The Working Group rechartered in April 2022 with updated scope:
The Working Group will determine use cases that the API needs to support and use these to derive requirements. Success will be determined by the implementation of API features as defined in this section of the charter.
API Features in scope are:
- Requesting generation of multiple asymmetric key pairs within a specific scope (e.g., an origin) with crypto (signature and curve) agility and crypto parameter selection;
- Proving that the browser has possession of a specific private key, where the proof can only be done within the scope of the key pair. In other words, authentication should obey the same origin policy;
- Remote desktop (unattended operation) ability;
- Ability to allow a non-modal UI;
- Binding of ambient credentials;
- Re-authentication from the discretion of the relying party;
- Dynamic linking of authentication credentials;
- Storing of private key(s);
- Account recovery and/or credential backup options;
- Facilitate relying party adoption through additional API enhancements such as returning transport indications in assertions, a credential “durability” signal, and credential status feedback signaling from relying parties.
2022 WebAuthn WG meeting minutes. The group currently meets bi-weekly on Wednesdays.
Previous years’ minutes: 2021, 2020, 2019, 2018, 2017, and 2016
W3C published Web Authentication: An API for accessing Public Key Credentials, Level 2 on 8 April, 2021. This maintenance update continues to support the Web Authentication API as the web’s most secure authentication method.
2021 WebAuthn WG meeting minutes. The group currently meets weekly on Wednesdays.
The WebAuthn WG has published a Candidate Recommendation Snapshot of Web Authentication Level 2. This specification, with updates to improve usability and support, will supersede the Level 1 Recommendation.
W3C will hold TPAC 2020 as a series of virtual meetings.
WebAuthn will meet on:
Oct. 7 – Joint with WPSIG / Web Authn WG and CG / 30 mins.
Oct. 14 – TPAC Web Authn meeting / 1 hour
Oct. 19-20 Joint with Web Payments / Time TBD
Oct. 21 Regular Web Authn meeting / 1 hour
26-30 October, unconference-style community breakouts.
Please register to attend.
A WebAuthn Adoption Community Group
has formed to coordinate research and actions to help with broader adoption of the Web Authentication ecosystem.
WebAuthn will hold a F2F meeting Wednesday February 26th from 10:30 AM to 5:00PM (Pacific), in San Francisco, California, hosted by Cisco/Duo (details).
An agenda will be posted before the meeting.
Please confirm your attendance via email to Nick Steele.
2020 WebAuthn WG meeting minutes. The group currently meets weekly on Wednesdays.
Previous years’ minutes:
2019, 2018, 2017, and 2016
The Web Authentication Working Group published Web Authentication: An API for accessing Public Key Credentials Level 1 (WebAuthn) as a W3C Recommendation on March 4, 2019. This specification defines an API enabling the creation and use of strong, attested, scoped, public key-based credentials by web applications, for the purpose of strongly authenticating users. As a core component of the FIDO Alliance’s FIDO2 set of specifications, WebAuthn is a browser/platform standard for simpler and stronger authentication. It is already supported in Windows 10, Android, and Chrome, Firefox, Edge and Safari Web browsers. Please read more in our Press Release.