webauthn
webauthn copied to clipboard
w3c
Web Authentication: An API for accessing Public Key Credentials
6.4.2. Language and Direction Encoding https://www.w3.org/TR/webauthn-2/#sctn-strings-langdir > Consumers of strings that may have language and direction encoded should be aware that truncation could truncate a language tag into a different,...
In level two we supported cross-origin assertions (when [allowed](https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#sctn-iframe-guidance) by the top-level) but omitted cross-origin creation because there wasn't anyone with a use-case. We would like to revisit that and...
Continuation of #358. We probably can't eliminate all of these since some of them are defined externally (e.g., "credential" and "credential source"), but anyway: these many terms are a source...
6.4.2. Language and Direction Encoding https://www.w3.org/TR/webauthn-2/#sctn-strings-langdir > So the string “حبیب الرحمان” could have two different DOMString values, depending on whether the language was encoded or not. (Since the direction...
In conversations with some government RP around [national ID (aka "eID") programs](https://www.thalesgroup.com/en/markets/digital-identity-and-security/government/identity), there seems to be a requirement that keys not be exportable or shared. That may or not be...
Let say RP decides to only support platform authenticator with RK. If RP provides authentications based on the username/password-less, the authentication option includes `allowCredentials` as an empty list. Then, with...
## Proposal I would like to propose the addition of a way for an RP ask the browser to: - Show a `create`-style prompt the user to create a new...
The following are specified in the same place: https://w3c.github.io/webauthn/#dictdef-authenticatorselectioncriteria ``` dictionary AuthenticatorSelectionCriteria { DOMString authenticatorAttachment; DOMString residentKey; boolean requireResidentKey = false; DOMString userVerification = "preferred"; }; ``` However, there is...
This mirrors [issue 914](https://github.com/fido-alliance/fido-2-specs/issues/914) on FIDO (CTAP). At the moment, there is no straightforward way to update a user's personal information (`name` and `displayName`) associated to a credential. If a...
WRT [Secure Payment Confirmation](https://chromestatus.com/feature/5702310124584960), it is possible, but am not sure how likely, that we might want to put a Note or other mention of different RP hostname mapping/handling in...
