Skip to main content
  1. Pages/

Standards Work

Author / Editor
#

W3C Web Authentication Level 3
#

The Web Platform API that powers passkeys.

This specification defines an API enabling the creation and use of strong, attested, scoped, public key-based credentials by web applications, for the purpose of strongly authenticating users. Conceptually, one or more public key credentials, each scoped to a given WebAuthn Relying Party, are created by and bound to authenticators as requested by the web application. The user agent mediates access to authenticators and their public key credentials in order to preserve user privacy. Authenticators are responsible for ensuring that no operation is performed without user consent. Authenticators provide cryptographic proof of their properties to Relying Parties via attestation. This specification also describes the functional model for WebAuthn conformant authenticators, including their signature and attestation functionality.

W3C Digital Credentials API
#

This document specifies an API to enable user agents to mediate presentation and issuance of digital credentials such as a driver’s license, government-issued identification card, and/or other types of digital credential. The API builds on Credential Management Level 1 as a means by which to request or issue a digital credential from a user agent or underlying platform.

OpenID Shared Signals Framework Specification 1.0
#

A signal sharing framework focused on identity and security related events across domains and organizational boundaries.

OpenID Continuous Access Evaluation Profile 1.0
#

A dictionary of events for the Shared Signals Framework that focus on zero trust session management.

This document defines the Continuous Access Evaluation Profile (CAEP) of the Shared Signals Framework [SSF]. It specifies a set of event types conforming to the Shared Signals Framework. These event types are intended to be used between cooperating Transmitters and Receivers such that Transmitters may send continuous updates using which Receivers can attenuate access to shared human or robotic users, devices, sessions and applications.

Contributor
#

FIDO Client to Authenticator Protocol (CTAP) 2.2
#

This specification defines the protocol used between a WebAuthn client and a hardware authenticatorf for passkeys, as well as a WebAuthn or Digital Credentials API client and another user device for both passkeys and verifiable digital credentials.

This specification describes an application layer protocol for communication between a roaming authenticator and another client/platform, as well as bindings of this application protocol to a variety of transport protocols using different physical media. The application layer protocol defines requirements for such transport protocols. Each transport binding defines the details of how such transport layer connections should be set up, in a manner that meets the requirements of the application layer protocol.

OpenID for Verifiable Presentations (OID4VP)
#

A protocol for request and presenting verifiable digital credentials.

Group Chair
#

   Standards

Related

Increasing the certificate lifetime for the Caddy internal CA
·123 words·1 min
How To
A very short guide on increasing the leaf certificate lifetime for Caddy’s internal CA.
Passkeys and Verifiable Digital Credentials: Friends or Foes? @ Identiverse 2025
Presentations
A session at Identiverse 2025 which explores the nuanced dynamics between passkeys and verifiable digital credentials, and their technological foundations across usability, privacy, trust models, and ecosystems with the goal of answering whether passkeys and verifiable digital credentials are friends or foes—and how these technologies might collaboratively shape the future of secure, user-centric digital identity systems.