W3C home > Mailing lists > Public > public-webauthn@w3.org > August 2019

Re: W3C WebAuthn Recommendation schedule

From: David Waite <dwaite@pingidentity.com>
Date: Wed, 7 Aug 2019 23:23:11 -0600
Message-ID: <CA+3kW=YoeQR-awkVFewkx5wvFFFt65d+WOxf6p_K4fLRnpcrGQ@mail.gmail.com>
To: Anthony Nadalin <tonynad@microsoft.com>
Cc: W3C Web Authn WG <public-webauthn@w3.org>, John Fontana <jfontana@yubico.com>
I'm of the opinion that there are plenty of items which are coming up for
WebAuthn deployments to justify a new WebAuthn specification. To the extent
new authenticator features affect relying parties and affect user
experience, both behaviors will need to be supported anyway.

It would be nice to have features like Cred Protect in WebAuthn Layer 2,
but it sounds like we are considering Layer 2 CR in 2-4 months, and (using
Cred Protect as an example) this email chain is AFAIK the first mention of
the term in public.

My understanding is that CTAP is a consumer of the WebAuthn specification,
and functionality needed by CTAP is contributed back as requirements to
this working group. So far, very few of these items have been publicly

Thats not to say that a final CTAP 2.1 spec is needed for WebAuthn changes
- WebAuthn is the API for exposing authenticator features. But so far there
hasn't been any W3C discourse, so it is challenging to establish them as
important requirements for Layer 2.


_CONFIDENTIALITY NOTICE: This email may contain confidential and privileged 
material for the sole use of the intended recipient(s). Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately 
by e-mail and delete the message and any file attachments from your 
computer. Thank you._
Received on Thursday, 8 August 2019 05:23:45 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:59:06 UTC