- From: Hodges, Jeff <jeff.hodges@paypal.com>
- Date: Wed, 9 Mar 2016 18:54:26 +0000
- To: Vijay Bharadwaj <vijaybh@microsoft.com>
- CC: W3C WebAuthn WG <public-webauthn@w3.org>
Received on Wednesday, 9 March 2016 18:55:01 UTC
On 3/9/16, 8:45 AM, "Vijay Bharadwaj" <vijaybh@microsoft.com<mailto:vijaybh@microsoft.com>> wrote:
More bikeshedding - "Web authentication" seems too generic. Also I would like to retain the credential type as "FIDO" if possible though, it seems to me that it correctly represents the type of hardware involved and that would be lost if we genericized it - i.e. you can use the API to talk to all kinds of stuff but these credentials are of the FIDO type. Wendy, would that be okay?
So in other words:
- Generically titled spec ("Web Authentication using Cryptographic Credentials: API and data formats" or "WACC" for short)
- Generically named API namespaces (WebAppSec uses navigator.credentials for example)
- Credential type of "FIDO" denotes that the selected credential supports the FIDO data formats and device protocols
this overall works for me.
wrt cred type, you're referring to this component of..
enum CredentialType<cid:C062856F-D6ED-46B9-965A-E21D0D6FFD24> {
"FIDO"
};
.. the web api, yes?
I spose we could bikeshed further on "Cryptographic Credentials", i.e., in this context they have the property of being scoped to an Relying Party, where RP != web origin, but rather "eTLD+1", and other "crypto creds" are scoped to origins or whatever.
HTH,
=JeffH
Received on Wednesday, 9 March 2016 18:55:01 UTC