webauthn
webauthn copied to clipboard
w3c
Web Authentication: An API for accessing Public Key Credentials
AFAIK, in order to have terms that are defined -- e.g., `...` -- in the webauthn spec able to be used by reference in other W3C & WhatWG specs, they...
The below terms are formally undefined and we should consider defining them (and linking their occurrences to their dfn. Be sure to see also issue #358 -- there is overlap...
When a relying party wishes to use attestations, the flow is one where the site presents the UX on what is acceptable, the user gestures an authenticator to create a...
This issue is to track progress on the addition of a network transport, which is mostly happening in FIDO world. Here is a summary of progress so far: * @arnar,...
Can you help me understand the overall usernameless flow across attestation and assertion, especially in the context of maintaining user privacy? The main thing I'm trying to figure out is...
As I recall, we've verbally discussed the question of whether the WebAuthn API ought to be available to {service, web}workers (aka "Workers") but we do not have an issue tracking...
Following the approach of the [Payment Handler API](https://www.w3.org/TR/payment-handler/), there could a way for a web application to get "installed" inside the user agent as an authenticator that end-users could then...
..pointing back to credman's [section 7.1. Website Authors](https://www.w3.org/TR/credential-management-1/#implementation-authors), which briefly & explicitly explains that trying to use `if (!navigator.credentials) ...` is suboptimal for feature detection, rather `if (!window.PublicKeyCredential) ...` ought...
When John Doe registers a new key with an RP, using a platform authenticator on a computing device, his newly generated private key is bound to that platform authenticator on...
per @tabatkins: Tab: If you're using ``, that's very likely wrong. That's for providing all the info of an autolink, when a spec doesn't provide autolinks at all. There's a...