こんにちは TAG-さん!

I'm requesting a TAG review of Web Authentication's PublicKeyCredential signal methods.

Allow WebAuthn relying parties to report information about existing credentials back to credential storage providers, so that incorrect or revoked credentials can be updated or removed from provider and system UI.

• Explainer¹: https://github.com/w3c/webauthn/wiki/Explainer:-WebAuthn-Signal-API-explainer
• Specification: https://w3c.github.io/webauthn/#sctn-signal-methods
• WPT Tests:
  • https://wpt.fyi/results/webauthn/signal-all-accepted-credentials.https.html
  • https://wpt.fyi/results/webauthn/signal-current-user-details.https.html
  • https://wpt.fyi/results/webauthn/signal-unknown-credential.https.html
• User research: N/A
• Security and Privacy self-review²: https://github.com/w3c/webauthn/wiki/Security-&-privacy-self-review:-PublicKeyCredential-signal-methods
• GitHub repo: https://github.com/w3c/webauthn/
• Primary contacts:
  • Nina Satragno (@nsatragno), Google, author
• Organization/project driving the specification: Google & the WebAuthn Working Group
• Multi-stakeholder support³:
  • Chromium comments: we would love to ship this thank you very much <3 -- signed: chromium
  • Mozilla comments: https://github.com/mozilla/standards-positions/issues/1075
  • WebKit comments: https://github.com/WebKit/standards-positions/issues/400
  • The signal methods address common concerns from RPs that have been voiced since the early days of WebAuthn. See https://github.com/w3c/webauthn/issues/1967 and the issues linked from there, e.g. https://github.com/w3c/webauthn/issues/1967#issuecomment-1848433321
• Status/issue trackers for implementations⁴: https://chromestatus.com/feature/5101778518147072

Further details:

• I have reviewed the TAG's Web Platform Design Principles
• Relevant time constraints or deadlines:
• The group where the work on this specification is currently being done: WebAuthn WG
• Major unresolved issues with or opposition to this specification: None
• This work is being funded by: Google