The W3C Web Authentication Working Group has published the First Public Working Draft of its specification aimed at ensuring privacy with online authentication beyond the password.
An abstract describes the specification in general terms, outlining how it would let websites access a user’s cryptographic credentials, which are stored on an authenticator that checks with the user to make sure the user consents to the access. The basic concept has already been embraced by Microsoft Edge, Google Chrome, and Mozilla Firefox based on earlier specifications that have gone on to form the basis of the current draft, suggesting that further adoption by major IT players is in store.
In a statement announcing the draft, the Working Group highlighted the contribution of the FIDO Alliance 2.0 specifications, which were submitted last November and form the backbone of the W3C specification. FIDO is, of course, no slouch when it comes to establish technical standards for data security and privacy, with its two-factor and multi-factor authentication standards gaining increasing influence in across various industries. Now, it’s helping the W3C to extend such security approaches in a very tangible way.
The W3C says the publication of its First Public Working Draft “is a signal to the community to begin reviewing the document,” so the time has come for various stakeholders to do their part to improve privacy standards online.
Source: Web Authentication Working Group
June 6, 2016 – by Alex Perala