- From: Anthony Nadalin <tonynad@microsoft.com>
- Date: Tue, 20 Mar 2018 11:32:54 +0000
- To: W3C Web Authn WG <public-webauthn@w3.org>
We are live, thank you all for the hard work to get to CR -----Original Message----- From: Xueyuan <xueyuan@w3.org> Sent: Tuesday, March 20, 2018 4:28 AM To: w3c-ac-forum@w3.org Cc: chairs@w3.org Subject: Web Authentication: An API for accessing Public Key Credentials Level 1 is a W3C Candidate Recommendation (Call for Implementations) Dear Advisory Committee Representative, Chairs, I am pleased to announce that "Web Authentication: An API for accessing Public Key Credentials Level 1" is a W3C Candidate Recommendation: https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.w3.org%2FTR%2F2018%2FCR-webauthn-20180320%2F&data=04%7C01%7Ctonynad%40microsoft.com%7Cac075a155cf64d517d3f08d58e55bf78%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636571421293114621%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwifQ%3D%3D%7C-1&sdata=vZnMdXYCSCgA125wXad%2BDJXbVTdybOJiTtUaiuYJits%3D&reserved=0 The approval and publication are in response to this transition request: https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.w3.org%2FArchives%2FMember%2Fchairs%2F2018JanMar%2F0096.html&data=04%7C01%7Ctonynad%40microsoft.com%7Cac075a155cf64d517d3f08d58e55bf78%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636571421293114621%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwifQ%3D%3D%7C-1&sdata=12orCHTAy3wjFq4xelqUOFOrv%2BCQDdyfkroGd4dOf4I%3D&reserved=0 Please provide feedback by 1 May 2018 by raising issues in the working group's github repository at: https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fw3c%2Fwebauthn&data=04%7C01%7Ctonynad%40microsoft.com%7Cac075a155cf64d517d3f08d58e55bf78%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636571421293114621%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwifQ%3D%3D%7C-1&sdata=n1ubcnJlnXpffw4Vy8ymn%2FpvK%2FIFcLqNh0hxSqlO13U%3D&reserved=0 Alternatively, you may send email to the group at: public-webauthn@w3.org. There are no formal objections. Patent disclosures relevant to this specification may be found on the Web Authentication Working Group's patent disclosure page in conformance with W3C policy: https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.w3.org%2F2004%2F01%2Fpp-impl%2F87227%2Fstatus&data=04%7C01%7Ctonynad%40microsoft.com%7Cac075a155cf64d517d3f08d58e55bf78%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636571421293114621%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwifQ%3D%3D%7C-1&sdata=P9QaAxuoZXTuYptiXoATaiXLBXuJ5ff8VncOXV1cYq4%3D&reserved=0 This Call for Implementations follows section 6.4 "Candidate Recommendation" of the W3C Process Document: https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.w3.org%2F2018%2FProcess-20180201%2F%23candidate-rec&data=04%7C01%7Ctonynad%40microsoft.com%7Cac075a155cf64d517d3f08d58e55bf78%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636571421293114621%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwifQ%3D%3D%7C-1&sdata=yOe%2BK%2F1aQrFMdh%2BWnfdZsedJchaJFqrIF1rTvHpskqU%3D&reserved=0 Thank you, For Tim Berners-Lee, Director, and Philippe Le Hégaret, Project Management Lead; Xueyuan Jia, W3C Marketing & Communications ============================================== Quoting from: Web Authentication: An API for accessing Public Key Credentials Level 1 W3C Candidate Recommendation, 20 March 2018 This version: https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.w3.org%2FTR%2F2018%2FCR-webauthn-20180320%2F&data=04%7C01%7Ctonynad%40microsoft.com%7Cac075a155cf64d517d3f08d58e55bf78%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636571421293114621%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwifQ%3D%3D%7C-1&sdata=vZnMdXYCSCgA125wXad%2BDJXbVTdybOJiTtUaiuYJits%3D&reserved=0 Latest published version: https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.w3.org%2FTR%2Fwebauthn%2F&data=04%7C01%7Ctonynad%40microsoft.com%7Cac075a155cf64d517d3f08d58e55bf78%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636571421293114621%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwifQ%3D%3D%7C-1&sdata=KJlRnEQR2gmQPqst1o8OoGAiCb53Kem3%2B8Gz9f9uhuc%3D&reserved=0 Abstract: This specification defines an API enabling the creation and use of strong, attested, scoped, public key-based credentials by web applications, for the purpose of strongly authenticating users. Conceptually, one or more public key credentials, each scoped to a given Relying Party, are created and stored on an authenticator by the user agent in conjunction with the web application. The user agent mediates access to public key credentials in order to preserve user privacy. Authenticators are responsible for ensuring that no operation is performed without user consent. Authenticators provide cryptographic proof of their properties to relying parties via attestation. This specification also describes the functional model for WebAuthn conformant authenticators, including their signature and attestation functionality. Status of this document: This section describes the status of this document at the time of its publication. Other documents may supersede this document. A list of current W3C publications and the latest revision of this technical report can be found in the W3C technical reports index at https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.w3.org%2FTR%2F&data=04%7C01%7Ctonynad%40microsoft.com%7Cac075a155cf64d517d3f08d58e55bf78%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636571421293114621%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwifQ%3D%3D%7C-1&sdata=223R%2Br1mJWUODTJ1F0pavhny7hqPum3QwVdjf98ITVQ%3D&reserved=0. For the Web Authentication specification to move to Proposed Recommendation we must show two independent, interoperable implementations of the Web Authentication API in browsers. We will also have multiple interoperable implementations of the AppID extension, validating the extensions framework. All other extensions are "at risk". If there are not multiple interoperable implementations, each may independently be removed or made informative at Proposed Recommendation. We have had two informal interoperability tests with implementations in three browsers. This document was published by the Web Authentication Working Group as a Candidate Recommendation. This document is intended to become a W3C Recommendation. Feedback and comments on this specification are welcome. Please use Github issues. Discussions may also be found in the public-webauthn@w3.org archives. W3C publishes a Candidate Recommendation to indicate that the document is believed to be stable and to encourage implementation by the developer community. The deadline for comments for this Candidate Recommendation is 1 May 2018. Publication as a Candidate Recommendation does not imply endorsement by the W3C Membership. This is a draft document and may be updated, replaced or obsoleted by other documents at any time. It is inappropriate to cite this document as other than work in progress. This document was produced by a group operating under the W3C Patent Policy. W3C maintains a public list of any patent disclosures made in connection with the deliverables of the group; that page also includes instructions for disclosing a patent. An individual who has actual knowledge of a patent which the individual believes contains Essential Claim(s) must disclose the information in accordance with section 6 of the W3C Patent Policy. This document is governed by the 1 February 2018 W3C Process Document. ==============================================
Received on Tuesday, 20 March 2018 11:33:20 UTC