search

w3c / webauthn

Web Authentication: An API for accessing Public Key Credentials
https://w3c.github.io/webauthn/
Other
1.16k stars 167 forks source link

authenticatorDisplayName should use a localizable language map #2151

Open timcappalli opened 2 hours ago

timcappalli commented 2 hours ago

Related to #1644

Proposed Change

authenticatorDisplayName is currently a DOMString and does not support localization, specifically language codes and direction.

Change to a map following the String Meta spec: https://www.w3.org/TR/string-meta/#language-maps

"authenticatorDisplayName": {
    "en":    {"value": "This is English"},
    "en-GB": {"value": "This is UK English", "dir": "ltr"},
    "fr":    {"value": "C'est français", "lang": "fr-CA", "dir": "ltr"},
    "ar":    {"value": "هذه عربية", "dir": "rtl"}
}
emlun commented 2 hours ago

Are you sure a language map is appropriate for this? My first impression was rather that authenticatorDisplayName is a single-language localizable text field - it's a user-configurable value that should only ever be presented back to the same user.

emlun commented 1 hour ago

After the discussion at TPAC I've come around to agreeing that a language map may be a good choice. The ability to specify multiple languages may be most useful if a value is pre-populated by the authenticator vendor without necessarily knowing the user's preferred locale; if the user overwrites with their own configuration the map can simply be collapsed to containing a single key.

The language map type is a superset of what can be expressed by the single-language localizable text field, so the language map is the safer choice for forward compatibility.