Weekly github digest (WebAuthn) from W3C Webmaster via GitHub API on 2025-11-04 (public-webauthn@w3.org from November 2025)

From: W3C Webmaster via GitHub API <noreply@w3.org>
Date: Tue, 04 Nov 2025 17:00:54 +0000
To: public-webauthn@w3.org
Message-Id: <E1vGKOs-00HWdc-1n@janus.w3.internal>

Issues
------
* w3c/webauthn (+2/-2/💬18)
  2 issues created:
  - Forbid authenticator data from containing plaintext PRF outputs (by zacknewman)
    https://github.com/w3c/webauthn/issues/2359 [type:technical] 
  - [L3 CR] Transition Request Draft (by simoneonofri)
    https://github.com/w3c/webauthn/issues/2355 [type:process] 

  7 issues received 18 new comments:
  - #2355 [L3 CR] Transition Request Draft (6 by emlun, nsatragno, simoneonofri)
    https://github.com/w3c/webauthn/issues/2355 [type:process] 
  - #2350 Consider RP ID migration use cases (4 by MasterKale, nsatragno, timcappalli)
    https://github.com/w3c/webauthn/issues/2350 [stat:Discuss] [subtype:FeatureProposal] 
  - #2337 Same PRF regardless of UV? (3 by My1, zacknewman)
    https://github.com/w3c/webauthn/issues/2337 [type:technical] 
  - #2336 WebAuthn requestUserInfo -- easier account creation (2 by iinuwa, nsatragno)
    https://github.com/w3c/webauthn/issues/2336 [stat:Discuss] [type:technical] [subtype:FeatureProposal] [TPAC 2025] 
  - #2323 user verification discouraged should consider privacy impact or UA advice (1 by timcappalli)
    https://github.com/w3c/webauthn/issues/2323 [type:editorial] [privacy-tracker] 
  - #2321 privacy implications of cross-origin iframe (1 by timcappalli)
    https://github.com/w3c/webauthn/issues/2321 [type:technical] [privacy-needs-resolution] 
  - #2320 document and mitigate fingerprinting and disclosure risk of capabilities and extensions (1 by timcappalli)
    https://github.com/w3c/webauthn/issues/2320 [type:technical] [privacy-needs-resolution] 

  2 issues closed:
  - Merge changes since L3WD2 into changes since L2 https://github.com/w3c/webauthn/issues/2302 [type:editorial] [type:process] 
  - 16.2. ES256 Credential with No Attestation test vector misses extraData content https://github.com/w3c/webauthn/issues/2345 [type:editorial] 



Pull requests
-------------
* w3c/webauthn (+5/-0/💬7)
  5 pull requests submitted:
  -  (by nsatragno)
     
  -  (by timcappalli)
     
  -  (by emlun)
     
  -  (by timcappalli)
     
  -  (by timcappalli)
     

  3 pull requests received 7 new comments:
  - #2358 [Do not merge yet] Add `requestUserInfo` (1 by nsatragno)
    https://github.com/w3c/webauthn/pull/2358 
  - #2357 Additional privacy recommendations for getClientCapabilities (3 by nsatragno, timcappalli)
    https://github.com/w3c/webauthn/pull/2357 
  - #2356 Fold changes since L3WD2 into changes since L2 (3 by MasterKale, emlun)
    https://github.com/w3c/webauthn/pull/2356 


Repositories tracked by this digest:
-----------------------------------
* https://github.com/w3c/webauthn


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Tuesday, 4 November 2025 17:00:55 UTC