- From: Adam Powers <adam@fidoalliance.org>
- Date: Thu, 12 Apr 2018 13:08:21 -0400
- To: public-credentials@w3.org, Steven Rowat <steven_rowat@sunshine.net>
- Message-ID: <CACu+4ctUwM8YXH6-v2HJEtejk37s9MJ+YSUVKzDegWGKd4mewA@mail.gmail.com>
The quickest summary: WebAuthn is a way of generating public key pairs, storing a public key on a server and the private key in an "authenticator", and later using that key pair for authentication to a service. Insofar as DID is storing a public key in a DID document, that public key can be generated by WebAuthn and stored by DID. The most obvious overlap between DID and WebAuthn would be using WebAuthn as the mechanism for DIDAuth -- although there is still some work that needs to happen there to define and align the specs. In my perspective, they should be complimentary and not competitive. I hope that helps. Adam Powers, Technical Director, FIDO Alliance On April 12, 2018 at 9:24:03 AM, Steven Rowat (steven_rowat@sunshine.net) wrote: Greetings, The Guardian yesterday had a story of what appears to be a major announcement about how WebAuthn will replace passwords: https://www.theguardian.com/technology/2018/apr/11/passwords-webauthn-new-web-standard-designed-replace-login-method This included a quote showing that this is a W3C project: “WebAuthn will change the way that people access the Web,” said Jeff Jaffe, chief executive of the World Wide Web Consortium (W3C), the body that controls web standards." And after looking at the recent API spec itself, I see that it's a FIDO project, and so supported by Google, Microsoft, Paypal, and also Mozilla: http://www.w3.org/TR/2018/CR-webauthn-20180320/ My Question: Is there any expected or known relationship between WebAuthn and the use of DIDs? ie., Can WebAuthn be used with DIDs? Will the uptake of WebAuthn preclude or inhibit the use of DIDs? ie., Are DID Docs and WebAuthn in competition, or are they complementary? Steven
Received on Thursday, 12 April 2018 17:08:48 UTC