The FIDO Alliance has completed the CTAP 2.2 Specification. The closely-related third version of the W3C Web Authentication (WebAuthn) specification is also nearing final status; this WebAuthn Level 3 working draft is currently going through the review steps to become a W3C Recommendation.
So what’s new in the third versions?
Changes between CTAP 2.1 and CTAP 2.2 are:
- Creation option with a prioritized list of supported attestation formats (attestationFormatsPreference)
- PersistentPinUvAuthToken State
- Set PIN Complexity Policy
- JSON-based Messages
- Hybrid Transports
- Large Blob Extension (largeBlob)
- PIN Complexity Extension (pinComplexityPolicy)
- HMAC Secret MakeCredential Extension (hmac-secret-mc)
- Third-Party Payment Authentication Extension (thirdPartyPayment)
Changes between WebAuthn Level 2 and the WebAuthn Level 3 working draft are described in the document’s Revision History.
Completing these V3 specifications represents important progress in our quest to free us from the password!
Leave a Reply
You must be logged in to post a comment.