- From: Vijay Bharadwaj <vijaybh@microsoft.com>
- Date: Thu, 24 Mar 2016 22:13:48 +0000
- To: "J.C. Jones" <jjones@mozilla.com>
- CC: W3C WebAuthn WG <public-webauthn@w3.org>
- Message-ID: <f2a05c94e5da44148efdea38c6c84a42@DFM-CO1MBX15-08.exchange.corp.microsoft.com>
Thanks JC for taking the first pass at this. I'm going to go ahead and propose a couple of tweaks, but this isn't intended as a criticism of the work you've done so far - it is hugely helpful to have a starting point to critique rather than start from a blank slate. And of course, naming is hard. I went through and added some comments. In summary, I would like to propose: 1. We are specifying a "Web Authentication API", 2. Which deals with Web Authenticators, 3. Each of which contains one or more Scoped Credentials, 4. Of credential type Scoped (or should this be WebAuth?) 5. Which can be used to produce Assertions 6. And can optionally handle Extensions If we agree with that nomenclature, then I would suggest we: - Replace "WebAuth authenticator" and similar phrases with "Web Authenticator" and make this a glossary term - Always refer to the API as the "Web Authentication API" instead of "Scoped Credential API" (this also makes the doc consistent with the IDL) - Replace the enum value "ScopedUserCredential" with just "Scoped" since we know it's a user credential type already - I also wonder if we could replace the type names WebAuthAssertion and WebAuthExtensions with just Assertion and Extensions, but not sure if this would invite conflict with similar type names from other specs There are a couple more minor comments in the PR from me, but these are the high-level ones. Thoughts?
Received on Thursday, 24 March 2016 22:14:23 UTC