Converged Use Cases for the Credential Management API

• Upcoming
• Tentative
• Breakout Sessions

The Credential Management API has rapidly evolved into a critical component of identity on the web. From enabling seamless passkey experiences via WebAuthn to integrating federated identity flows through FedCM, facilitating SMS OTPs with WebOTP, and now facilitating the exchange of verifiable digital credentials via the Digital Credentials API, its scope continues to expand. This proliferation of capabilities sparks a critical discussion: how can these individual strengths be synergized for richer, more secure, and user-friendly identity experiences?

This session aims to explore three key scenarios: first, the concept of multi-type credential for sign-in requests, for example allowing a single API call to solicit a passkey, a password or a federated identity, second, a multi-type credential for identity attributes, for example allowing a single API call to solicit either a federated assertion or a digital credential based on the application's needs; and third, the potential for a method that combines identity claim acquisition (e.g., name and verified email via federation) with simultaneous passkey creation, streamlining initial sign-up and subsequent passwordless authentication.

Agenda

Chairs:
Tim Cappalli, Sam Goto

Description:
The Credential Management API has rapidly evolved into a critical component of identity on the web. From enabling seamless passkey experiences via WebAuthn to integrating federated identity flows through FedCM, facilitating SMS OTPs with WebOTP, and now facilitating the exchange of verifiable digital credentials via the Digital Credentials API, its scope continues to expand. This proliferation of capabilities sparks a critical discussion: how can these individual strengths be synergized for richer, more secure, and user-friendly identity experiences?

This session aims to explore three key scenarios: first, the concept of multi-type credential for sign-in requests, for example allowing a single API call to solicit a passkey, a password or a federated identity, second, a multi-type credential for identity attributes, for example allowing a single API call to solicit either a federated assertion or a digital credential based on the application's needs; and third, the potential for a method that combines identity claim acquisition (e.g., name and verified email via federation) with simultaneous passkey creation, streamlining initial sign-up and subsequent passwordless authentication.

Goal(s):
Ideation and requirements gathering

Materials:

• Session proposal on GitHub

Joining Instructions

Instructions are restricted to W3C users . You need to log in to see them.

Export options

Personal Links

Please log in to export this event with all the information you have access to.

Public Links

The following links do not contain any sensitive information and can be shared publicly.

• Download as ics