webauthn
webauthn copied to clipboard
w3c
Web Authentication: An API for accessing Public Key Credentials
## Proposed Change As discussed on multiple working group calls, this would be an alternative approach to address the user verification caching concerns raised by passkey providers and relying parties....
This relates indirectly to #799. Currently, WebAuthn signatures are constructed in a 'special' way, which includes a hash of the user-provided data and another parameters. Generally, this is: `dataToBeSigned From...
Step 24 in Section 7.1. Registering a New Credential refers to Step 21 and 22 for verification result and trust path respectively, where those are renumbered and are step 22...
## Proposed Change The current spec says that `credentialRecord.transports` is RECOMMENDED but I can't find a reference for when to use it. I believe this was lost in https://github.com/w3c/webauthn/pull/1773 where...
## Description WebAuthn UIs for registration in browsers are typically intrusive. This presents a challenge for sites that are transitioning from usernames and passwords because RPs have to find the...
Addresses #1925 *** Preview | Diff
With the original txAuthSimple extension included in WebAuthn-Level 1 (https://www.w3.org/TR/webauthn-1/#sctn-simple-txauth-extension), authenticator could display transaction text. With secure payment confirmation (SPC) the browser can be used to show payment details and...
As per processing in https://w3c.github.io/webauthn/#CreateCred-async-loop, the AAGUID is zeroed out if a none attestation is given. However, at least for the platform authenticator, WebKit is the only one to actually...
Steps 7.2.7 and 7.2.8 disappeared from the [latest version](https://w3c.github.io/webauthn/#sctn-verifying-assertion). The remained steps shifted by 2.
