2022 Recharter

The Working Group rechartered in April 2022 with updated scope:

The Working Group will determine use cases that the API needs to support and use these to derive requirements. Success will be determined by the implementation of API features as defined in this section of the charter.

API Features in scope are:

  1. Requesting generation of multiple asymmetric key pairs within a specific scope (e.g., an origin) with crypto (signature and curve) agility and crypto parameter selection;
  2. Proving that the browser has possession of a specific private key, where the proof can only be done within the scope of the key pair. In other words, authentication should obey the same origin policy;
  3. Remote desktop (unattended operation) ability;
  4. Ability to allow a non-modal UI;
  5. Binding of ambient credentials;
  6. Re-authentication from the discretion of the relying party;
  7. Dynamic linking of authentication credentials;
  8. Storing of private key(s);
  9. Account recovery and/or credential backup options;
  10. Facilitate relying party adoption through additional API enhancements such as returning transport indications in assertions, a credential “durability” signal, and credential status feedback signaling from relying parties.

Meeting Minutes, 2021

2021 WebAuthn WG meeting minutes. The group currently meets weekly on Wednesdays.

Meeting Minutes, 2020

2020 WebAuthn WG meeting minutes. The group currently meets weekly on Wednesdays.

Previous years’ minutes:
2019, 2018, 2017, and 2016

Web Authentication Level 1 is a W3C Recommendation

WebAuthn LogoThe Web Authentication Working Group published Web Authentication: An API for accessing Public Key Credentials Level 1 (WebAuthn) as a W3C Recommendation on March 4, 2019. This specification defines an API enabling the creation and use of strong, attested, scoped, public key-based credentials by web applications, for the purpose of strongly authenticating users. As a core component of the FIDO Alliance’s FIDO2 set of specifications, WebAuthn is a browser/platform standard for simpler and stronger authentication. It is already supported in Windows 10, Android, and Chrome, Firefox, Edge and Safari Web browsers. Please read more in our Press Release.