search

w3c / webauthn

Web Authentication: An API for accessing Public Key Credentials
https://w3c.github.io/webauthn/
Other
1.19k stars 172 forks source link

Add a Terminology Section #50

Closed jcjones closed 8 years ago

jcjones commented 8 years ago

Some terms like Relying Party are known sources of confusion. We should add a terminology section to the specification that explains particular terms.

If you have a known confusable term, please add a comment to this issue so I can pick those up, too.

leshi commented 8 years ago

Some quick thoughts: Webapp Authentication Backend, Webapp Backend, Authentication Backend, Authentication Server, Webapp Server

nicola commented 8 years ago

OpenID uses Relying Party maybe it is a good idea to keep it and explain the term.

jcjones commented 8 years ago

Also, "Authenticator"

flpm commented 8 years ago

I took a first pass and made an initial list of terms. There are some generic terms we may not want to include, but since it's easier to cut I kept them anyway:

account
assertion
assertion challenge
assertion extension
attestation
attestation certificate
attestation challenge
attestation core
attestation header
attestation key
attestation statement
authentication
authenticator
authenticator attestation GUID (AAGUID)
authenticator data
authenticator operation
authenticator session
blacklist
browser
certificate authority (CA)
client
client data
client data hash
client extension
client platform
contextual binding
credential
credential extension
credential identifier
credential type
cryptographic algorithm
cryptographic key
cryptographic proof
cryptographic signature
DAA root key
device
Direct Anonymous Attestation (DAA)
effective top-level domain plus one (eTLD+1)
embedded authenticator
encoded client data
endorsement key
extension identifier
external authenticator
friendly fraud
global correlation handle
hash algorithm
intermediate CA
local storage
origin
privacy CA
private key
promise
public key
public suffix plus one (PS+1)
raw data
relying party
relying party identifier (RPID)
request
RogueList
root CA
script
secure context
server
standard extension
test of user presence
transaction authorization
user
user agent
user verification
user verification index (UVI)
web application
whitelist
jcjones commented 8 years ago

Sorry for the delay on this; it's taking a bit more time than I anticipated, so it ran into today.

jcjones commented 8 years ago

Closed by e3dc893a2325693e8ae627c0cd6ed0b293bd8a42; follow-ons to continue as needed.