Archive for August, 2017

Web Authentication Working Draft rev 6 (WD-06)

Thursday, August 17th, 2017

Web Authentication Working Draft rev 6 (WD-06) is officially published here:

NOTE: the latest official WebAuthn spec release is always available here: (so this presently yields WD-06)

Please also note that this spec is a Working DRAFT and will change, possibly in “breaking” ways.

WebAuthn WD-06 features several subtle-but-important changes from the prior version:
* The specification of the WebAuthn Relying Party Identifier (RP ID), and its processing, is corrected.
* Refined handling of authenticator transports in the #getAssertion algorithm
* Support for discovery of available platform authenticators
* Use of COSE algorithm identifiers and the COSE_Key format [RFC8152] for conveyance of the attested Credential Public Key (aka User Public Key).
* Attestation clarifications.
* Refined authenticator selection at credential creation time, and signaling of successful user verification at either credential creation time or assertion generation time.

HTML “inline” Diff:–from–dda3e24-WD-05.html

PDF side-by-side text-only Diff:–from–dda3e24-WD-05.pdf

WD-06 Release Page at github: