Information

Web platform features to enable biometric liveness detection
  • Upcoming
  • Tentative
  • Breakout Sessions

Meeting

Event details

Date:
Japan Standard Time
Status:
Tentative
Location:
R04
Participants:
Will Morgan, Darwin Yang
Big meeting:
TPAC 2025 (Calendar)

The advent of Passkeys and Face ID on the web has been a huge boost to security and simplicity for verifying returning users.

However, there remain the questions of:

  1. How can an institution can confirm the authentic identity of an end user when registering these credentials?
  2. What would happen if a user lost their passkey-bearing device?
  3. How could a web-based, shared user device handle multiple identities without requiring those people to hold devices.

The established answer is biometric ID verification where a facial comparison of an identity document and selfie image are made, in addition to liveness checks to prevent presentation and deepfake injection attacks. Many offerings exist today, including from established tech firms such as Amazon and Microsoft.

The Web platform is well-positioned to perform these sorts of ID check ceremonies since it doesn't require heavy apps to be downloaded for what is usually a one-time task, and key tenets of the platform are to provide an accessible, democratised and powerful way to interact with digital services - important to avoid "digital deserts" and to enable people in all geographies, of any demographic, to interact with civic services, financial institutions and so on.

Today, the best experience is afforded to users of native apps due to the availability of several features that the Web platform doesn't have any, or uniform API support for.

Here are some examples we could improve on:

  1. Reading the current lighting environment via ambient light or EXIF data - useful for guiding users to submit good quality imagery for checking.
  2. Boosting screen brightness, if needed, for the duration of the image capture.
  3. Detecting the presence of and accessing any infrared cameras.

Agenda

Chairs:
Will Morgan

Description:
The advent of Passkeys and Face ID on the web has been a huge boost to security and simplicity for verifying returning users.

However, there remain the questions of:

  1. How can an institution can confirm the authentic identity of an end user when registering these credentials?
  2. What would happen if a user lost their passkey-bearing device?
  3. How could a web-based, shared user device handle multiple identities without requiring those people to hold devices.

The established answer is biometric ID verification where a facial comparison of an identity document and selfie image are made, in addition to liveness checks to prevent presentation and deepfake injection attacks. Many offerings exist today, including from established tech firms such as Amazon and Microsoft.

The Web platform is well-positioned to perform these sorts of ID check ceremonies since it doesn't require heavy apps to be downloaded for what is usually a one-time task, and key tenets of the platform are to provide an accessible, democratised and powerful way to interact with digital services - important to avoid "digital deserts" and to enable people in all geographies, of any demographic, to interact with civic services, financial institutions and so on.

Today, the best experience is afforded to users of native apps due to the availability of several features that the Web platform doesn't have any, or uniform API support for.

Here are some examples we could improve on:

  1. Reading the current lighting environment via ambient light or EXIF data - useful for guiding users to submit good quality imagery for checking.
  2. Boosting screen brightness, if needed, for the duration of the image capture.
  3. Detecting the presence of and accessing any infrared cameras.

Goal(s):
Gauge interest in reviving existing proposals such as ambient light sensor, screen brightness. Detecting types of camera via MediaDevices API.

Materials:

Joining Instructions

Instructions are restricted to W3C users . You need to log in to see them.

Export options

Personal Links

Please log in to export this event with all the information you have access to.

Public Links

The following links do not contain any sensitive information and can be shared publicly.

Feedback

Report feedback and issues on GitHub.