- From: <sysbot+notifier@w3.org>
- Date: Thu, 18 Feb 2021 21:23:26 +0000
- To: public-transition-announce@w3.org
This is a transition request for a new Proposed Recommendation PR Request for Web Authentication: An API for accessing Public Key Credentials Level 2 from https://github.com/w3c/transitions/issues/315 # Document title, URLs, estimated publication date Web Authentication: An API for Accessing Public Key Credentials Level 2 https://www.w3.org/TR/webauthn-2/ Estimated pub-date: 19 02 2021 Staged: https://www.w3.org/TR/2021/PR-webauthn-2-20210218/ # Abstract This specification defines an API enabling the creation and use of strong, attested, scoped, public key-based credentials by web applications, for the purpose of strongly authenticating users. Conceptually, one or more public key credentials, each scoped to a given WebAuthn Relying Party, are created by and bound to authenticators as requested by the web application. The user agent mediates access to authenticators and their public key credentials in order to preserve user privacy. Authenticators are responsible for ensuring that no operation is performed without user consent. Authenticators provide cryptographic proof of their properties to Relying Parties via attestation. This specification also describes the functional model for WebAuthn conformant authenticators, including their signature and attestation functionality. # Status CR # Link to group's decision to request transition https://www.w3.org/2021/01/27-webauthn-minutes.html # Changes since CR, all editorial: * Updated a superseded reference (CBOR, RFC 7049->8949) * Removed an empty section, which caused some internal reference renumbering * Updated non-normative example code * Added a non-normative accessibility considerations section * Updated editors listing https://services.w3.org/htmldiff?doc1=https%3A%2F%2Fwww.w3.org%2FTR%2Fwebauthn-2%2F&doc2=https%3A%2F%2Fw3c.github.io%2Fwebauthn%2F # Requirements satisfied Yes # Wide Review **Web Payments WG** “The Web Authentication WG and the Web Payments WG launched a joint task force in October 2019 to help ensure that payments use cases can be addressed by Web Authentication. Although this collaboration has not involved formal review of Web Authentication Level 2, it has involved usage of the specification and led to a number of feature proposals, including: 1) The ability to call Web Authentication get() from within an iframe. This is a common coding pattern in the payment industry, where the payment service provider code runs in an iframe in the merchant page. 2) Secure Payment Confirmation (SPC), which “marries” Web Authentication and Payment Request API to improve the user experience. This work is motivated in particular by regulatory requirements in Europe (PSD2) involving both strong customer authentication (SCA) and transaction confirmation (“dynamic linking”). In short, the Web Payments Working Group is an active consumer of Web Authentication and has engaged payments industry stakeholders around the adoption of Web Authentication." **PING** [issues addressed](https://github.com/w3c/webauthn/issues?q=is%3Aissue+label%3Aprivacy-needs-resolution) **Security** [Security Review Request for WebAuthn Level 2](https://lists.w3.org/Archives/Public/public-webauthn/2020Oct/0074.html) (Monday, 19 October) -- no issues **i18n** [Review Requested](https://github.com/w3c/i18n-request/issues/132) and [Editorial issues filed]( https://github.com/w3c/webauthn/issues?q=is%3Aissue+label%3Ai18n-needs-resolution) **APA WG** [Accessibility Review Request for WebAuthn Level 2](https://lists.w3.org/Archives/Public/public-webauthn/2020Oct/0076.html) (Monday, 19 October) # Issues addressed Editorial issues will move to Level 3 # Formal Objections None # Implementation Two Browser implementations: Chrome and Edge Implementation report (from WPT tests: https://www.w3.org/2020/12/webauthn-report.html ) # Patent disclosures None February 20 2021: Last day of the 60 day exclusion opportunity that began from Candidate Recommendation -- This email was generated automatically using https://github.com/w3c/transition-issues-bot
Received on Thursday, 18 February 2021 21:23:32 UTC