Difference between revisions of "Web Authentication Levels"

From MgmtWiki
Jump to: navigation, search
(Other Material)
m (Other Material)
 
(4 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
==Full Title==
 
==Full Title==
 +
The W3C [[Web Authentication]] standards started calling their first specification ''Level One'' knowing that extensions were coming.
 +
 
[[Web Authentication Level 2]]<ref name=balfanz>Dirk Balfanz + 19, ''Web Authentication: An API for accessing Public Key Credentials Level 2 W3C Working Draft, 2020-07-30'' https://www.w3.org/TR/webauthn-2/#iface-pkcredential</ref> enables the creation and use of strong, attested, scoped, public key cred by web applications for strongly authenticating users.
 
[[Web Authentication Level 2]]<ref name=balfanz>Dirk Balfanz + 19, ''Web Authentication: An API for accessing Public Key Credentials Level 2 W3C Working Draft, 2020-07-30'' https://www.w3.org/TR/webauthn-2/#iface-pkcredential</ref> enables the creation and use of strong, attested, scoped, public key cred by web applications for strongly authenticating users.
  
Line 28: Line 30:
 
* See also wiki page [[Web Authentication]]
 
* See also wiki page [[Web Authentication]]
 
* See also wiki page [[WebAuthn 2]]
 
* See also wiki page [[WebAuthn 2]]
 +
* See also wiki page [[WebAuthn 3]]
 
* See also wiki page [[Biometric Attribute]]
 
* See also wiki page [[Biometric Attribute]]
  
 +
[[Category: Glossary]]
 
[[Category: Authentication]]
 
[[Category: Authentication]]
 
[[Category: Standard]]
 
[[Category: Standard]]
 +
[[Category: Web]]

Latest revision as of 10:21, 10 October 2024

Full Title

The W3C Web Authentication standards started calling their first specification Level One knowing that extensions were coming.

Web Authentication Level 2[1] enables the creation and use of strong, attested, scoped, public key cred by web applications for strongly authenticating users.

Context

  • This is designed for web applications, not native applications.
  • The current draft of the evolving standard is available here.

Glossary

  • Authenticator protects public key credentials, and interact with user agents to implement the Web Authentication API. Implementing compliant authenticators is possible in software executing (a) on a general-purpose computing device, (b) on an on-device Secure Execution Environment, Trusted Platform Module (TPM), or a Secure Element (SE), or (c) off device. Authenticators being implemented on device are called platform authenticators. Authenticators being implemented off device (roaming authenticators) can be accessed over a transport method.

Normal Flow

Web Authentication API [1] Section 5

  • Registration
  1. Challenge, user info, RP info
  2. RP ID, client data hash
  3. User verification, new key pair
  • Authentication
  1. Challenge
  2. RP ID, client data hash
  3. User verification


Solutions

Referrences

  1. 1.0 1.1 Dirk Balfanz + 19, Web Authentication: An API for accessing Public Key Credentials Level 2 W3C Working Draft, 2020-07-30 https://www.w3.org/TR/webauthn-2/#iface-pkcredential

Other Material