Re: wrt all those "FIDO" terms, e.g. "FIDO Credentials" - new names? from Hodges, Jeff on 2016-03-09 (public-webauthn@w3.org from March 2016)

From: Hodges, Jeff <jeff.hodges@paypal.com>
Date: Wed, 9 Mar 2016 21:28:12 +0000
To: Richard Barnes <rbarnes@mozilla.com>
CC: W3C WebAuthn WG <public-webauthn@w3.org>
Message-ID: <D305D4EA.93490%jehodges@paypalcorp.com>

On 3/9/16, 1:20 PM, "Richard Barnes" <rbarnes@mozilla.com<mailto:rbarnes@mozilla.com>> wrote:

"""
API Features in scope are: (1) Requesting generation of an asymmetric key pair within a specific scope (e.g., an origin); (2) Proving that the browser has possession of a specific private key, where the proof can only be done within the scope of the key pair. In other words, authentication should obey the same origin policy.
"""

So this is a credential that provides authentication based on proof of possession of a signing key (i.e., a signature), where that signature is limited to some scope via the signing protocol we will define.

Could people live with "ScopedSignatureCredential"?

so you are suggesting..

enum CredentialType<cid:C062856F-D6ED-46B9-965A-E21D0D6FFD24> {

    "ScopedSignatureCredential"
};

.. yes?

sure, I can live with that.

=JeffH

Received on Wednesday, 9 March 2016 21:28:44 UTC