- From: Arshad Noor <arshad.noor@strongauth.com>
- Date: Thu, 1 Dec 2016 09:32:37 -0800
- To: public-webauthn@w3.org
- Message-ID: <88ccb5a3-17d4-716d-08ed-20eaca9a798a@strongauth.com>
When you consider that FIDO protocols also enable "transaction confirmation" (aka "authorization") having 'n' in there doesn't make sense either. On 12/01/2016 09:25 AM, Vijay Bharadwaj wrote: > > Hi Kimberly, > > Thanks for the feedback. Security people tend to make a strong > distinction between authentication (authn) and authorization (authz) > which is where that terminology came from. So I suspect auth by itself > would be confusing to a different audience. Regarding the Web prefix, > I will leave that to others to comment on – I don’t have strong > feelings about it either way. > > *From:* Kimberly Paulhamus [mailto:kpaulhamus@google.com] > *Sent:* Wednesday, November 30, 2016 10:35 AM > *To:* public-webauthn@w3.org > *Subject:* Questions about some of the naming in the spec > > Hi WebAuthn working group, > > We are currently working on implementing WebAuthn for Chrome. We're at > the early stages of setting up the Chromium interfaces, and reviewers > have had some questions on the naming in the spec that we wanted to > ask you all about.. > > To summarize - > > Regarding WebAuthnAssertion/Attestation/Extensions, "Why not just > WebAuth or Auth? The n in the middle doesn't mean anything and is > going to be a wart for developers to remember for the next 30 years." > > Account and ClientData are too generic; either need to be more > specific or scoped. > > Prefixing an API with 'Web' seems to be unusual in general. > > Thoughts and comments? > > Thanks, > > Kimberly >
Received on Thursday, 1 December 2016 17:33:13 UTC