- From: Wendy Seltzer <wseltzer@w3.org>
- Date: Mon, 19 Oct 2020 08:30:48 -0400
- To: public-web-security@w3.org
- Cc: "public-webauthn@w3.org" <public-webauthn@w3.org>
Hi Security, The Web Authentication WG requests review of Web Authentication: An API for accessing Public Key Credentials, Level 2 https://w3c.github.io/webauthn/ as it prepares for an updated CR publication. This is an incremental update to WebAuthn Level 1, https://www.w3.org/TR/2019/REC-webauthn-1-20190304/ Substantive changes since Rec: -- Added new method to allow Discoverable/Resident Credentials Preferred -- New methods added for Attestation Objects -- Added Enterprise Attestation, Apple Attestation -- Added Large Blob storage and credential properties -- Modified cross-origin iFrame usage (only 'get' command) -- Removed unused extensions (they remain in Level 1); also simple tx auth, generic tx auth, UVI, biometrics. -- Clarified some inputs and outputs in extensions -- Fixed some serialization issues with JSON parser Security Considerations: https://www.w3.org/TR/webauthn-2/#sctn-security-considerations Comments welcome on github, https://github.com/w3c/webauthn/issues Thank you, --Wendy, as WebAuthn WG team contact -- -- Wendy Seltzer -- wseltzer@w3.org +1.617.715.4883 (office) Strategy Lead and Counsel, World Wide Web Consortium (W3C) https://wendy.seltzer.org/ +1.617.863.0613 (mobile)
Received on Monday, 19 October 2020 12:30:51 UTC