W3C home > Mailing lists > Public > public-webauthn@w3.org > December 2016

RE: Questions about some of the naming in the spec

From: Vijay Bharadwaj <vijaybh@microsoft.com>
Date: Thu, 1 Dec 2016 17:25:41 +0000
To: Kimberly Paulhamus <kpaulhamus@google.com>, "public-webauthn@w3.org" <public-webauthn@w3.org>
Message-ID: <0fe6324de2164dce9fdb42d3bc503dc7@microsoft.com>
Hi Kimberly,

Thanks for the feedback. Security people tend to make a strong distinction between authentication (authn) and authorization (authz) which is where that terminology came from. So I suspect auth by itself would be confusing to a different audience. Regarding the Web prefix, I will leave that to others to comment on – I don’t have strong feelings about it either way.

From: Kimberly Paulhamus [mailto:kpaulhamus@google.com]
Sent: Wednesday, November 30, 2016 10:35 AM
To: public-webauthn@w3.org
Subject: Questions about some of the naming in the spec

Hi WebAuthn working group,

We are currently working on implementing WebAuthn for Chrome. We're at the early stages of setting up the Chromium interfaces, and reviewers have had some questions on the naming in the spec that we wanted to ask you all about..

To summarize -
Regarding WebAuthnAssertion/Attestation/Extensions, "Why not just WebAuth or Auth? The n in the middle doesn't mean anything and is going to be a wart for developers to remember for the next 30 years."

Account and ClientData are too generic; either need to be more specific or scoped.

Prefixing an API with 'Web' seems to be unusual in general.

Thoughts and comments?

Received on Thursday, 1 December 2016 17:26:20 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:24 UTC