- From: Jeffrey Yasskin via GitHub <sysbot+gh@w3.org>
- Date: Wed, 11 Oct 2017 22:31:00 +0000
- To: public-webauthn@w3.org
@rlin1 You've got a bunch of comments on #623 that are actually about this change. The basic issue is about what to call the 3 things involved with using a credential: 1. The secret or capability that the client possesses. 2. The proof that the client has the secret/capability. 3. The thing that lets the RP verify the proof. We have a couple different kinds of credentials, and I want the terms to be consistent across them. I think I'm fine with your suggestion of: 1. Credential 2. Assertion (We'd probably have to call this a "Credential Assertion" in general, but we could use the shorthand within this spec.) 3. No suggestion, but I'd say maybe "Credential Verifier"? I *think* those work for passwords (the password is all three) and for SMS auth (1: SIM card; 2&3: OTP). One difficulty is that credentials.get() returns a `Credential` rather than a `CredentialAssertion`, but we could just live with that inconsistency. @mikewest, how do you feel about these names if I were to send a patch to Credential Manager? -- GitHub Notification of comment by jyasskin Please view or discuss this issue at https://github.com/w3c/webauthn/pull/620#issuecomment-335967544 using your GitHub account
Received on Wednesday, 11 October 2017 22:30:48 UTC