Web Authentication 2025-04-24 > 2025-05-25 #90
Description
In the issue title above add the document name followed by the date of this request, then the date of your proposed deadline for comments.
- Name of spec to be reviewed: Web Authentication
- URL of spec: https://www.w3.org/TR/2025/WD-webauthn-3-20250127/
- Does your document have an in-line Security Considerations section, ideally one separate from the Privacy Considerations? If not, corrrect that before proceeding further. yes
- What and when is your next expected transition? after the end of the review period
- What has changed since any previous review? new review
- Please point to the results of your own self-review (see https://w3ctag.github.io/security-questionnaire/)
- General: https://github.com/w3c/webauthn/wiki/Security-and-Privacy-Self%E2%80%90Review:-WebAuthn-L1,-L2,-L3
-PublicKeyCredential Signal methods: https://github.com/w3c/webauthn/wiki/Security-&-privacy-self-review:-PublicKeyCredential-signal-methods - WebAuthn Large Blob Extension https://github.com/w3c/webauthn/wiki/Security-&-privacy-self-review:-WebAuthn-Large-Blob-Extension
- Client Hints https://github.com/w3c/webauthn/wiki/Security-&-Privacy-Self%E2%80%90Review:-Client-Hints
- Related Origin Requests https://github.com/w3c/webauthn/wiki/Security-&-Privacy-Self%E2%80%90Review:-Related-Origin-Requests
- General: https://github.com/w3c/webauthn/wiki/Security-and-Privacy-Self%E2%80%90Review:-WebAuthn-L1,-L2,-L3
- Where and how to file issues arising? https://github.com/w3c/webauthn/issues [group ref: https://github.com/[L3 CR] Horizontal Review: Security & Privacy webauthn#2244]
- Pointer to any explainer for the spec?
- All explainers are in the Wiki: https://github.com/w3c/webauthn/wiki
Other comments:
- Threat Model here: https://fidoalliance.org/specs/common-specs/fido-security-ref-v2.1-rd-20210525.html
[cc'ing @nadalin, @timcappalli, @emlun]