W3C

Call for Review: Web Authentication: An API for accessing Public Key Credentials Level 2 is a W3C Proposed Recommendation

The Web Authentication Working Group has published a Proposed Recommendation of Web Authentication: An API for accessing Public Key Credentials Level 2. This specification defines an API enabling the creation and use of strong, attested, scoped, public key-based credentials by web applications, for the purpose of strongly authenticating users. This is Web Authentication Level 2. Substantive changes since Level 1 are:

  • Added new method to allow Discoverable/Resident Credentials Preferred
  • New methods added for Attestation Objects
  • Added Attestation types (Enterprise, Apple)
  • Added Large Blob storage and credential properties

Explanatory materials and implementation considerations have been updated as well.

Comments are welcome through 26 March 2021.