Web Authentication Working Draft rev 7 (WD-07) is officially published here: https://www.w3.org/TR/2017/WD-webauthn-20171205/
NOTE: the latest official WebAuthn spec release is always available here: https://www.w3.org/TR/webauthn/ (so this presently yields WD-07)
Please also note that this spec is a Working DRAFT and will change, possibly in "breaking" ways.
WebAuthn WD-07 features many changes from the prior version, here's a selected list (for details, see the diffs linked-to below):
Updated terminology to match and leverage the Credential Management spec.
Updated [[Create]] and [[DiscoverFromExternalSource]] internal methods to match arguments with those supplied by Credential Management. Note: Credman PR w3c/webappsec-credential-management#100 is related and not completed at this time.
- Explicitly facilitate roaming/external authenticator "hot-plugging" during registration and authentication operations.
- Further refined RP ID handling.
- added a type field to CollectedClientData to avoid potential signature confusion issues.
- added abort signal processing.
- added notion of "effective user verification requirement for assertion"
- added notion of RP-asserted "Attestation Conveyance Preference".
- added "user handle" notion. The "user handle" is "plumbed-through" from the RP, to the authenticator, and back to the RP. This is useful for some RP use cases.
- Facilitate discovery of "Availability of User-Verifying Platform Authenticators". This is useful for some RP use cases.
authenticator operations clarifications/polishing
- added or refined various features to match those listed above, e.g., requiring resident private key, user presence test, and user verification requirement.
- added detailed signature counter considerations.
Clarified attestation object generation.
Refined relying party operations.
Daisydiff-style rendered HTML "inline" Diff: http://kingsmountain.com/doc/diff/diff-webauthn-WD-07--from--WD-06.html
kdiff3-style PDF side-by-side text-only Diff: http://kingsmountain.com/doc/diff/diff-webauthn-WD-07--from--WD-06.pdf
WD-07 Release Page at github: https://github.com/w3c/webauthn/releases/tag/WD-07-20171205