
Web Authentication: An API for Accessing Public Key Credentials - dagheyman
https://www.w3.org/TR/2018/CR-webauthn-20180320/
======
zeveb
Substantive disappoinment: I'm saddened that this requires JavaScript & X.509.
It'd have been nice were it usable strictly from HTTP; by requiring JavaScript
it's not really a _Web_ API at all. As for X.509 — it's what we have, so it
has to be supported, but it's really embarrassingly bad; it'd be nice were
other certificate standards allowed, e.g. via a typedef. As far as I can tell
from reading this, X.509 is baked-in and mandatory.

Presentation nit: the HTML is a bit annoying, as focus starts in the table of
contents and one must click in the main content area before being able to
scroll with space or <next>.

