- From: Vijay Bharadwaj <vijaybh@microsoft.com>
- Date: Thu, 26 May 2016 04:52:21 +0000
- To: Mike Jones <Michael.Jones@microsoft.com>, "Hodges, Jeff" <jeff.hodges@paypal.com>
- CC: "public-webauthn@w3.org" <public-webauthn@w3.org>
- Message-ID: <ca06d4c6986e45499725704745d03bb5@microsoft.com>
LGTM Mike, thanks for putting this together. From: Mike Jones [mailto:Michael.Jones@microsoft.com] Sent: Wednesday, May 25, 2016 12:36 PM To: Hodges, Jeff <jeff.hodges@paypal.com> Cc: public-webauthn@w3.org Subject: RE: Draft blog post for FWPD announcement - PLEASE REVIEW Sounds good From: Hodges, Jeff<mailto:jeff.hodges@paypal.com> Sent: Wednesday, May 25, 2016 12:32 PM To: Mike Jones<mailto:Michael.Jones@microsoft.com> Cc: public-webauthn@w3.org<mailto:public-webauthn@w3.org> Subject: Re: Draft blog post for FWPD announcement - PLEASE REVIEW overall, looks good, thanks. on minor suggestion below... On 5/25/16, 12:09 PM, "Mike Jones" <Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com>> wrote: First Public Working Draft of W3C Web Authentication Specification The W3C Web Authentication working group<https://www.w3.org/blog/webauthn/> is pleased to announce the publication of the First Public Working Draft of the W3C Web Authentication specification. This is an important step towards making unphishable privacy-preserving authentication available on the Web and reducing reliance on passwords. Per the W3C process, the publication of the First Public Working Draft<http://www.w3.org/2004/02/Process-20040205/tr.html#first-wd> "is a signal to the community to begin reviewing the document". Your active reviews of the specification are solicited - particularly those based upon experiences implementing and using it. The abstract of the specification is: "This specification defines an API that enables web pages to access WebAuthn compliant strong cryptographic credentials through browser script. Conceptually, one or more credentials are stored on an authenticator, and each credential is scoped to a single Relying Party. Authenticators are responsible for ensuring that no operation is performed without the user's consent. The user agent mediates access to credentials in order to preserve user privacy. Authenticators use attestation to provide cryptographic proof of their properties to the relying party. This specification also describes a functional model of a WebAuthn compliant authenticator, including its signature and attestation functionality." This specification is derived from the November 12, 2015 member submission of FIDO 2.0 Platform Specifications<http://www.w3.org/Submission/2015/02/>. Content from the three submitted specifications has been merged into a single Web Authentication specification, also incorporating changes agreed to by the Web Authentication working group. Early implementations of this and related specifications are already available. The Microsoft Edge browser has an implementation of a slightly earlier version of the specification. Likewise, the Google Chrome and the Mozilla Firefox browsers have implementations of earlier Web authentication specifications, which will both serve as a basis for implementing the W3C Web Authentication specification. You can join the public working group mailing list at https://lists.w3.org/Archives/Public/public-webauthn/. Taking your feedback and continued editing into account, s/and continued editing// (ie, remove that clause) the working group aims to reach a stable specification draft (Candidate Recommendation) by September, 2016. We look forward to receiving your feedback on this specification!
Received on Thursday, 26 May 2016 04:52:56 UTC