Re: Privacy Review Request for WebAuthn Level 2

Thanks for sending in this request Wendy. We’ve assigned the review and will be discussing the spec at our next PING meeting on 5 November 2020.

Christine

> On Oct 19, 2020, at 5:31 AM, Wendy Seltzer <wseltzer@w3.org> wrote:
> 
> Hi PING,
> 
> The Web Authentication WG requests review of Web Authentication: An API
> for accessing Public Key Credentials, Level 2
> https://w3c.github.io/webauthn/

> as it prepares for an updated CR publication.
> 
> This is an incremental update to WebAuthn Level 1,
> https://www.w3.org/TR/2019/REC-webauthn-1-20190304/

> 
> Substantive changes since Rec:
> -- Added new method to allow Discoverable/Resident Credentials Preferred
> -- New methods added for Attestation Objects
> -- Added Enterprise Attestation, Apple Attestation
> -- Added Large Blob storage and credential properties
> -- Modified cross-origin iFrame usage (only 'get' command)
> -- Removed unused extensions (they remain in Level 1); also simple tx
> auth, generic tx auth, UVI, biometrics.
> -- Clarified some inputs and outputs in extensions
> -- Fixed some serialization issues with JSON parser
> 
> Privacy Considerations:
> https://www.w3.org/TR/webauthn-2/#sctn-privacy-considerations

> 
> Comments welcome on github, https://github.com/w3c/webauthn/issues

> 
> Thank you,
> --Wendy, as WebAuthn WG team contact
> -- 
> -- 
> Wendy Seltzer -- wseltzer@w3.org +1.617.715.4883 (office)
> Strategy Lead and Counsel, World Wide Web Consortium (W3C)
> https://wendy.seltzer.org/        +1.617.863.0613 (mobile)
> 
> 
> 

Received on Wednesday, 21 October 2020 21:14:14 UTC