W3C Web Authentication API — browser-mediated public-key authentication against any relying party. Together with the FIDO2 CTAP transport, lets a user-held authenticator (hardware key, platform biometric, or synced credential) sign challenges per-site, eliminating shared secrets. Reached W3C Recommendation in 2019.