Web Authentication Working Group

The Working Group rechartered in April 2022 with updated scope:

The Working Group will determine use cases that the API needs to support and use these to derive requirements. Success will be determined by the implementation of API features as defined in this section of the charter.

API Features in scope are:

1. Requesting generation of multiple asymmetric key pairs within a specific scope (e.g., an origin) with crypto (signature and curve) agility and crypto parameter selection;
2. Proving that the browser has possession of a specific private key, where the proof can only be done within the scope of the key pair. In other words, authentication should obey the same origin policy;
3. Remote desktop (unattended operation) ability;
4. Ability to allow a non-modal UI;
5. Binding of ambient credentials;
6. Re-authentication from the discretion of the relying party;
7. Dynamic linking of authentication credentials;
8. Storing of private key(s);
9. Account recovery and/or credential backup options;
10. Facilitate relying party adoption through additional API enhancements such as returning transport indications in assertions, a credential “durability” signal, and credential status feedback signaling from relying parties.

2022 WebAuthn WG meeting minutes. The group currently meets bi-weekly on Wednesdays.

• 12 January
• 26 January
• 9 February
• 23 February
• 9 March
• 6 April
• 20 April
• 4 May
• 18 May
• 1 June
• 9 June (F2F)
• 29 June
• 13 July
• 27 July
• 10 August

Previous years’ minutes: 2021, 2020, 2019, 2018, 2017, and 2016

W3C published Web Authentication: An API for accessing Public Key Credentials, Level 2 on 8 April, 2021. This maintenance update continues to support the Web Authentication API as the web’s most secure authentication method.

2021 WebAuthn WG meeting minutes. The group currently meets weekly on Wednesdays.

• 6 January
• 13 January
• 20 January
• 27 January
• 3 February
• 10 February
• 17 February
• 24 February
• 3 March
• 17 March
• 24 March
• 31 March
• 7 April
• Note that as of 7 April, the WG adopted an every-two-weeks meeting schedule.
• 21 April
• 05 May 2021
• 19 May 2021
• 02 Jun 2021
• 16 Jun 2021
• 30 Jun 2021
• 14 Jul 2021
• 28 Jul 2021
• 11 Aug 2021
• 25 Aug 2021
• 8 Sept 2021
• 22 Sept 2021
• 6 October 2021
• 3 November 2021
• 17 November 2021
• 1 December 2021
• 15 December 2021

• Previous years’ minutes: 2020, 2019, 2018, 2017, and 2016

The WebAuthn WG has published a Candidate Recommendation Snapshot of Web Authentication Level 2. This specification, with updates to improve usability and support, will supersede the Level 1 Recommendation.

W3C will hold TPAC 2020 as a series of virtual meetings.

WebAuthn will meet on:

WebAuthn will hold a F2F meeting Wednesday February 26th from 10:30 AM to 5:00PM (Pacific), in San Francisco, California, hosted by Cisco/Duo (details).

An agenda will be posted before the meeting.

Please confirm your attendance via email to Nick Steele.

2020 WebAuthn WG meeting minutes. The group currently meets weekly on Wednesdays.

• 8 January
• 15 January
• 22 January
• 29 January
• No meeting 5 or 12 February
• 19 February
• 26 February F2F
• 11 March
• 18 March
• 25 March
• 1 April
• 8 April
• 15 April
• 22 April
• 29 April
• 6 May
• 13 May
• 13 May
• 20 May
• 27 May
• 3 June
• 10 June
• 17 June
• 24 June
• 1 July
• 8 July
• 15 July
• 22 July
• 5 August
• 12 August
• 19 August
• 26 August
• 2 September
• 9 September
• 16 September
• 23 September
• 30 September
• 7 October
• 14 October
• 21 October
• 28 October
• 4 November
• 11 November
• 18 November
• 2 December
• 9 December
• 16 December
• End of Year: meetings will resume in 2021

Previous years’ minutes:
2019, 2018, 2017, and 2016

The Web Authentication Working Group published Web Authentication: An API for accessing Public Key Credentials Level 1 (WebAuthn) as a W3C Recommendation on March 4, 2019. This specification defines an API enabling the creation and use of strong, attested, scoped, public key-based credentials by web applications, for the purpose of strongly authenticating users. As a core component of the FIDO Alliance’s FIDO2 set of specifications, WebAuthn is a browser/platform standard for simpler and stronger authentication. It is already supported in Windows 10, Android, and Chrome, Firefox, Edge and Safari Web browsers. Please read more in our Press Release.