February 25th, 2021
The Web Authentication Working Group has published a Proposed Recommendation of Web Authentication: An API for accessing Public Key Credentials Level 2. This specification defines an API enabling the creation and use of strong, attested, scoped, public key-based credentials by web applications, for the purpose of strongly authenticating users. This is Web Authentication Level 2. Substantive changes since Level 1 are:
- Added new method to allow Discoverable/Resident Credentials Preferred
- New methods added for Attestation Objects
- Added Attestation types (Enterprise, Apple)
- Added Large Blob storage and credential properties
Explanatory materials and implementation considerations have been updated as well.
Comments are welcome through 26 March 2021.