- From: Simone Onofri <simone@w3.org>
- Date: Wed, 8 Oct 2025 19:58:49 +0200
- To: Web Authentication Working Group <public-webauthn@w3.org>
- Cc: ANTHONY J NADALIN <nadalin@prodigy.net>, Mike Jones <michael_b_jones@hotmail.com>, Christiaan Brand <cbrand@google.com>, Ian Jacobs <ij@w3.org>, Addison Phillips <addisoni18n@gmail.com>
Hi all, Regarding the joint meeting with Web Payments, we can see here the https://github.com/w3c/webpayments/wiki/Agenda%E2%80%90TPAC2025 Also, with a proposal to anticipate the discussion on Tuesday, 11 November 2025, at 15:00-16:00 in addition to also having the 16:30-18:00 slot. What do you think? Thank you, Simone > On 8 Oct 2025, at 01:32, ANTHONY J NADALIN <nadalin@prodigy.net> wrote: > > Here is the agenda for the 10/08/2025 W3C Web Authentication. WG Meeting, that will take place as a 30 minute teleconference. Remember call is at 11AM Pacific Time. Reminder that we will be using ZOOM from now on, please make sure you go to Web Authentication bi-weekly (w3.org) > > Select scribe please someone be willing to scribe so we can get down to the issues > > • Here is the link to the Level 2 Webauthn Recommendation https://www.w3.org/TR/2021/REC-webaut > • Here is the link to the Final L3 draft (use for CR) https://www.w3.org/TR/2025/WD-webauthn-3-20250127/ > • L3 Target Publication Schedule discussion (SIMONE) > • Before publishing CR and after publishing the WD > • Asks for horizontal review (after the WD), giving them a minimum of 28 days > - Demonstrate implementation, so we need to check if tests are available and, in this case, the situation is already in a good state [2] > [1] https://www.w3.org/TR/2023/WD-vc-json-schema-20231115/#revision-history > [2] https://wpt.fyi/results/webauthn?label=master&label=experimental&aligned > • Consensus to make L3 CR the L4 First Public Working Draft (Done) > • 10/15/2025 WebAuthn Meeting CANCELLED (FIDO Authenticate) > • 11/12/2025 WebAuthn Meeting CANCELLED (TPAC) > • TPAC 2025 November 10-14th Kobe Japan F2F About W3C TPAC | News and events | W3C > • Joint meeting with Web Payments WG On Tuesday afternoon (16:30-18:00) > • 2 Sessions of WebAuthn WG on Thursday (13:45-15:00 and 15:30 - 16:45) > > • Canidate Recommendation open pull requests and open issues > > • L3 Candidate Recommendation Milestone > • Prepare for CR · Issue #2225 · w3c/webauthn > • [L3 CR] Horizontal Review: Security & Privacy · Issue #2244 · w3c/webauthn > • [L3 CR] Horizontal Review: Internationalization (i18n) · Issue #2245 · w3c/webauthn > • [L3 CR] Horizontal Review: Accessibility · Issue #2246 · w3c/webauthn > • [L3 CR] Horizontal Review: TAG Design Reviews · Issue #2247 · w3c/webauthn > • [L3 CR] Horizontal Review: Wide Review · Issue #2248 · w3c/webauthn > • [L3 CR] Implementation Requirements · Issue #2249 · w3c/webauthn > > • L4 Pull requests > • Pull requests · w3c/webauthn > • Add Immediate Mediation by kenrb · Pull Request #2291 · w3c/webauthn > • Add a new optional `rpId` to Credential Record by MasterKale · Pull Request #2258 · w3c/webauthn > • Exclude all platform authenticators that use self attesation from hav… by zacknewman · Pull Request #2150 · w3c/webauthn > • Add new error codes by MasterKale · Pull Request #2095 · w3c/webauthn > • Add "sign" extension by emlun · Pull Request #2078 · w3c/webauthn > > > > • L4 Issues > • Issues · w3c/webauthn > • Section 6.5.5. should be moved to section 6.6. · Issue #2318 · w3c/webauthn > • Add onlyCreate to prevent creation of a new key for existing user · Issue #2313 · w3c/webauthn > • Explainer for Level 4 · Issue #2297 · w3c/webauthn > • Conditional creation incompatible with `uvInitialized` semantics in Chapter 7? · Issue #2295 · w3c/webauthn > • Update Credential Record to suggest storing RP ID as well for better Related Origins support · Issue #2257 · w3c/webauthn > • Allow immediate mediation · Issue #2228 · w3c/webauthn > • `credProps` output directions contradict notes · Issue #2213 · w3c/webauthn > • "Verify" is undefined · Issue #2208 · w3c/webauthn > • JSON parsing should be on top of Infra primitives · Issue #2207 · w3c/webauthn > • Use of "valid domain" seems wrong · Issue #2206 · w3c/webauthn > • Usage of "effective domain" seems wrong · Issue #2205 · w3c/webauthn > • Handling of non-fully active documents for PublicKeyCredential methods · Issue #2184 · w3c/webauthn > • [Editorial] platform authenticator relationship to WebAuthn Client and Client Device · Issue #2164 · w3c/webauthn > • Add AAGUID to credProps · Issue #2157 · w3c/webauthn > • Add `challengeUrl` · Issue #2152 · w3c/webauthn > • Allow `platform`-based self attestation with non-zero AAGUID when `AttestationConveyancePreferenceOption` `"none"` is used · Issue #2146 · w3c/webauthn > • Allow Conditional Mediation without autofill · Issue #2144 · w3c/webauthn > • UTF-8 decode should not be required for response.clientDataJSON and cData · Issue #2100 · w3c/webauthn > • Return more nuanced errors · Issue #2096 · w3c/webauthn > • [[Create]] should not access the global object directly · Issue #2092 · w3c/webauthn > • Additional guidance/clarification on RP ID and origin validation · Issue #2059 · w3c/webauthn > • excludeCredentials on Get · Issue #2057 · w3c/webauthn > • CollectedClientData serialization is confusing WebIDL and/or Infra values for ECMAScript values · Issue #2056 · w3c/webauthn > • Deprecate AuthenticatorAttachment in favor of PublicKeyCredentialHints. · Issue #2053 · w3c/webauthn > • Adding some sentences to describe credential sharing between multiple users · Issue #1921 · w3c/webauthn > • Update Authenticator Taxonomy examples section · Issue #1912 · w3c/webauthn > • Clarify the need for truly randomly generated challenges (aka challenge callback issue) · Issue #1856 · w3c/webauthn > • Prescriptive behaviours for Autofill UI · Issue #1800 · w3c/webauthn > • Provide passwordless example, or update 1.3.2. to be a passwordless example · Issue #1735 · w3c/webauthn > • Public Key Credential Source and Extensions · Issue #1719 · w3c/webauthn > • Split RP ops "Registering a new credential" into one with and one without attestation · Issue #1710 · w3c/webauthn > • Switch to permissive copyright license? · Issue #1705 · w3c/webauthn > • Platform Errors for attestations. · Issue #1697 · w3c/webauthn > • Should an RP be able to provide finer grained authenticator filtering in attestation options? · Issue #1688 · w3c/webauthn > • Lookup Credential Source by Credential ID Algorithm returns sensitive data such as the credential private key · Issue #1678 · w3c/webauthn > • Trailing position of metadata · Issue #1646 · w3c/webauthn > • [Editorial] Truncation description inaccurate · Issue #1645 · w3c/webauthn > • Mechanism for encoding *direction* metadata may need more work · Issue #1644 · w3c/webauthnRegarding the issue of Credential ID exposure(13.5.6), from what perspective should RP compare RK and NRK and which should be adopted? · Issue #1484 · w3c/webauthn > • Use of in-field metadata not preferred · Issue #1643 · w3c/webauthn > • Unicode "tag" characters are deprecated for language tagging · Issue #1642 · w3c/webauthnSupport for remote desktops · Issue #1577 · w3c/webauthn > • CollectedClientData.crossOrigin default value and whether it is required · Issue #1631 · w3c/webauthn > • Support for remote desktops · Issue #1577 · w3c/webauthn > • double check whether the Secure Payment Confirmation effort has implications on the WebAuthn spec · Issue #1492 · w3c/webauthn > • Regarding the issue of Credential ID exposure(13.5.6), from what perspective should RP compare RK and NRK and which should be adopted? · Issue #1484 · w3c/webauthn > • Clearly define the way how RP handles the extensions · Issue #1258 · w3c/webauthn > • export definitions? · Issue #1049 · w3c/webauthn > > • Other open issues or discussions > • Adjourn
Received on Wednesday, 8 October 2025 17:59:27 UTC