Web Authentication Working Group
- Past
- Confirmed
- Group Meetings
- Past
- Confirmed
- Group Meetings
Meeting
Agenda
Power back earlier, bridge is open
L3 Target Publication Schedule discussion
- Deadline for wide review Sunday, October 27 0024
- Group Call for Consensus (CfC) to move to Candidate Recommendation, wide review is done Monday, October 28 0024
- Transition request to Candidate Recommendation Thursday, November 7 0024
L3 WD02 open pull requests and open issues
Issues · w3c/webauthn (github.com) (30 open technical issues on L3 to resolve or move to futures)
Pull requests · w3c/webauthn (github.com) (3 technical pull requests on L3 to resolve or move to futures)
Pull requests · w3c/webauthn (github.com)
- Add userName and userDisplayName to webdriver by nsatragno · Pull Request #2148 · w3c/webauthn (github.com)
- Clarify behaviour of duplicate hints by emlun · Pull Request #2145 · w3c/webauthn (github.com)
- Update Use Cases for L3 by timcappalli · Pull Request #2139 · w3c/webauthn (github.com)
- Update obsolete privacy concerns about throwing errors early by emlun · Pull Request #2134 · w3c/webauthn (github.com)
- Clarify meaning of "unless" in UP flag validation by emlun · Pull Request #2126 · w3c/webauthn (github.com)
- Cleanup: Manual References by timcappalli · Pull Request #2111 · w3c/webauthn (github.com)
- https://github.com/w3c/webauthn/pulls?q=is%3Aopen+is%3Apr+milestone%3AL3-WD-02
- Clarify TPM attestation verification instructions by sbweeden · Pull Request #1926 · w3c/webauthn (github.com
Pull requests · w3c/webauthn (github.com)
- Exclude all platform authenticators that use self attesation from hav… by zacknewman · Pull Request #2150 · w3c/webauthn (github.com)
- Remove bikeshed workaround by dwaite · Pull Request #2149 · w3c/webauthn (github.com)
Issues · w3c/webauthn (github.com)
- Add `userName` and `userDisplayName` to WebDriver's `Credential Parameters` JSON object · Issue #2143 · w3c/webauthn (github.com)
- Clarify behaviour of duplicate hints · Issue #2135 · w3c/webauthn (github.com)
- Review privacy concerns around error conditions · Issue #2132 · w3c/webauthn (github.com)
- Remove rp.name · Issue #2121 · w3c/webauthn (github.com)
- CollectedClientData.crossOrigin not referenced in RP ops · Issue #2113 · w3c/webauthn (github.com)
- UTF-8 decode should not be required for response.clientDataJSON and cData · Issue #2100 · w3c/webauthn (github.com)
- [[Create]] should not access the global object directly · Issue #2092 · w3c/webauthn (github.com)
- create() and get() return an algorithm, not a credential · Issue #1984 · w3c/webauthn (github.com)
- Ambiguous instructions in the Android Key Attestation Statement Format verification procedure · Issue #1980 · w3c/webauthn (github.com)
- Are notes in webauthn normative or informative? · Issue #1979 · w3c/webauthn (github.com)
- Extensions should specify partial dictionaries that modify AuthenticationExtensionsClient{Inputs, Outputs}JSON · Issue #1968 · w3c/webauthn (github.com)
- [Superset] Updating credential metadata and requesting deletion of stale credentials · Issue #1967 · w3c/webauthn (github.com)
- Should credentials requested with attestation=none include an AAGUID? · Issue #1962 · w3c/webauthn (github.com)
- Non-modal registration during conditional assertion · Issue #1929 · w3c/webauthn (github.com)
- Adding some sentences to describe credential sharing between multiple users · Issue #1921 · w3c/webauthn (github.com)
- Allow desired attestation format to be an ordered list · Issue #1917 · w3c/webauthn (github.com)
- Describe packed enterprise attestation · Issue #1916 · w3c/webauthn (github.com)
- Misaligned steps in Section 7.2 · Issue #1913 · w3c/webauthn (github.com)
- Prescriptive behaviours for Autofill UI · Issue #1800 · w3c/webauthn (github.com)
- Should enterprise attestation support be flagged explicitly? · Issue #1742 · w3c/webauthn · GitHub
- Discussing mechanisms for enterprise RP's to enforce bound properties of credentials · Issue #1739 · w3c/webauthn · GitHub
- Provide passwordless example, or update 1.3.2. to be a passwordless example · Issue #1735 · w3c/webauthn · GitHub
- Update top level use cases to account for multi-device credentials · Issue #1720 · w3c/webauthn · GitHub
- Public Key Credential Source and Extensions · Issue #1719 · w3c/webauthn · GitHub
- RP operations: some extension processing may assume that the encompassing signature is valid · Issue #1711 · w3c/webauthn · GitHub
