w3c/webauthn issues and pull requests

#1854 - Allow conditional and modal flows to run simultaneously

Issue - State: closed - Opened by dolda2000 over 1 year ago - 11 comments
Labels: type:technical, subtype:credman, @Risk

#1848 - How long the relying party should maintain the challenge and related information?

Issue - State: closed - Opened by Kieun over 1 year ago - 9 comments
Labels: type:technical, type:editorial, stat:pr-open

#1830 - Support for FIDO passkey with HMAC-Secret extension

Issue - State: closed - Opened by Sebastian-Elfors-IDnow almost 2 years ago - 23 comments
Labels: stat:Discuss, subtype:FeatureProposal

#1819 - "android-key" and "android-safetynet" are really basic attestation type support?

Issue - State: open - Opened by Kieun almost 2 years ago - 12 comments
Labels: type:technical

#1801 - Allow for credential creation in a cross-origin iframe

Pull Request - State: closed - Opened by stephenmcgruer about 2 years ago - 13 comments

#1800 - Prescriptive behaviours for Autofill UI

Issue - State: open - Opened by sbweeden about 2 years ago - 2 comments
Labels: @Risk

#1800 - Prescriptive behaviours for Autofill UI

Issue - State: open - Opened by sbweeden about 2 years ago - 2 comments
Labels: @Risk

#1795 - Enterprise attestaion is a bool in WebAuthn and an Int in CTAP2.1

Issue - State: open - Opened by ve7jtb about 2 years ago - 2 comments
Labels: type:editorial, priority:low, @Risk

#1766 - Extend WebAuthn spec to support interoperability in WebExtensions

Issue - State: closed - Opened by Mikescops about 2 years ago - 10 comments
Labels: type:technical

#1757 - Which "pubKeyCredParams" to use?

Issue - State: closed - Opened by dagnelies over 2 years ago - 36 comments
Labels: type:editorial

#1749 - How to know if a user has already registered a device?

Issue - State: closed - Opened by dagnelies over 2 years ago - 33 comments

#1748 - Better specify what an unknown type credential descriptor being ignored means

Issue - State: closed - Opened by nsatragno over 2 years ago - 4 comments
Labels: type:technical, priority:low, @Risk

#1743 - Spec abstract is out of date on the eve of multi-device credentials and cross-device auth

Issue - State: closed - Opened by MasterKale over 2 years ago - 7 comments
Labels: type:editorial, @Risk

#1742 - Should enterprise attestation support be flagged explicitly?

Issue - State: closed - Opened by nsatragno over 2 years ago - 3 comments
Labels: type:technical

#1742 - Should enterprise attestation support be flagged explicitly?

Issue - State: open - Opened by nsatragno over 2 years ago - 2 comments
Labels: type:technical

#1739 - Discussing mechanisms for enterprise RP's to enforce bound properties of credentials

Issue - State: open - Opened by MasterKale over 2 years ago - 24 comments
Labels: type:technical

#1739 - Discussing mechanisms for enterprise RP's to enforce bound properties of credentials

Issue - State: open - Opened by MasterKale over 2 years ago - 25 comments
Labels: type:technical

#1735 - Provide passwordless example, or update 1.3.2. to be a passwordless example

Issue - State: open - Opened by GregBrimble over 2 years ago - 2 comments
Labels: type:editorial, @Risk

#1735 - Provide passwordless example, or update 1.3.2. to be a passwordless example

Issue - State: open - Opened by GregBrimble over 2 years ago - 2 comments
Labels: type:editorial, @Risk

#1720 - Update top level use cases to account for multi-device credentials

Issue - State: open - Opened by timcappalli over 2 years ago - 5 comments
Labels: type:editorial, @Risk

#1720 - Update top level use cases to account for multi-device credentials

Issue - State: open - Opened by timcappalli over 2 years ago - 5 comments
Labels: type:editorial, @Risk

#1719 - Public Key Credential Source and Extensions

Issue - State: open - Opened by timcappalli over 2 years ago - 2 comments
Labels: type:editorial, @Risk

#1719 - Public Key Credential Source and Extensions

Issue - State: open - Opened by timcappalli over 2 years ago - 2 comments
Labels: type:editorial, @Risk

#1711 - RP operations: some extension processing may assume that the encompassing signature is valid

Issue - State: open - Opened by equalsJeffH over 2 years ago - 2 comments
Labels: type:technical, subtype:rp-ops, @Risk

#1711 - RP operations: some extension processing may assume that the encompassing signature is valid

Issue - State: open - Opened by equalsJeffH over 2 years ago - 2 comments
Labels: type:technical, subtype:rp-ops

#1710 - Split RP ops "Registering a new credential" into one with and one without attestation

Issue - State: open - Opened by emlun over 2 years ago - 7 comments
Labels: type:editorial, @Risk

#1710 - Split RP ops "Registering a new credential" into one with and one without attestation

Issue - State: open - Opened by emlun over 2 years ago - 7 comments
Labels: type:editorial, @Risk

#1688 - Should an RP be able to provide finer grained authenticator filtering in attestation options?

