The W3C WebAuthn and FIDO2 working groups have been busy this year preparing to finish second versions of the W3C Web Authentication (WebAuthn) and FIDO2 Client to Authenticator Protocol (CTAP) specifications. While remaining compatible with the original standards, these second versions add additional features, among them for user verification enhancements, manageability, enterprise features, and an Apple attestation format. Near-final review drafts of both have been published:
- Web Authentication: An API for accessing Public Key Credentials, Level 2, W3C Candidate Recommendation Snapshot, 22 December 2020
- Client to Authenticator Protocol (CTAP), Review Draft, December 08, 2020
Expect these to become approved standards in early 2021. Happy New Year!