WEBVTT slide-1 00:00:01.784 --> 00:00:02.617 Hey TPAC, 2 00:00:02.617 --> 00:00:04.080 my name is Nicholas Steele 3 00:00:04.080 --> 00:00:04.913 and I'm the co-chair of 4 00:00:04.913 --> 00:00:06.790 the WebAuthn Adoption Community Group. 5 00:00:06.790 --> 00:00:08.340 And I'm here to give a lightening update 6 00:00:08.340 --> 00:00:10.940 on what the Adoption Community Group has been up to. 7 00:00:11.830 --> 00:00:14.750 This talk is very brief, but should cover three main points. slide-2 00:00:14.750 --> 00:00:16.360 Firstly, we want you to take away 9 00:00:16.360 --> 00:00:19.040 what the WebAuthn Adoption Community Group is all about. 10 00:00:19.040 --> 00:00:20.630 We're mainly about coordinating research 11 00:00:20.630 --> 00:00:23.380 and disseminating knowledge to help promote the adoption 12 00:00:23.380 --> 00:00:26.000 of the WebAuthn standard among web developers 13 00:00:26.000 --> 00:00:28.910 and the Relying Parties that end up using them. 14 00:00:28.910 --> 00:00:30.700 We're also going to cover what we've been working on 15 00:00:30.700 --> 00:00:32.700 as a group and how you can help as well. slide-3 00:00:34.610 --> 00:00:36.630 For a little longer overview 17 00:00:36.630 --> 00:00:39.390 of what the WebAuthn Community Group does 18 00:00:39.390 --> 00:00:40.590 and why we were founded, 19 00:00:41.760 --> 00:00:43.880 we try to help developers in the businesses 20 00:00:43.880 --> 00:00:45.650 that these developers work for have a forum 21 00:00:45.650 --> 00:00:48.290 in which to talk about the WebAuthn API and the standard, 22 00:00:48.290 --> 00:00:50.390 which we'll talk about briefly in the next couple of slides. 23 00:00:50.390 --> 00:00:53.200 And we provide resources promoting adoption 24 00:00:53.200 --> 00:00:55.810 and help give Relying Parties, generally referred to 25 00:00:55.810 --> 00:00:58.890 as RPs, guidance from the Working Group 26 00:00:58.890 --> 00:01:00.213 and to the Working Group 27 00:01:01.550 --> 00:01:03.200 which is developing the standard. slide-4 00:01:04.220 --> 00:01:08.060 The WebAuthn standard was developed in the W3C 29 00:01:08.060 --> 00:01:09.170 a few years ago now 30 00:01:09.170 --> 00:01:12.490 and is currently on its second publicly recommended version 31 00:01:12.490 --> 00:01:15.460 with version 3 in editorial. 32 00:01:15.460 --> 00:01:18.730 And its rapid adoption and iteration by platform vendors 33 00:01:18.730 --> 00:01:21.820 have left web developers with few technical resources 34 00:01:21.820 --> 00:01:24.350 that stay up to date in order to help implement 35 00:01:24.350 --> 00:01:27.720 the standard quickly and effectively as well. slide-5 00:01:27.720 --> 00:01:29.900 Representatives from platform vendors tend to make up 37 00:01:29.900 --> 00:01:31.920 a majority of the contributors 38 00:01:31.920 --> 00:01:34.060 to the WebAuthn Working Group. 39 00:01:34.060 --> 00:01:36.260 This is pretty standard and we see this often 40 00:01:36.260 --> 00:01:38.970 within the W3C, but this can like lead to 41 00:01:38.970 --> 00:01:41.740 a lack of representation from Relying Parties 42 00:01:41.740 --> 00:01:44.540 and those that have to implement the standard. 43 00:01:44.540 --> 00:01:47.790 So while this is common, we hope to change this 44 00:01:49.580 --> 00:01:51.580 with the Community Group adoption model. slide-6 00:01:52.810 --> 00:01:56.890 So what we're doing as an adoption Community Group 46 00:01:56.890 --> 00:01:58.950 is helping provide working examples 47 00:01:58.950 --> 00:02:00.710 of the WebAuthn standard. 48 00:02:00.710 --> 00:02:02.780 And we're providing this through WebAuthn.how, 49 00:02:02.780 --> 00:02:03.870 and we're also providing this 50 00:02:03.870 --> 00:02:05.770 through conformance test suites, 51 00:02:05.770 --> 00:02:09.010 which will help with testing and continuous integration 52 00:02:09.010 --> 00:02:11.220 and deployment, generally called CICD, 53 00:02:11.220 --> 00:02:13.860 of WebAuthn services by Relying Parties 54 00:02:13.860 --> 00:02:15.470 and other developers. 55 00:02:15.470 --> 00:02:17.340 So they can add these test suites to 56 00:02:18.934 --> 00:02:21.250 their code bases that are handling WebAuthn. 57 00:02:21.250 --> 00:02:25.000 And we'll be able to verify that different authenticators 58 00:02:25.000 --> 00:02:27.920 and pieces of hardware will successfully work 59 00:02:27.920 --> 00:02:30.440 with the suite that they've created. 