-
Notifications
You must be signed in to change notification settings - Fork 26
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PR Request for Web Authentication: An API for accessing Public Key Credentials Level 2 #315
Comments
We will produce a Diff after our meeting tomorrow 17 02 2021 |
(waiting on final ack from horizontal groups) |
APA closed their issue: https://www.w3.org/2021/02/24-apa-minutes.html#t05 |
i18n closed their issue: https://lists.w3.org/Archives/Member/member-i18n-core/2021Feb/0012.html |
The cited staged version is missing the added section 15 Accessibility Considerations. (I note that the implementation report actually includes more than 2 browser engines.) Once this is fixed, transition to Proposed Rec is approved. |
Thank you @swickr. Now corrected at https://www.w3.org/TR/2021/PR-webauthn-2-20210225/ |
Document title, URLs, estimated publication date
Web Authentication: An API for Accessing Public Key Credentials Level 2
https://www.w3.org/TR/webauthn-2/
Estimated pub-date: 19 02 2021
Staged: https://www.w3.org/TR/2021/PR-webauthn-2-20210225/
Abstract
This specification defines an API enabling the creation and use of strong, attested, scoped, public key-based credentials by web applications, for the purpose of strongly authenticating users. Conceptually, one or more public key credentials, each scoped to a given WebAuthn Relying Party, are created by and bound to authenticators as requested by the web application. The user agent mediates access to authenticators and their public key credentials in order to preserve user privacy. Authenticators are responsible for ensuring that no operation is performed without user consent. Authenticators provide cryptographic proof of their properties to Relying Parties via attestation. This specification also describes the functional model for WebAuthn conformant authenticators, including their signature and attestation functionality.
Status
CR
Link to group's decision to request transition
https://www.w3.org/2021/01/27-webauthn-minutes.html
Changes
since CR, all editorial:
https://services.w3.org/htmldiff?doc1=https%3A%2F%2Fwww.w3.org%2FTR%2Fwebauthn-2%2F&doc2=https%3A%2F%2Fw3c.github.io%2Fwebauthn%2F
Requirements satisfied
Yes
Wide Review
Web Payments WG
“The Web Authentication WG and the Web Payments WG launched a joint task force in October 2019 to help ensure that payments use cases can be addressed by Web Authentication. Although this collaboration has not involved formal review of Web Authentication Level 2, it has involved usage of the specification and led to a number of feature proposals, including:
improve the user experience. This work is motivated in particular by regulatory requirements in Europe (PSD2) involving both strong customer authentication (SCA) and transaction confirmation (“dynamic linking”).
In short, the Web Payments Working Group is an active consumer of Web Authentication and has engaged payments industry stakeholders around the adoption of Web Authentication."
PING
issues addressed
Security
Security Review Request for WebAuthn Level 2 (Monday, 19 October) -- no issues
i18n
Review Requested and Editorial issues filed
APA WG
Accessibility Review Request for WebAuthn Level 2 (Monday, 19 October)
Issues addressed
Editorial issues will move to Level 3
Formal Objections
None
Implementation
Two Browser implementations: Chrome and Edge
Implementation report (from WPT tests: https://www.w3.org/2020/12/webauthn-report.html )
Patent disclosures
None
February 20 2021: Last day of the 60 day exclusion opportunity that began from Candidate Recommendation
The text was updated successfully, but these errors were encountered: