Sounds pretty sweet from a corp security perspective. Context Aware Access lets you do attestation at SSO time but baking device integrity further into the system would be helpful.
Unfortunately, this gives a lot of power to webpages. I'm not sure it's worth the tradeoff. This seems like something better handled by an extension, but I'll have to read the spec.