jspωiki
W3C WebAuthn

Overview#

W3C WebAuthn (or Web Authentication defines an API enabling the creation and use of strong, attested, scoped, Public Key-based credentials by web applications, for the purpose of strongly authenticating users.

Conceptually, one or more Public Key credentials, each scoped to a given Relying Party, are created and stored on an authenticator by the User-agent in conjunction with the web application. The User-agent mediates access to Public Key credentials in order to preserve user privacy. Authenticators are responsible for ensuring that no operation is performed without user consent. Authenticators provide cryptographic proof of their properties to Relying Party via attestation. This specification also describes the functional model for W3C WebAuthn conformant authenticators, including their signature and attestation functionality.

Conceptually, one or more Public Key credentials, each scoped to a given Relying Party, are created and stored on an authenticator by the User-agent in conjunction with the web application. The User-agent mediates access to Public Key credentials in order to preserve user privacy. Authenticators are responsible for ensuring that no operation is performed without user consent. Authenticators provide cryptographic proof of their properties to relying parties via attestation. This specification also describes the functional model for W3C WebAuthn conformant authenticators, including their signature and attestation functionality.

W3C WebAuthn Working Group have closely coordinated with the FIDO Alliance to ensure that FIDO2 Client To Authenticator Protocol (CTAP) implementations will work well with WebAuthn. We have also closely coordinated with the W3C Credential Management API work.

More Information#

There might be more information for this subject on one of the following: