The eighth working draft of the W3C Web Authentication (WebAuthn) specification has been published. The WebAuthn working group plans to submit this draft for approval by the W3C Director (Tim Berners-Lee) to become a W3C Candidate Recommendation (CR), after a few days’ review by the working group.

This milestone represents a huge step towards enabling logins to occur using public/private key pairs securely held by authenticators, rather than passwords. Its contents have been informed by what we learned during several rounds of interop testing by multiple browser and authenticator vendors. The Web Authentication spec has also progressed in parallel with and been kept in sync with the FIDO 2 Client To Authenticator Protocol (CTAP) specification, so that they work well together.

You must be logged in to post a comment.

Musings on Digital Identity

W3C Web Authentication (WebAuthn) specification almost a Candidate Recommendation (CR)

Leave a Reply

W3C Web Authentication (WebAuthn) specification almost a Candidate Recommendation (CR)

CBOR Web Token (CWT) draft addressing IETF last call comments

CBOR Web Token (CWT) spec addressing IESG comments

Leave a Reply