systems part? I'm happy to follow up there if that is more appropriate.

> (and btw, the 'existing implementation' works *exactly* the same way as a Yubikey nano which is blessed, so 'not compatible' is a strong stance for the desired enhancements)

The difference is in built-in vs. external and the user expectations (as described in the doc)

> the PRD was stating that the corp version was P0.

Corp as in google corp? Or for enterprises? The security team is OK with the former (where the security model tolerates always-connected or built-in devices), but not with the latter (where security keys are generally seen as per-user 2FA).

cbrand@google.com for his perspective as well.
Labels: ScopeReview-Yes

Comment 15 by dchan@chromium.org, Mar 12 2018

Cc: dchan@chromium.org

Comment 16 by dchan@chromium.org, Mar 19 2018

Labels: Launch-Test-No
change launch-test to no due to lack of test review.  test review can be filed at http://go/cros-launch-test

Please see instruction else where in this bug. 
Labels: -Launch-M-Target-67-Dev -Launch-M-Target-67-Beta -Launch-M-Target-67-Stable
Labels: Launch-M-Target-67-Dev Launch-M-Target-67-Beta Launch-M-Target-67-Stable
Labels: -M-67 -Launch-M-Target-67-Dev -Launch-M-Target-67-Beta -Launch-M-Target-67-Stable
Labels: M-68 Launch-M-Target-68-Dev Launch-M-Target-68-Beta Launch-M-Target-68-Stable

Comment 21 by dchan@chromium.org, Mar 29 2018

Labels: -Launch-Test-NotReviewed
Labels: -M-68 -Launch-M-Target-68-Dev -Launch-M-Target-68-Beta -Launch-M-Target-68-Stable

Comment 23 by cbrand@google.com, May 2 2018

Hey folks, is this still scheduled for M68? Should we update launch-status? It's not asking for anyone to review this yet, and we've been slipping a couple of releases already? Anything I can do to help?
This has been on the back-burner until we can figure out how to address the concerns in comment #10. Even if we just shipped the UI, only Googlers would see it, so it's not a high priority IMO.
Hoping to dig into this deeper in the M70 timeframe. Any particular reason to try and get it done sooner?
FWIW, vpalatin@ and me have been iterating on a design that should cover the user binding aspect: https://docs.google.com/document/d/1oxyuzcJTn_E8njz4U0WgBs0YG3jMPhalqy7ZcPQPsUc/edit#

kerrnel@ was interested to chip in on the implementation work, but I'm not aware of ongoing implementation work yet. At this point, there's no launch timeline we can commit to.

Comment 26 by cbrand@google.com, May 4 2018

Just getting this UX fix in for Googlers would already be a *huge* win IMHO, especially since I don't think the UX work here is any more than an hour or two. Implementation of this of course is a different story, but I don't believe we should block the UX design just because of this. Is this bug just about the UX updates to CrOS, or is this for the full feature?

It's also not quite true that only Googlers are seeing this flow: *many* of our strategic enterprise customers have turned this on using the debug flags (including Reed Hastings, CEO at NetFlix). They're aware of the caveats (don't share the device with others, etc).
This Launch bug covers the entire feature.

Comment 28 by amin...@google.com, May 15 2018

Labels: Launch-Exp-Leadership-NA
We've added two new bits to the Launch template - Launch-Exp-Leadership and Launch-Leadership - to capture leadership approval for new features.  The Launch-Exp-Leadership bit is meant to capture approval for Finch-based experimentation in the stable channel.  However, since Chrome OS tends not to use Finch to experiment in the stable channel, setting this bit to NA for all Chrome OS-only launches.

Ping amineer@ with any questions / concerns.

Comment 29 by amin...@google.com, May 16 2018

Labels: Launch-Leadership-NotReviewed
Per updates to go/newChromeFeature, setting new Launch-Leadership bit (meant to capture leadership approval) to NotReviewed.  Ping amineer@ for questions.
Labels: -Launch-Accessibility-NotReviewed a11y-filed Launch-Accessibility-NeedInfo
Labels: Type-Feature
[Bulk edit]: converting my launch bugs without target milestones to Feature Requests for better organizational sanity. They will retain Restrict-View-Google. Please ping me with any issues.
Components: UI>Shell>OOBE
Labels: -Pri-1 Pri-3
Owner: jessejames@chromium.org
[bulk edit] moving OOBE/Login Feature Requests to Jesse.
Labels: -TEST-kmshelton

Sign in to add a comment