Document title, URLs, estimated publication date
Web Authentication: An API for accessing Public Key Credentials Level 3
https://www.w3.org/TR/2026/CRD-webauthn-3-20260515/
Abstract
https://www.w3.org/TR/2026/CRD-webauthn-3-20260515/#abstract
Status
https://www.w3.org/TR/2026/CRD-webauthn-3-20260515/#sotd
Will new features be allowed to be incorporated in the Recommendation?
No. Web Authentication- Level 4 will be the next version.
Link to group's decision to request transition
Minutes of 2026-03-18
Changes
From CRS L3 to CRD
Since the 13 January 2026 Candidate Recommendation Snapshot, the Working Group:
- Added §14.5.5, “Cross-Origin Usage of WebAuthn Credentials”. This section documents privacy risks arising from WebAuthn in cross-origin contexts, including Related Origin Requests and cross-origin iframes.
- Updated the metadata and some links, and fixed a few minor editorial issues.
From L2 to L3
https://www.w3.org/TR/2025/CR-webauthn-3-20251121/#revision-history
Requirements satisfied
N/A
Dependencies met (or not)
Considering the groups present in the charter:
- W3C groups: There is significant cross-participation across the various groups, both by the editors and by the groups, thanks also to cross-meetings during the various TPACs, particularly for the payments section.
- External groups: there has been formal communication with
Wide Review
Design:
Accessibility:
Internationalization:
Security:
Privacy:
Transition Team
During the Transition to CR, the Team asked:
While no formal objection was raised this document, we note that the resolution of some issues related to privacy considerations remain ongoing, in particular:
w3c/webauthn#2319 w3c/webauthn#2321
The Team believes that those issues should be resolved within the current Recommendation cycle rather than pushed to the future. While past efforts faced hurdles, the W3C Team is committed to working alongside the Working Group throughout the Candidate Recommendation phase to improve the specification with respect to these two issues.
Both issues are addressed in PR 2391, which received a comment from the Privacy Reviewer.
Issues addressed
https://github.com/w3c/webauthn/milestone/32?closed=1
Formal Objections
No Formal Objections
Implementation
WPT Results
Please note that part of the implementation in Chrome is different from that in Edge.
Patent disclosures
https://www.w3.org/groups/wg/webauthn/ipr/
NOTE: For more information, see Organize a Technical Report Transition.
Document title, URLs, estimated publication date
Web Authentication: An API for accessing Public Key Credentials Level 3
https://www.w3.org/TR/2026/CRD-webauthn-3-20260515/
Abstract
https://www.w3.org/TR/2026/CRD-webauthn-3-20260515/#abstract
Status
https://www.w3.org/TR/2026/CRD-webauthn-3-20260515/#sotd
Will new features be allowed to be incorporated in the Recommendation?
No. Web Authentication- Level 4 will be the next version.
Link to group's decision to request transition
Minutes of 2026-03-18
Changes
From CRS L3 to CRD
Since the 13 January 2026 Candidate Recommendation Snapshot, the Working Group:
From L2 to L3
https://www.w3.org/TR/2025/CR-webauthn-3-20251121/#revision-history
Requirements satisfied
N/A
Dependencies met (or not)
Considering the groups present in the charter:
Wide Review
Design:
Accessibility:
Internationalization:
Security:
Privacy:
Transition Team
During the Transition to CR, the Team asked:
Both issues are addressed in PR 2391, which received a comment from the Privacy Reviewer.
Issues addressed
https://github.com/w3c/webauthn/milestone/32?closed=1
Formal Objections
No Formal Objections
Implementation
WPT Results
Please note that part of the implementation in Chrome is different from that in Edge.
Patent disclosures
https://www.w3.org/groups/wg/webauthn/ipr/
NOTE: For more information, see Organize a Technical Report Transition.