The Web Authentication Working Group has published a Proposed Recommendation of Web Authentication: An API for accessing Public Key Credentials Level 2. This specification defines an API enabling the creation and use of strong, attested, scoped, public key-based credentials by web applications, for the purpose of strongly authenticating users. This is Web Authentication Level 2. Substantive changes since Level 1 are:

• Added new method to allow Discoverable/Resident Credentials Preferred
• New methods added for Attestation Objects
• Added Attestation types (Enterprise, Apple)
• Added Large Blob storage and credential properties

Explanatory materials and implementation considerations have been updated as well.

Comments are welcome through 26 March 2021.

Original source: https://www.w3.org/blog/news/archives/8927