Week 16, 2018 - WebAuthn; Docker Registry API

By (3 minutes read)

As I spent last week wholly immersed in AWS events, it’s strange that this note doesn’t concern that. Instead, it’s all about standards with WebAuthn reaching a stage where implementations can start and Docker donating the Docker Registry API to the OCI as a standard.


The W3C advanced the FIDO Alliance’s WebAuthn proposal to the Candidate Recommendation phase, which means that it’s now ready for implementation. To summarise, WebAuthn is the spec for an API to implement different ways of authenticating themselves. Whether that is using external tokens like a Yubi key, or biometrics such as can be found in many phones these days.

As I’ve spoken often enough about passwords, and that these often get stolen, I don’t think I need to reiterate that this can become very useful. That said, I’m curious to see how this will be implemented across device. As an example, using biometric values as an example, my iPhone can only scan my face, my iPad my fingerprints, and my MacBook has neither of those. At the same time, I can’t use a Yubi key as that is incompatible with iOS devices1. Not that this particular example matters much at his stage, as while “all major browser vendors” will be implementing this, that doesn’t seem to include Apple.

Regardless, I am positive about where this might go in the future and look forward to actual implementations. While I do not doubt that some issues will need to be worked out in the long run, and that this won’t be the best and final solution, it is a good step in the right direction of improving security. And of course, this won’t do away with things like multi-factor authentication. In the end, this will just be one step in the authentication process.

Speaking of passwords, I noticed that 1Password is now giving out free Teams memberships to open source projects. If you manage one of these, it might be worth checking out their terms and conditions for it.

Docker Registry API

More and more pieces of the Docker stack are turning into standards, which can only be a good thing for interoperability. This time it is the Docker Registry API that was donated to the OCI2. If you’ve ever set up your own local registry3, you are likely familiar with how easy it is to set up a registry using the API. Even if you’ve never done that, it is hard not to use it if you work with containers as it’s the backend behind pushing and pulling containers.

Looking through the announcement I can see that the current version has only been available since 2015, but it’s hard to remember it used to be different, probably because my usage of Docker has increased a lot since those days. Many container repositories have been implemented using this API, so in some ways this move turns it from a de-facto standard into an actual one.

  1. Purely a side-effect of Apple not allowing NFC for anything other than Apple Pay. ↩︎

  2. Open Container Initiative ↩︎

  3. Which was more common before all major cloud providers offer registries as a service. ↩︎

comments powered by Disqus