IIIF Authentication TSG Charter


The IIIF Authentication API is an interaction pattern for managing access control to IIIF image resources. With the introduction of support for A/V in the IIIF Presentation API version 3 there is now a need to support authenticating resources which do not require a IIIF Image API service, as well as general updates for consistency with the new APIs. There have also been developments in the browser community that cause difficulties with the existing authentication specification. With the current specification being broken in some browsers, and soon to be obsolete in others, there is an urgent need to update the method in which the IIIF Authentication API works to remain useful in the evolving web landscape.


The scope of work to be performed by the Authentication TSG will be:

  • Updating the IIIF Authentication API in line with version 3.0 of the IIIF Image and Presentation APIs
  • Finding and documenting a solution to the browser issues that have arisen, with an initial approach of engaging with the standards and browser communities
  • Determining a IIIF Authentication API pattern for access to non-Image content resources
  • Explore Authentication patterns for access to resources requested through JavaScript without exposing authorization credentials to the client (such as for searching annotations with credentials)


The expected deliverable will be a new version of the IIIF Authentication API that meets the requirements of the scope described above.


References for implementations of the third-party cookie changes:

Stories that support this TSG work:


  • Group formation: October 2020
  • Delivery of new Authentication API version, given current technical /political environment:
    • Initial draft: June 2021
    • Implementable Beta: November 2021
    • Proposed Recommendation: June 2022