webauthn
webauthn copied to clipboard
w3c
Web Authentication: An API for accessing Public Key Credentials
[draft-ietf-jose-fully-specified-algorithms](https://datatracker.ietf.org/doc/draft-ietf-jose-fully-specified-algorithms/) has received "IANA OK" and thus seems close to finalized. We should update the defaults, recommended algorithms and examples to use these new identifiers as the [COSE algorithm identifiers...
5.6 states > The [visibility](https://www.w3.org/TR/page-visibility/#visibility-states) and [focus](https://html.spec.whatwg.org/#focus) state of the [Window](https://fetch.spec.whatwg.org/#concept-request-window) object determines whether the [[[Create]](origin, options, sameOriginWithAncestors)](https://www.w3.org/TR/webauthn-2/#dom-publickeycredential-create-slot) and [[[DiscoverFromExternalSource]](origin, options, sameOriginWithAncestors)](https://www.w3.org/TR/webauthn-2/#dom-publickeycredential-discoverfromexternalsource-slot) operations should continue. When the [Window](https://fetch.spec.whatwg.org/#concept-request-window) object associated...
https://github.com/w3ctag/design-reviews/
For example, https://w3c.github.io/webauthn/#sctn-registering-a-new-credential has a step that reads > Verify that the value of C.[type](https://w3c.github.io/webauthn/#dom-collectedclientdata-type) is webauthn.create. but it's not at all clear what this means or what should happen...
[`credProps`](https://w3c.github.io/webauthn/#credprops) states the following for the output: > **Client extension output** > [Set](https://infra.spec.whatwg.org/#map-set) [`clientExtensionResults`](https://w3c.github.io/webauthn/#credentialcreationdata-clientextensionresults)[`"[credProps`](https://w3c.github.io/webauthn/#dom-authenticationextensionsclientoutputs-credprops)`"]["rk"]` to the value of the _requireResidentKey_ parameter that was used in the [invocation](https://w3c.github.io/webauthn/#CreateCred-InvokeAuthnrMakeCred) of the [authenticatorMakeCredential](https://w3c.github.io/webauthn/#authenticatormakecredential)...
## Proposed Change An RP that wants to use Related Origins during authentication would benefit greatly from storing with a credential the RP ID that was specified during its registration....
# Communication [Draft communication](https://docs.google.com/document/d/1MAtG0bIrtzy25bk2RgjF6rYdUaYbWFIYmrhSZBbUVqk/edit?tab=t.0) (if you like to edit, just asks for permission) # Recipients (from [the charter](https://www.w3.org/2024/04/wg-webauthn-charter.html#coordination)): ## W3C Groups [Web Application Security Working Group](https://www.w3.org/groups/wg/webappsec/) Coordination with Credential Management...
https://w3c.github.io/i18n-drafts/techniques/shortchecklist This short review is for the following spec: [webauthn-3](https://www.w3.org/TR/2025/WD-webauthn-3-20250127/). 1. [ ] _If the spec (or its implementation) contains any natural language text that will be read by a...
https://www.w3.org/TR/security-privacy-questionnaire/ Draft to be used: https://www.w3.org/TR/2025/WD-webauthn-3-20250127/ L2 request https://lists.w3.org/Archives/Public/public-web-security/2020Oct/0007.html
https://www.w3.org/International/review-request