W3C home > Mailing lists > Public > public-webauthn@w3.org > December 2016

Re: Questions about some of the naming in the spec

From: Arshad Noor <arshad.noor@strongauth.com>
Date: Thu, 1 Dec 2016 09:32:37 -0800
To: public-webauthn@w3.org
Message-ID: <88ccb5a3-17d4-716d-08ed-20eaca9a798a@strongauth.com>
When you consider that FIDO protocols also enable "transaction 
confirmation" (aka "authorization") having 'n' in there doesn't make 
sense either.

On 12/01/2016 09:25 AM, Vijay Bharadwaj wrote:
> Hi Kimberly,
> Thanks for the feedback. Security people tend to make a strong 
> distinction between authentication (authn) and authorization (authz) 
> which is where that terminology came from. So I suspect auth by itself 
> would be confusing to a different audience. Regarding the Web prefix, 
> I will leave that to others to comment on – I don’t have strong 
> feelings about it either way.
> *From:* Kimberly Paulhamus [mailto:kpaulhamus@google.com]
> *Sent:* Wednesday, November 30, 2016 10:35 AM
> *To:* public-webauthn@w3.org
> *Subject:* Questions about some of the naming in the spec
> Hi WebAuthn working group,
> We are currently working on implementing WebAuthn for Chrome. We're at 
> the early stages of setting up the Chromium interfaces, and reviewers 
> have had some questions on the naming in the spec that we wanted to 
> ask you all about..
> To summarize -
> Regarding WebAuthnAssertion/Attestation/Extensions, "Why not just 
> WebAuth or Auth? The n in the middle doesn't mean anything and is 
> going to be a wart for developers to remember for the next 30 years."
> Account and ClientData are too generic; either need to be more 
> specific or scoped.
> Prefixing an API with 'Web' seems to be unusual in general.
> Thoughts and comments?
> Thanks,
> Kimberly
Received on Thursday, 1 December 2016 17:33:13 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:24 UTC