Issue - State: open - Opened by sbweeden almost 3 years ago - 32 comments
Labels: type:technical, @Risk

#1667 - Cross origin authentication without iframes (accommodating SPC in WebAuthn)

Issue - State: closed - Opened by akshayku about 3 years ago - 56 comments
Labels: stat:Discuss

#1656 - Cross-origin credential creation in iframes

Issue - State: closed - Opened by agl about 3 years ago - 48 comments
Labels: type:technical, @Risk

#1644 - Mechanism for encoding direction metadata may need more work

Issue - State: open - Opened by aphillips about 3 years ago - 3 comments
Labels: type:technical, type:editorial, i18n-needs-resolution, @Risk

#1640 - Syncing Platform Keys, Recoverability and Security levels

Issue - State: closed - Opened by akshayku about 3 years ago - 20 comments
Labels: type:technical, @Risk

#1637 - Possible experiences in a future WebAuthn

Issue - State: closed - Opened by agl over 3 years ago - 8 comments
Labels: type:technical, @Risk

#1635 - reference CTAP2.1 PS spec and fix broken link

Issue - State: closed - Opened by equalsJeffH over 3 years ago - 2 comments
Labels: type:editorial, @Risk

#1633 - Missing Test Vectors

Issue - State: open - Opened by cyberphone over 3 years ago - 3 comments
Labels: type:technical, @Risk

#1631 - CollectedClientData.crossOrigin default value and whether it is required

Issue - State: open - Opened by equalsJeffH over 3 years ago - 1 comment
Labels: type:editorial, @Risk

#1600 - Remove user handle "MAY be null" statement

Pull Request - State: closed - Opened by equalsJeffH over 3 years ago
Labels: type:technical, subtype:RP-impl-cons, @Risk

#1577 - Support for remote desktops

Issue - State: open - Opened by agl over 3 years ago - 14 comments
Labels: type:technical, @Risk

#1569 - Prevent browsers from deleting credentials that the RP wanted to be server-side

Issue - State: open - Opened by lgarron over 3 years ago - 22 comments
Labels: type:technical, @Risk

#1568 - Support a "create or get [or replace]" credential re-association operation

Issue - State: open - Opened by lgarron over 3 years ago - 15 comments
Labels: type:technical

#1567 - Surface platform authenticator status in the `create` (and maybe `get`) response / help RPs track UV/PA/RK

Issue - State: open - Opened by lgarron over 3 years ago - 10 comments
Labels: type:technical

#1554 - Adding info about HSTS for the RPID to client Data.

Issue - State: closed - Opened by ve7jtb over 3 years ago - 4 comments
Labels: type:technical

#1489 - cleanup <pre class=anchors> and use <pre class="link-defaults"> as appropriate

Issue - State: open - Opened by equalsJeffH about 4 years ago
Labels: type:editorial, priority:low, @Risk

#1449 - Requesting properties of created credentials.

Issue - State: closed - Opened by ve7jtb over 4 years ago - 17 comments
Labels: type:technical, subtype:FeatureProposal, @Risk

#1446 - PublicKeyCredentialParameters can't select curve (E.g. ed448)

Issue - State: open - Opened by arianvp over 4 years ago - 9 comments
Labels: type:technical, @Risk

#1372 - Consider allowing cross-domain credential use

Issue - State: open - Opened by sbweeden over 4 years ago - 38 comments
Labels: stat:Discuss, @Risk

#1317 - Timeout considerations

Pull Request - State: closed - Opened by akshayku almost 5 years ago - 4 comments
Labels: type:technical, type:WebPlatformTestNeeded

#1293 - Requiring user activation to call WebAuthn API

Issue - State: open - Opened by alanwaketan about 5 years ago - 26 comments
Labels: type:technical, stat:breaking

#1291 - Minor cleanups from PR 1270 review

Issue - State: closed - Opened by emlun about 5 years ago - 5 comments
Labels: type:editorial, priority:low, @Risk

#1255 - Add a way to use webauthn without Javascript

Issue - State: open - Opened by ignaloidas about 5 years ago - 57 comments
Labels: stat:Discuss, type:technical, subtype:FeatureProposal

#1049 - export definitions?

Issue - State: open - Opened by equalsJeffH about 6 years ago - 5 comments
Labels: type:editorial, subtype:editorialConventions, stat:OnGoing, @Risk

#867 - What is the point of `allowCredentials`?

Issue - State: closed - Opened by subyraman over 6 years ago - 11 comments
Labels: type:technical

#462 - undefined terms and terms we really ought to define

Issue - State: closed - Opened by equalsJeffH over 7 years ago - 34 comments
Labels: type:editorial, stat:OnGoing, @Risk

GitHub / w3c/webauthn issues and pull requests