undefined terms and terms we really ought to define

[equalsJeffH]

The below terms are formally undefined and we should consider defining them (and linking their occurrences to their dfn. Be sure to see also issue #358 -- there is overlap between this issue and that one.

Add to, or remove from, this list by updating this original post (OP):

• [ ] attesting authority (aka authenticator vendor (which could be a (client) platform vendor))

• [ ] attestation trust model (presently we discuss "trust model" in terms of attestation types, but do not define the latter term)

• [ ] AAGUID

• [x] assertion

• [ ] authenticator-related terms:

        authenticator characteristics     // are discussed in #sctn-authenticator-taxonomy
        authenticator session
  cloned authenticator
        authenticator protection measures

• [x] external authenticator (to be defined in conjunction with roaming authnr)

• [ ] CREDENTIAL:

  (a credential)   bound to a authenticator
  (a credential is)   bound to   an/this authenticator
                  managed by    "         "
                  controlled by    "         "
                  present on    "         "
                  stored on     "         "
                  owning             authenticator
  
                   credential ID
                   credential object 
  Client-side-resident Public Key Credential Source  //  is presently defined 
                                                 // synonymously with 
                                                 // 'resident credential'
  server-side resident credential       // presently undefined 

  Note: residentKey is currently used in WebIDL (so we're likely stuck with it) and as a variable name in algorithms. It is synonymous with Client-side-resident Public Key Credential Source / resident credential.

• [ ] credential metadata -- everything in the Public Key Credential Source other than the credential private key.

  
  CLIENT:

client-side // see also issue #80

- [ ] cross-platform transport protocols

- [ ] extension data

- [ ] first-factor
  - [x] as in "first-factor authenticator" aka one that is actually multi-factor because it is user verification-capable (1st factor, something you are), and wields the private key (2nd factor, a secret you possess).
  - [ ] also may want to clarify/define/use terms such as "multi-factor authn", "first multi-factor", etc.

- [x] identifier of the credential

supported by this implementation

- [ ] LDH Labels (perhaps just make that single-occurrance term a link to https://tools.ietf.org/html/rfc5890#section-2.3.1)

- [ ] local configuration knowledge

PLATFORM:

   Android "N" or later platform
                Android platforms

currently available on this platform supported by this client " user agent and/or " as defined by the " overridden by the "

           the client's   "
             the client   "
             the client   "       components

                 user's platform device

                    the platform  makes
                    The   "       is requested

                 Client platforms

                        platform-provided

- [x] scope, as in:
  - [x] - Public key credential's scope
  - [x] - strong, attested, scoped, public key-based credentials

- [ ] SCRIPT:
see also issue #80 

          script

Relying Party script

- [ ] signature
- define as "digital signature" ?

- [ ] signature counter

- [ ] supported extensions

- [ ] trust path

- [ ] user/account
  - [ ] user
  - [ ] user account
  - [ ] user's account
  - [ ] user's account identifier
  - [ ] user account entity
  - [ ] user account's  PublicKeyCredentialUserEntity.
  - [ ] user identifier
  - [ ] username

OS level user ID

• [x] user handle

• [ ] webauthn

• [ ] webauthn operations

• [x] Web Authentication

• [ ] Web Authentication protocol

[equalsJeffH]

added to OP yesterday:

AAGUID

authenticator session

extension data

identifier of the credential

supported extensions

user account

webauthn

webauthn operations

[equalsJeffH]

see also #79 #80 #358

[equalsJeffH]

added to the list in the OP:

attestation statement

[equalsJeffH]

removed from list in the OP:

attestation statement -- we do have a dfn (d'oh!): https://w3c.github.io/webauthn/#attestation-statement

[equalsJeffH]

added to list in the OP:

(a credential)   bound to   an/this authenticator
                 managed by
                 stored on      

local configuration knowledge

[equalsJeffH]

added to list in the OP:

platform-specific API
                  default
                  handle
                  procedure
                  transports

[equalsJeffH]

added to list in the OP:

cross-platform transport protocols

                            platform
       Android "N" or later platform
                    Android platforms

                        the platform
             the underlying platform
              underlying OS platform

currently available on this platform
   supported by this client   "
          user agent and/or   "
          as defined by the   "
          overridden by the   "

               the client's   "
                 the client   "
                 the client   "       components

                     user's platform device

                        the platform  makes
                        The   "       is requested

                     Client platforms

                            platform-provided

[equalsJeffH]

added to list in the OP:

signature

[equalsJeffH]

added to list in the OP:

external authenticator (to be defined in conjunction with roaming authnr)

[AngeloKai]

As discussed on the call, the issue wouldn't change API names. Taking out the renaming flag.

