- From: J.C. Jones <jjones@mozilla.com>
- Date: Thu, 30 Jun 2016 13:52:45 -0700
- To: W3C WebAuthn WG <public-webauthn@w3.org>
- Message-ID: <CAObDDPDPS_yXNDhAQ1FvDWMmhBTpT4zmyavoKpXbxpTL+B2O-w@mail.gmail.com>
All, I've produced an editorial pull request (#135) of aesthetic changes as a result of reviewing the document again from the perspective of a Web API consumer. The PR is here: https://github.com/w3c/webauthn/pull/135 First, I have removed the distinctions between "external" and "embedded" authenticators. This distinction caused confusion for the web developers I solicited feedback from, as one of the goals of the API is to abstract that sort of hardware awareness away. >From a functional point of view, the document's scope is limited to User Agent <-- API --> Relying Party, and by agreement in the spring it shouldn't deal with hardware, so I argue that talk of external and embedded authenticators, while interesting, distracts from the nuts-and-bolts of actually using the standard. Thus, this first change removes those distinctions, while keeping discussion that authenticators come in many types, and the user agent will abstract their differences away from the API. Second, I changed the macro for "WebAuthn Relying Party" to the less-clumsy "Relying Party." Per the concerns in April about being a confusable for the same term in OAuth or X.509, I added a green "note" block. Third, I moved the whole attestation type definitions into their own top-level section. They're a pretty top-level concept anyway, and as it was they were buried down in headings like "5.3.2.3.1." Last, I added myself as an editor, per the first F2F in San Francisco. Each of these things is its own standalone commit, should we need to pull bits back apart. Comments either here or on the PR are welcome. Cheers, J.C.
Received on Thursday, 30 June 2016 20:53:34 UTC