W3C-WEBAUTHN-WG
W3C WebAuthn WG passwordless API.
Définition
WebAuthn API principal : navigator.credentials.create() (registration), navigator.credentials.get() (authentication), CTAP (Client to Authenticator Protocol) v2 underlying, COSE (CBOR Object Signing and Encryption) key formats. Authenticators types : Roaming Authenticators (YubiKey, Titan Security Key, Feitian USB/NFC), Platform Authenticators (Face ID iOS, Touch ID macOS, Windows Hello). Passkeys (consumer terminology) = WebAuthn implementation in operating system credential manager (iCloud Keychain, Google Password Manager, 1Password). Co-developpe avec FIDO Alliance (Fast IDentity Online, founded 2013).
Origine
WebAuthn Level 1 publie W3C Recommendation 4 mars 2019 ; Level 2 publie 8 avril 2021 ; Level 3 W3C Editor Draft ongoing 2024 ; co-developpe W3C + FIDO Alliance depuis 2016.
Exemple en contexte
Google Workspace deploye WebAuthn passkeys 2023 : 200M users peuvent se connecter via Face ID iPhone, Touch ID Mac, Windows Hello sans mot de passe ; reduction phishing attacks 90%.
Termes liés
- FIDO2 — standard sous-jacent.