W3C home > Mailing lists > Public > public-credentials@w3.org > April 2018

Re: Question: WebAuthn announcement -- relation to DIDs?

From: Adam Powers <adam@fidoalliance.org>
Date: Thu, 12 Apr 2018 13:08:21 -0400
Message-ID: <CACu+4ctUwM8YXH6-v2HJEtejk37s9MJ+YSUVKzDegWGKd4mewA@mail.gmail.com>
To: public-credentials@w3.org, Steven Rowat <steven_rowat@sunshine.net>
The quickest summary: WebAuthn is a way of generating public key pairs,
storing a public key on a server and the private key in an "authenticator",
and later using that key pair for authentication to a service.

Insofar as DID is storing a public key in a DID document, that public key
can be generated by WebAuthn and stored by DID. The most obvious overlap
between DID and WebAuthn would be using WebAuthn as the mechanism for
DIDAuth -- although there is still some work that needs to happen there to
define and align the specs. In my perspective, they should be complimentary
and not competitive.

I hope that helps.

Adam Powers,
Technical Director, FIDO Alliance

On April 12, 2018 at 9:24:03 AM, Steven Rowat (steven_rowat@sunshine.net)


The Guardian yesterday had a story of what appears to be a major
announcement about how WebAuthn will replace passwords:


This included a quote showing that this is a W3C project:

“WebAuthn will change the way that people access the Web,” said Jeff
Jaffe, chief executive of the World Wide Web Consortium (W3C), the
body that controls web standards."

And after looking at the recent API spec itself, I see that it's a
FIDO project, and so supported by Google, Microsoft, Paypal, and also


My Question:

Is there any expected or known relationship between WebAuthn and the
use of DIDs? ie., Can WebAuthn be used with DIDs? Will the uptake of
WebAuthn preclude or inhibit the use of DIDs?

ie., Are DID Docs and WebAuthn in competition, or are they complementary?

Received on Thursday, 12 April 2018 17:08:48 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:24:47 UTC