- Split RP ops "Registering a new credential" into one with and one without attestation · Issue #1710 · w3c/webauthn (github.com)
- Switch to permissive copyright license? · Issue #1705 · w3c/webauthn (github.com)
- Should an RP be able to provide finer grained authenticator filtering in attestation options? · Issue #1688 · w3c/webauthn (github.com)
- Lookup Credential Source by Credential ID Algorithm returns sensitive data such as the credential private key · Issue #1678 · w3c/webauthn · GitHub
- Synced Credentials · Issue #1665 · w3c/webauthn · GitHub
- Cross-origin credential creation in iframes · Issue #1656 · w3c/webauthn (github.com)
- Trailing position of metadata · Issue #1646 · w3c/webauthn (github.com)
- [Editorial] Truncation description inaccurate · Issue #1645 · w3c/webauthn (github.com)
- Mechanism for encoding *direction* metadata may need more work · Issue #1644 · w3c/webauthn (github.com)
- Use of in-field metadata not preferred · Issue #1643 · w3c/webauthn (github.com)
- Unicode "tag" characters are deprecated for language tagging · Issue #1642 · w3c/webauthn (github.com)
- U+ notation incorrect · Issue #1641 · w3c/webauthn (github.com)
- Syncing Platform Keys, Recoverability and Security levels · Issue #1640 · w3c/webauthn (github.com)
- Possible experiences in a future WebAuthn · Issue #1637 · w3c/webauthn (github.com)
- Missing Test Vectors · Issue #1633 · w3c/webauthn (github.com)
- CollectedClientData.crossOrigin default value and whether it is required · Issue #1631 · w3c/webauthn (github.com)
- Support for remote desktops · Issue #1577 · w3c/webauthn (github.com)
- Prevent browsers from deleting credentials that the RP wanted to be server-side · Issue #1569 · w3c/webauthn (github.com)
- Support a "create or get [or replace]" credential re-association operation · Issue #1568 · w3c/webauthn (github.com)
- Adding info about HSTS for the RPID to client Data. · Issue #1554 · w3c/webauthn (github.com)
- Making PublicKeyCredentialDescriptor.transports mandatory · Issue #1522 · w3c/webauthn (github.com)
- cleanup <pre class=anchors> and use <pre class="link-defaults"> as appropriate · Issue #1489 · w3c/webauthn (github.com)
- Regarding the issue of Credential ID exposure(13.5.6), from what perspective should RP compare RK and NRK and which should be adopted? · Issue #1484 · w3c/webauthn (github.com)
- Requesting properties of created credentials. · Issue #1449 · w3c/webauthn (github.com)
- PublicKeyCredentialParameters can't select curve (E.g. ed448) · Issue #1446 · w3c/webauthn (github.com)
- Minor cleanups from PR 1270 review · Issue #1291 · w3c/webauthn (github.com)
- Clearly define the way how RP handles the extensions · Issue #1258 · w3c/webauthn (github.com)
- export definitions? · Issue #1049 · w3c/webauthn (github.com)
- undefined terms and terms we really ought to define · Issue #462 · w3c/webauthn (github.com)
Issues · w3c/webauthn · GitHub
- Allow `platform`-based self attestation with non-zero AAGUID when `AttestationConveyancePreferenceOption` `"none"` is used · Issue #2146 · w3c/webauthn (github.com)
- Cross-window `Virtual Authenticator Database` · Issue #2117 · w3c/webauthn (github.com)
- Make `AuthenticatorAttestationResponseJSON.publicKeyAlgorithm` optional · Issue #2106 · w3c/webauthn (github.com)
- Additional guidance/clarification on RP ID and origin validation · Issue #2059 · w3c/webauthn (github.com)
- excludeCredentials on Get · Issue #2057 · w3c/webauthn · GitHub
- CollectedClientData serialization is confusing WebIDL and/or Infra values for ECMAScript values · Issue #2056 · w3c/webauthn (github.com)
- Deprecate AuthenticatorAttachment in favor of PublicKeyCredentialHints. · Issue #2053 · w3c/webauthn (github.com)
- New Authenticator Extension: Time Since UV · Issue #2034 · w3c/webauthn (github.com)
- Reflect caching of user gestures in WebAuthn assertion · Issue #2023 · w3c/webauthn (github.com)
- Revised txAuthSimple extension · Issue #2022 · w3c/webauthn (github.com)
- Clarify the need for truly randomly generated challenges (aka challenge callback issue) · Issue #1856 · w3c/webauthn (github.com)
- Cross origin authentication without iframes (accommodating SPC in WebAuthn) · Issue #1667 · w3c/webauthn · GitHub
Other open issues or discussions
Adjourn
Minutes
Read minutesExport options
Personal Links
Please log in to export this event with all the information you have access to.
Public Links
The following links do not contain any sensitive information and can be shared publicly.