[webauthn] do not totally lose the term "WebAuthn Relying Party" from =JeffH via GitHub on 2016-08-22 (public-webauthn@w3.org from August 2016)

From: =JeffH via GitHub <sysbot+gh@w3.org>
Date: Mon, 22 Aug 2016 17:42:48 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-172511789-1471887766-sysbot+gh@w3.org>

equalsJeffH has just created a new issue for 
https://github.com/w3c/webauthn:

== do not totally lose the term "WebAuthn Relying Party" ==
this issue is derived from, and focuses only on the "WebAuthn Relying 
Party" portion of..
>Re: [webauthn] Text aesthetic updates
>https://lists.w3.org/Archives/Public/public-webauthn/2016Jul/0021.html

Regarding this set of commits..
>[webauthn] new commits pushed by jcjones
>https://lists.w3.org/Archives/Public/public-webauthn/2016Jul/0016.html

...
> * Change "WebAuthn Relying Party" to just "Relying Party"          

..although this change reduces wordiness, I do have some concerns..

I can live with using the unqualified term "Relying Party" in
many places in the text, however, we have been hearing literally for
years, especially from the Fed'd Identity Mgmt community, how 
confusing
they find the use of the unqualified "Relying Party" term.  Over the 
years
I've observed many instances of unnecessary misunderstanding and
getting-bolloxed-up due to use of imprecise/ambiguous terminology.

Thus, if others object to using the fully-qualified WebAuthn Relying 
Party" term 
everywhere, then I suggest editing the new RP definition to be like 
so..

    WebAuthn Relying Party
    Relying Party
    
      The entity whose web application utilizes the Web
      Authentication API to register and authenticate users.
      See Registration and Authentication, respectively.

      Note: While the unqualified term Relying Party is also used in 
other
      contexts (e.g., OAuth, SAML, X.509, etc.), an entity acting as a
      Relying Party in one context is not necessarily a Relying Party
      in others. For example, in an identity management deployment,
      WebAuthn may be used as a user authentication mechanism at the
      Identity Provider, who thus is also acting in the WebAuthn
      Relying Party role.

Additionally, within each major section I'd use the "WebAuthn Relying
Party" term on first use and "Relying Party" otherwise.

I think it's really important we make this extra effort to 
disambiguate
the terms. 

Also, we /could/ use the acronym "WRP", say, rather than the 
spelled-out
unqualified "Relying Party" term.

Please view or discuss this issue at 
https://github.com/w3c/webauthn/issues/180 using your GitHub account

Received on Monday, 22 August 2016 17:42:55 UTC