60 00:02:30.440 --> 00:02:33.470 We've also been assisting with adoption efforts 61 00:02:33.470 --> 00:02:35.920 across the industry with different communities. 62 00:02:35.920 --> 00:02:37.540 We work a lot with the FIDO Alliance, 63 00:02:37.540 --> 00:02:39.980 which maintains the CTAP2 standard. 64 00:02:39.980 --> 00:02:41.200 And we work with Yubico 65 00:02:41.200 --> 00:02:43.800 which is a hardware authenticator vendor. 66 00:02:43.800 --> 00:02:46.220 We've also helped raise issues that developers 67 00:02:46.220 --> 00:02:48.680 are experiencing with different platform vendors. 68 00:02:48.680 --> 00:02:50.840 And we will raise them in the Working Group 69 00:02:50.840 --> 00:02:53.400 or directly with developers at these vendors, 70 00:02:53.400 --> 00:02:55.293 such as Apple, Google, Microsoft. slide-7 00:02:57.070 --> 00:02:59.660 Some of the external work we're doing 72 00:02:59.660 --> 00:03:01.780 outside of those code libraries 73 00:03:02.698 --> 00:03:05.660 is helping Yubico develop a MOOC, 74 00:03:05.660 --> 00:03:07.840 which is a Massive Open Online Course. 75 00:03:07.840 --> 00:03:10.250 This is an education module designed 76 00:03:10.250 --> 00:03:12.130 to help developers get started with WebAuthn. 77 00:03:12.130 --> 00:03:14.390 And the Community Group have helped review 78 00:03:14.390 --> 00:03:17.863 and edit some of those initial content pieces for them, 79 00:03:18.950 --> 00:03:21.890 and they should be actually published pretty shortly. 80 00:03:21.890 --> 00:03:23.900 The Community Group members have also helped advise 81 00:03:23.900 --> 00:03:26.500 a WebAuthn hackathon currently being run 82 00:03:26.500 --> 00:03:29.840 by the FIDO Alliance with a majority of 83 00:03:29.840 --> 00:03:32.880 the group members coming from Korea. 84 00:03:32.880 --> 00:03:35.870 We've been helping more than four 85 00:03:35.870 --> 00:03:40.870 or five different projects succeed in the hackathon 86 00:03:41.170 --> 00:03:42.150 and look forward to seeing 87 00:03:42.150 --> 00:03:45.320 their work be published as well shortly. 88 00:03:45.320 --> 00:03:47.810 Also, most Stack Overflow WebAuthn questions 89 00:03:47.810 --> 00:03:49.570 are being answered by our members. 90 00:03:49.570 --> 00:03:52.200 So we're helping provide public 91 00:03:52.200 --> 00:03:55.700 an SEOd, or search engine optimized, answers 92 00:03:55.700 --> 00:03:58.653 to questions that are appearing on on these public forums. slide-8 00:03:59.640 --> 00:04:01.423 We can definitely use your help 94 00:04:02.460 --> 00:04:04.210 while we're working on WebAuthn.how 95 00:04:04.210 --> 00:04:05.610 and the conformance tool suite; 96 00:04:05.610 --> 00:04:07.120 they're works in progress. 97 00:04:07.120 --> 00:04:10.210 So if you or someone you know is interested in writing free 98 00:04:10.210 --> 00:04:14.050 and open source code, we can definitely use a hand. 99 00:04:14.050 --> 00:04:16.910 Also, if you're interested in WebAuthn adoption yourself 100 00:04:16.910 --> 00:04:20.720 or for your Relying Party, or the company you work for, 101 00:04:20.720 --> 00:04:22.270 feel free to come check us out. 102 00:04:23.220 --> 00:04:27.310 Also, we really do see these adoption groups being something 103 00:04:27.310 --> 00:04:29.100 that could be used as a template 104 00:04:29.100 --> 00:04:32.570 across the W3C organization. 105 00:04:32.570 --> 00:04:37.490 While we do see platform vendors tend to make up 106 00:04:37.490 --> 00:04:39.350 the majority of Working Groups, 107 00:04:39.350 --> 00:04:41.540 there does need to be a space where we can interface 108 00:04:41.540 --> 00:04:43.730 with developers and the Relying Parties 109 00:04:43.730 --> 00:04:46.400 and other companies that want to integrate our standards. slide-9 00:04:46.400 --> 00:04:49.040 So if you're interested in starting your own adoption group 111 00:04:49.040 --> 00:04:51.820 for your standard within the W3C, 112 00:04:51.820 --> 00:04:53.210 let us know and we can work together 113 00:04:53.210 --> 00:04:56.650 and hopefully we can succeed as a group. 114 00:04:56.650 --> 00:04:57.840 Thanks so much for your time. 115 00:04:57.840 --> 00:04:59.460 Let me know if you have questions after this 116 00:04:59.460 --> 00:05:02.423 and feel free to reach out to me on Twitter @codekaiju. 117 00:05:02.423 --> 00:05:03.810 And you can find our adoption group 118 00:05:03.810 --> 00:05:08.810 at wwww.w3.org/community/webauthn-adoption. 119 00:05:09.750 --> 00:05:10.593 Thanks so much.