- From: Jeff Hodges <jdhodges@google.com>
- Date: Tue, 25 Jun 2019 17:35:47 -0700
- To: W3C Web Authn WG <public-webauthn@w3.org>
- Message-ID: <CAOt3QXsfTOTucthxAqOiB2CBgHxC6=shxMZbZfgT3cA2A6x_cQ@mail.gmail.com>
[please let me know if I've missed anything of significance. ] WebAuthn Level 2 - W3C First Public Working Draft, 4 June 2019 <https://www.w3.org/TR/2019/WD-webauthn-2-20190604/> Diff between Webauthn L2 FPWD and L1 Recommendation: < https://services.w3.org/htmldiff?doc1=https%3A%2F%2Fwww.w3.org%2FTR%2F2019%2FREC-webauthn-1-20190304%2F&doc2=https%3A%2F%2Fwww.w3.org%2FTR%2F2019%2FWD-webauthn-2-20190604%2F > Summary of WebAuthn L2 FPWD's new features relative to the WebAuthn Level 1 Recommendation: * Improved Resident Key support Satisfies the use case stated here: Indicate resident key credential "preferred" during registration and find out what the authenticator offered (https://github.com/w3c/webauthn/issues/991). Includes the new section "10.10. Credential Properties Extension (credProps)" < https://www.w3.org/TR/webauthn-2/#sctn-authenticator-credential-properties-extension>, and an updated "12.2. Registration Specifically with User-Verifying Platform Authenticator" < https://www.w3.org/TR/webauthn-2/#sctn-sample-registration-with-platform-authenticator> section. * Feature Policy integration (initial phase) See: https://www.w3.org/TR/webauthn-2/#sctn-feature-policy" PR #1214: <https://github.com/w3c/webauthn/pull/1214> * String handling clarifications See: 6.4. String Handling PR #1205: <https://github.com/w3c/webauthn/pull/1205> * Clarification of attestation limitations See: 13.3.1. Attestation Limitations PR #1095: <https://github.com/w3c/webauthn/pull/1095> * FIDO AppID extension clarifications See 10.1. FIDO AppID Extension (appid) PRs #1143 #1118 <https://github.com/w3c/webauthn/pull/1143> <https://github.com/w3c/webauthn/pull/1118> * Authenticator-supported transports can be made RP-available at credential creation time See: AuthenticatorAttestationResponse.getTransports() PR #1050: <https://github.com/w3c/webauthn/pull/1050> * "Silent authentication" is explicitly not supported in WebAuthn (at this time) PR #1140: <https://github.com/w3c/webauthn/pull/1140> * Various detail-level technical and editorial cleanups/clarifications as well as various terminology additions and clarifications -- see the above-linked diff. end
Received on Wednesday, 26 June 2019 00:36:37 UTC