Archive for August, 2017

Web Authentication Working Draft rev 6 (WD-06)

Thursday, August 17th, 2017

Web Authentication Working Draft rev 6 (WD-06) is officially published here: https://www.w3.org/TR/2017/WD-webauthn-20170811/

NOTE: the latest official WebAuthn spec release is always available here: https://www.w3.org/TR/webauthn/ (so this presently yields WD-06)

Please also note that this spec is a Working DRAFT and will change, possibly in “breaking” ways.

WebAuthn WD-06 features several subtle-but-important changes from the prior version:
* The specification of the WebAuthn Relying Party Identifier (RP ID), and its processing, is corrected.
* Refined handling of authenticator transports in the #getAssertion algorithm
* Support for discovery of available platform authenticators
* Use of COSE algorithm identifiers and the COSE_Key format [RFC8152] for conveyance of the attested Credential Public Key (aka User Public Key).
* Attestation clarifications.
* Refined authenticator selection at credential creation time, and signaling of successful user verification at either credential creation time or assertion generation time.

HTML “inline” Diff: http://kingsmountain.com/doc/diff/diff-webauthn-index-master-tr-598ac41-WD-06–from–dda3e24-WD-05.html

PDF side-by-side text-only Diff: http://kingsmountain.com/doc/diff/diff-webauthn-index-master-tr-598ac41-WD-06–from–dda3e24-WD-05.pdf

WD-06 Release Page at github: https://github.com/w3c/webauthn/releases/tag/WD-06-20170811