Credential Management Level 1
This specification describes an imperative API enabling a website to request a user’s credentials from a user agent, and to help the user agent correctly store user credentials for future use.
This specification describes an imperative API enabling a website to request a user’s credentials from a user agent, and to help the user agent correctly store user credentials for future use.
This specification defines an API enabling the creation and use of strong, attested, scoped, public key-based credentials by web applications, for the purpose of strongly authenticating users. Conceptually, one or more public key credentials, each scoped to a given WebAuthn Relying Party, are created by and bound to authenticators as requested by the web application. The user agent mediates access to authenticators and their public key credentials in order to preserve user privacy. Authenticators are responsible for ensuring that no operation is performed without user consent. Authenticators provide cryptographic proof of their properties to Relying Parties via attestation. This specification also describes the functional model for WebAuthn conformant authenticators, including their signature and attestation functionality.
This specification defines a mechanism that allows developers to selectively enable and disable use of various browser features and APIs.
This specification defines an API enabling the creation and use of strong, attested, scoped, public key-based credentials by web applications, for the purpose of strongly authenticating users. Conceptually, one or more public key credentials, each scoped to a given WebAuthn Relying Party, are created by and bound to authenticators as requested by the web application. The user agent mediates access to authenticators and their public key credentials in order to preserve user privacy. Authenticators are responsible for ensuring that no operation is performed without user consent. Authenticators provide cryptographic proof of their properties to Relying Parties via attestation. This specification also describes the functional model for WebAuthn conformant authenticators, including their signature and attestation functionality
One of the main gaps that I am tackling with this activity is that many important standards are published only as PDF, without global identifiers (URLs) that can be used in requirements and test management, and without technical artefacts like datasets, schemas, test cases.
The standards I am dealing with are the W3C Verifiable Credential Data Model (VCDM) 2.0 in conjunction with the W3C Verifiable Credential Data Integrity 1.0 specification for securing VCs. The contribution of this project will be a specification for a new W3C VC Data Integrity suite, i.e. a mechanism for securing Verifiable Credentials (VCs).