WebAuthn (101) An Introduction to the Specification
WebAuthn: An Introduction to the Specification (101 Session)
Tuesday 1C
Convener: Nick Steele
Notes-taker(s): Jordan Wright
Tags for the session - technology discussed/ideas considered:
authentication, passwordless
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
We covered the core principles of the protocol, how requests and responses are handled, and how WebAuthn authenticators can be different types of devices, FIDO-specific or otherwise.
We also talked about how FIDO2 is not only WebAuthn, but includes CTAP2, the Client to Authenticator Protocol, which is not necessary to accomplish Web Authentication, and how WebAuthn prevents phishability by scoping credentials to a Relying Party.
Additionally, we discussed how WebAuthn can be used in Federal agencies, how we can attach additional identifying information, and what resources can help with implementation of the standard.
Helpful sites included
webauthn.io
webauthn.guide
webauthn.org
webauthn.me
webauthn.bin.coffee