Open equalsJeffH opened 7 years ago
added to OP yesterday:
AAGUID
authenticator session
extension data
identifier of the credential
supported extensions
user account
webauthn
webauthn operations
see also #79 #80 #358
added to the list in the OP:
attestation statement
removed from list in the OP:
attestation statement -- we do have a dfn (d'oh!): https://w3c.github.io/webauthn/#attestation-statement
added to list in the OP:
(a credential) bound to an/this authenticator
managed by
stored on
local configuration knowledge
added to list in the OP:
platform-specific API
default
handle
procedure
transports
added to list in the OP:
cross-platform transport protocols
platform
Android "N" or later platform
Android platforms
the platform
the underlying platform
underlying OS platform
currently available on this platform
supported by this client "
user agent and/or "
as defined by the "
overridden by the "
the client's "
the client "
the client " components
user's platform device
the platform makes
The " is requested
Client platforms
platform-provided
added to list in the OP:
signature
added to list in the OP:
external authenticator (to be defined in conjunction with roaming authnr)
As discussed on the call, the issue wouldn't change API names. Taking out the renaming flag.
added "first factor" to OP
added to list in the OP:
assertion
cloned authenticator
authenticator protection measures
trust path
added to list in the OP:
user's account user's account identifier user account entity user account's PublicKeyCredentialUserEntity.
user handle
added to list in the OP:
owning authenticator
added to list in the OP:
blinding
added to list in the OP:
client-side
see also issue #833
added to list in the OP:
client // note "webauthn client" is presently defined
// but "webauthn client device" or "webauthn client platform" are not,
// and are not presently used, but perhaps should be.
client device // used a few time
client platform // used much; see also entries for variations of "platform" below
WebAuthn client
added to list in the OP:
LDH Labels (perhaps just make that single-occurrance term a link to https://tools.ietf.org/html/rfc5890#section-2.3.1)
added to list in the OP:
script
Relying Party script
added to list in the OP:
client-side resident credential // presently undefined but should be as a short form for
// client-side resident credential private key, which is
// presently defined
resident credential // presently undefined, just a thought, tho dunno if we
// ought to promote its use
updated in the OP:
first-factor
added to list in the OP:
Device
added to list in the OP:
scope, as in:
Removed from OP:
- client
- client device
- client platform
Device
- computing device
- user's computing device
- see also 'client device'
platform-specific // i.e., the term itself
platform-specific API
default
handle
procedure
transports
platform
the platform
the underlying platform
underlying OS platform
added to OP:
authenticator characteristics
Ticked items:
added to OP: attestation trust model (presently we discuss "trust model" in terms of attestation types, but do not define the latter term)
Added to OP:
U2F authenticator
CTAP1/U2F authenticator
Added to OP:
See #1162
updated the section on "Credential" to be:
[ ] CREDENTIAL:
(a credential) bound to a authenticator
(a credential is) bound to an/this authenticator
managed by " "
controlled by " "
present on " "
stored on " "
owning authenticator
credential ID
credential object
Client-side-resident Public Key Credential Source // is presently defined
// synonymously with
// 'resident credential'
server-side resident credential // presently undefined
Note: residentKey is currently used in WebIDL (so we're likely stuck with it) and as a variable name in algorithms. It is synonymous with Client-side-resident Public Key Credential Source / resident credential.
added to OP:
Punting this onward to L2-WD-02....
Checked off:
- [x] identifier of the credential
- [x] assertion
Removed "blinding" from OP as the search term "blind" now produces 0 hits in the editor's draft.
The below terms are formally undefined and we should consider defining them (and linking their occurrences to their dfn. Be sure to see also issue #358 -- there is overlap between this issue and that one.
Add to, or remove from, this list by updating this original post (OP):
[ ] attesting authority (aka authenticator vendor (which could be a (client) platform vendor))
[ ] attestation trust model (presently we discuss "trust model" in terms of attestation types, but do not define the latter term)
[ ] AAGUID
[x] assertion
[ ] authenticator-related terms:
[x] external authenticator (to be defined in conjunction with roaming authnr)
[ ] CREDENTIAL:
Note: residentKey is currently used in WebIDL (so we're likely stuck with it) and as a variable name in algorithms. It is synonymous with Client-side-resident Public Key Credential Source / resident credential.
[ ] credential metadata -- everything in the Public Key Credential Source other than the credential private key.
client-side // see also issue #80
supported by this implementation
PLATFORM:
currently available on this platform supported by this client " user agent and/or " as defined by the " overridden by the "
Relying Party script
[x] user handle
[ ] webauthn
[ ] webauthn operations
[x] Web Authentication
[ ] Web Authentication protocol