[transition] PR Request for Web Authentication:
 An API for accessing Public Key Credentials 
Level 2

This is a transition request for a new Proposed Recommendation
  PR Request for Web Authentication:
 An API for accessing Public Key Credentials 
Level 2
from https://github.com/w3c/transitions/issues/315

# Document title, URLs, estimated publication date
Web Authentication: An API for Accessing Public Key Credentials Level 2
Estimated pub-date: 19 02 2021
Staged: https://www.w3.org/TR/2021/PR-webauthn-2-20210218/

# Abstract
This specification defines an API enabling the creation and use of strong, attested, scoped, public key-based credentials by web applications, for the purpose of strongly authenticating users. Conceptually, one or more public key credentials, each scoped to a given WebAuthn Relying Party, are created by and bound to authenticators as requested by the web application. The user agent mediates access to authenticators and their public key credentials in order to preserve user privacy. Authenticators are responsible for ensuring that no operation is performed without user consent. Authenticators provide cryptographic proof of their properties to Relying Parties via attestation. This specification also describes the functional model for WebAuthn conformant authenticators, including their signature and attestation functionality.

# Status

# Link to group's decision to request transition

# Changes
since CR, all editorial:
* Updated a superseded reference (CBOR, RFC 7049->8949)
* Removed an empty section, which caused some internal reference renumbering
* Updated non-normative example code
* Added a non-normative accessibility considerations section
* Updated editors listing


# Requirements satisfied

# Wide Review
**Web Payments WG**
 “The Web Authentication WG and the Web Payments WG launched a joint task force in October 2019 to help ensure that  payments use cases can be addressed by Web Authentication. Although this collaboration has not involved formal review of Web Authentication Level 2, it has involved usage of the specification and led to a number of feature proposals, including:
   1) The ability to call Web Authentication get() from within an iframe. This is a common coding pattern in the payment industry, where the payment service provider code runs in an iframe in the merchant page.
   2) Secure Payment Confirmation (SPC), which “marries” Web Authentication and Payment Request API to
       improve the user experience. This work is motivated in particular by regulatory requirements in Europe (PSD2) involving both strong customer authentication (SCA) and transaction confirmation (“dynamic linking”).
In short, the Web Payments Working Group is an active consumer of Web Authentication and has engaged payments industry stakeholders around the adoption of Web Authentication."

[issues addressed](https://github.com/w3c/webauthn/issues?q=is%3Aissue+label%3Aprivacy-needs-resolution)

[Security Review Request for WebAuthn Level 2](https://lists.w3.org/Archives/Public/public-webauthn/2020Oct/0074.html) (Monday, 19 October) -- no issues

[Review Requested](https://github.com/w3c/i18n-request/issues/132) and [Editorial issues filed](        https://github.com/w3c/webauthn/issues?q=is%3Aissue+label%3Ai18n-needs-resolution)

**APA WG**
 [Accessibility Review Request for WebAuthn Level 2](https://lists.w3.org/Archives/Public/public-webauthn/2020Oct/0076.html) (Monday, 19 October)

# Issues addressed
Editorial issues will move to Level 3

# Formal Objections

# Implementation
Two Browser implementations: Chrome and Edge
Implementation report (from WPT tests: https://www.w3.org/2020/12/webauthn-report.html )

# Patent disclosures
February 20 2021: Last day of the 60 day exclusion opportunity that began from Candidate Recommendation

This email was generated automatically using https://github.com/w3c/transition-issues-bot

Received on Thursday, 18 February 2021 21:23:32 UTC