WebAuthentication Adoption Community Group
Presenter: Nick Steele
Duration: 5 min
WebAuthn Adoption CG
Lightning UpdateNick Steele - Co-Chair
Hey TPAC, my name is Nicholas Steele and I'm the co-chair of the WebAuthn Adoption Community Group.
And I'm here to give a lightening update on what the Adoption Community Group has been up to.
This talk is very brief, but should cover three main points.
- The WebAuthn Adoption Group is helping coordinate research and disseminate knowledge to help promote adoption of the Web Authentication standard among web developers and their relying parties.
- What we've been working on.
- How you can help!
Firstly, we want you to take away what the WebAuthn Adoption Community Group is all about.
We're mainly about coordinating research and disseminating knowledge to help promote the adoption of the WebAuthn standard among web developers and the Relying Parties that end up using them.
We're also going to cover what we've been working on as a group and how you can help as well.
WebAuthn Adoption Community Group
The Community Group was founded to help developers and businesses have a forum in which to talk about the WebAuthn API and standard, provide resources promoting adoption, and give Relying Parties guidance to the Working Group.
For a little longer overview of what the WebAuthn Community Group does and why we were founded, we try to help developers in the businesses that these developers work for have a forum in which to talk about the WebAuthn API and the standard, which we'll talk about briefly in the next couple of slides.
And we provide resources promoting adoption and help give Relying Parties, generally referred to as RPs, guidance from the Working Group and to the Working Group which is developing the standard.
State of WebAuthn
The WebAuthn standard is currently on its 2nd PR version, with version 3 in editorial. Its rapid adoption and iteration by platform vendors have left web developers with few technical resources in order to implement the standard due to the pace of development.
The WebAuthn standard was developed in the W3C a few years ago now and is currently on its second publicly recommended version with version 3 in editorial.
And its rapid adoption and iteration by platform vendors have left web developers with few technical resources that stay up to date in order to help implement the standard quickly and effectively as well.
State of WebAuthn
Representatives from platform vendors make up a majority of the contributors to the WebAuthn WG, leading to a lack of representation from relying parties and those who are supposed to implement it, however this is a common occurance across Working Groups.
Representatives from platform vendors tend to make up a majority of the contributors to the WebAuthn Working Group.
This is pretty standard and we see this often within the W3C, but this can like lead to a lack of representation from Relying Parties and those that have to implement the standard.
So while this is common, we hope to change this with the Community Group adoption model.
What We're Doing
- Providing working examples through WebAuthn.how
- Developing a "Conformance Test Suite" to help with testing and continuous integration and deployment of WebAuthn services.
- Assisting with adoption efforts being led by The FIDO Alliance and Yubico.
- Helping raise issues that developers are experiencing with platform vendors and the Working Group.
So what we're doing as an adoption Community Group is helping provide working examples of the WebAuthn standard.
And we're providing this through WebAuthn.how, and we're also providing this through conformance test suites, which will help with testing and continuous integration and deployment, generally called CICD, of WebAuthn services by Relying Parties and other developers.
So they can add these test suites to their code bases that are handling WebAuthn.
And we'll be able to verify that different authenticators and pieces of hardware will successfully work with the suite that they've created.
We've also been assisting with adoption efforts across the industry with different communities.
We work a lot with the FIDO Alliance, which maintains the CTAP2 standard.
And we work with Yubico which is a hardware authenticator vendor.
We've also helped raise issues that developers are experiencing with different platform vendors.
And we will raise them in the Working Group or directly with developers at these vendors, such as Apple, Google, Microsoft.
- Yubico is developing a MOOC (Massive Open Online Course) to help developers get started. The Community group helped review and edit some of the initial content for them.
- Community Group members helped advise a WebAuthn hackathon being led by The FIDO Alliance.
- Most StackOverflow WebAuthn questions are answered by our members!
Some of the external work we're doing outside of those code libraries is helping Yubico develop a MOOC, which is a Massive Open Online Course.
This is an education module designed to help developers get started with WebAuthn.
And the Community Group have helped review and edit some of those initial content pieces for them, and they should be actually published pretty shortly.
The Community Group members have also helped advise a WebAuthn hackathon currently being run by the FIDO Alliance with a majority of the group members coming from Korea.
We've been helping more than four or five different projects succeed in the hackathon and look forward to seeing their work be published as well shortly.
Also, most Stack Overflow WebAuthn questions are being answered by our members.
So we're helping provide public an SEOd, or search engine optimized, answers to questions that are appearing on on these public forums.
We can use your help!
- If you or someone you know is interested in writing FOSS code...
- If you're interested in WebAuthn adoption, come check us out!
- Interested in starting your own adoption group? Let us know!
We can definitely use your help while we're working on WebAuthn.how and the conformance tool suite; they're works in progress.
So if you or someone you know is interested in writing free and open source code, we can definitely use a hand.
Also, if you're interested in WebAuthn adoption yourself or for your Relying Party, or the company you work for, feel free to come check us out.
Also, we really do see these adoption groups being something that could be used as a template across the W3C organization.
While we do see platform vendors tend to make up the majority of Working Groups, there does need to be a space where we can interface with developers and the Relying Parties and other companies that want to integrate our standards.
Thanks for your time!
So if you're interested in starting your own adoption group for your standard within the W3C, let us know and we can work together and hopefully we can succeed as a group.
Thanks so much for your time.
Let me know if you have questions after this and feel free to reach out to me on Twitter @codekaiju.
And you can find our adoption group at wwww.w3.org/community/webauthn-adoption.
Thanks so much.