[equalsJeffH]

added "first factor" to OP

[equalsJeffH]

added to list in the OP:

assertion

cloned authenticator

authenticator protection measures

trust path

[equalsJeffH]

added to list in the OP:

user's account user's account identifier user account entity user account's PublicKeyCredentialUserEntity.

user handle

[equalsJeffH]

added to list in the OP:

owning authenticator

[equalsJeffH]

added to list in the OP:

blinding

[equalsJeffH]

added to list in the OP:

client-side

see also issue #833

[equalsJeffH]

added to list in the OP:

client            // note "webauthn client" is presently defined
                  // but "webauthn client device" or "webauthn client platform" are not,
                  // and are not presently used, but perhaps should be.

client device     // used a few time
client platform   // used much; see also entries for variations of "platform" below

WebAuthn client

[equalsJeffH]

added to list in the OP:

LDH Labels (perhaps just make that single-occurrance term a link to https://tools.ietf.org/html/rfc5890#section-2.3.1)

[equalsJeffH]

added to list in the OP:

              script
Relying Party script

[equalsJeffH]

added to list in the OP:

client-side resident credential    // presently undefined but should be as a short form for 
                                   // client-side resident credential private key, which is 
                                   // presently defined
            resident credential    // presently undefined, just a thought, tho dunno if we 
                                   // ought to promote its use

[equalsJeffH]

updated in the OP:

first-factor

• as in "first-factor authenticator" aka one that is actually multi-factor because it is user verification-capable (1st factor, something you are), and wields the private key (2nd factor, a secret you possess).
• also may want to clarify/define/use terms such as "multi-factor authn", "first multi-factor", etc.

[equalsJeffH]

added to list in the OP:

Device

• computing device
• user's computing device
• see also 'client device'

[equalsJeffH]

added to list in the OP:

scope, as in:

• Public key credential's scope
• strong, attested, scoped, public key-based credentials

[emlun]

Removed from OP:

- client
- client device
- client platform

Device
- computing device
- user's computing device
- see also 'client device'

platform-specific  // i.e., the term itself
platform-specific API
                  default
                  handle
                  procedure
                  transports

                            platform

                        the platform
             the underlying platform
              underlying OS platform

[equalsJeffH]

added to OP: authenticator characteristics

[emlun]

Ticked items:

• external authenticator (to be defined in conjunction with roaming authnr)
• first factor - as in "first-factor authenticator" aka one that is actually multi-factor because it is user verification-capable (1st factor, something you are), and wields the private key (2nd factor, a secret you possess).
• scope, as in:
  • Public key credential's scope
  • strong, attested, scoped, public key-based credentials

[equalsJeffH]

added to OP: attestation trust model (presently we discuss "trust model" in terms of attestation types, but do not define the latter term)

[equalsJeffH]

Added to OP:

      U2F authenticator
CTAP1/U2F authenticator

[emlun]

Added to OP:

• user

See #1162

[equalsJeffH]

updated the section on "Credential" to be:

• [ ] CREDENTIAL:

  (a credential)   bound to a authenticator
  (a credential is)   bound to   an/this authenticator
                  managed by    "         "
                  controlled by    "         "
                  present on    "         "
                  stored on     "         "
                  owning             authenticator
  
                   credential ID
                   credential object 
  Client-side-resident Public Key Credential Source  //  is presently defined 
                                                 // synonymously with 
                                                 // 'resident credential'
  server-side resident credential       // presently undefined 

  Note: residentKey is currently used in WebIDL (so we're likely stuck with it) and as a variable name in algorithms. It is synonymous with Client-side-resident Public Key Credential Source / resident credential.

[equalsJeffH]

added to OP:

• [ ] credential metadata -- everything in the Public Key Credential Source other than the credential private key.

[equalsJeffH]

Punting this onward to L2-WD-02....

[emlun]

Checked off:

• [x] identifier of the credential
• [x] assertion

[emlun]

Removed "blinding" from OP as the search term "blind" now produces 0 hits in the editor's draft.