W3C home > Mailing lists > Public > public-credentials@w3.org > April 2018

Re: Question: WebAuthn announcement -- relation to DIDs?

From: Andrew Hughes <andrewhughes3000@gmail.com>
Date: Thu, 12 Apr 2018 10:19:04 -0700
Message-ID: <CAGJp9UZJ=WKT93b4GhRLvaSC6ErpLu1mnChr=ehED8fb4k09VQ@mail.gmail.com>
To: Adam Powers <adam@fidoalliance.org>
Cc: "W3C Credentials CG (Public List)" <public-credentials@w3.org>, Steven Rowat <steven_rowat@sunshine.net>
At the Internet Identity Workshop (IIW) last week in Mountain View, there
were some sessions discussing exactly this topic - how should WebAuthn and
Verifiable Credentials and Credentials Community Group work together -
leaders from each of the efforts were in attendance.

andrew.

*Andrew Hughes *CISM CISSP
*In Turn Information Management Consulting*

o  +1 650.209.7542
m +1 250.888.9474
1249 Palmer Road, Victoria, BC V8P 2H8
AndrewHughes3000@gmail.com
ca.linkedin.com/pub/andrew-hughes/a/58/682/
*Identity Management | IT Governance | Information Security *

On Thu, Apr 12, 2018 at 10:08 AM, Adam Powers <adam@fidoalliance.org> wrote:

> The quickest summary: WebAuthn is a way of generating public key pairs,
> storing a public key on a server and the private key in an "authenticator",
> and later using that key pair for authentication to a service.
>
> Insofar as DID is storing a public key in a DID document, that public key
> can be generated by WebAuthn and stored by DID. The most obvious overlap
> between DID and WebAuthn would be using WebAuthn as the mechanism for
> DIDAuth -- although there is still some work that needs to happen there to
> define and align the specs. In my perspective, they should be complimentary
> and not competitive.
>
> I hope that helps.
>
> Adam Powers,
> Technical Director, FIDO Alliance
>
>
>
> On April 12, 2018 at 9:24:03 AM, Steven Rowat (steven_rowat@sunshine.net)
> wrote:
>
> Greetings,
>
> The Guardian yesterday had a story of what appears to be a major
> announcement about how WebAuthn will replace passwords:
>
> https://www.theguardian.com/technology/2018/apr/11/
> passwords-webauthn-new-web-standard-designed-replace-login-method
>
> This included a quote showing that this is a W3C project:
>
> “WebAuthn will change the way that people access the Web,” said Jeff
> Jaffe, chief executive of the World Wide Web Consortium (W3C), the
> body that controls web standards."
>
> And after looking at the recent API spec itself, I see that it's a
> FIDO project, and so supported by Google, Microsoft, Paypal, and also
> Mozilla:
>
> http://www.w3.org/TR/2018/CR-webauthn-20180320/
>
> My Question:
>
> Is there any expected or known relationship between WebAuthn and the
> use of DIDs? ie., Can WebAuthn be used with DIDs? Will the uptake of
> WebAuthn preclude or inhibit the use of DIDs?
>
> ie., Are DID Docs and WebAuthn in competition, or are they complementary?
>
> Steven
>
>
>
>
>
>
Received on Thursday, 12 April 2018 17:19:34 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:18:26 UTC