W3C home > Mailing lists > Public > public-webauthn@w3.org > October 2017

[webauthn] Rename PublicKeyCredentialEntity fields

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Mon, 16 Oct 2017 11:50:10 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-265741699-1508154593-sysbot+gh@w3.org>
emlun has just created a new issue for https://github.com/w3c/webauthn:

== Rename PublicKeyCredentialEntity fields ==
This is split out from #622.

The field names in `PublicKeyCredentialEntity` and its descendants are unnecessarily confusing. In particular, `PublicKeyCredentialEntity.name` means different things when inherited by `PublicKeyCredentialRpEntity` vs `PublicKeyCredentialUserEntity` - in the former case it's a human-friendly display name, in the latter case it's a unique identifier for a user account. I suggest eliminating that ambiguity by renaming the fields:

- Rename `rp.name` to `rp.displayName`
- Rename `user.id` to `user.handle`
- Rename `user.name` to `user.id`

The hierarchy would then look something like this:

```
dictionary PublicKeyCredentialEntity {
    required DOMString      displayName;
    USVString               icon;
};
dictionary PublicKeyCredentialRpEntity : PublicKeyCredentialEntity {
    required DOMString      id;
};
dictionary PublicKeyCredentialUserEntity : PublicKeyCredentialEntity {
    required DOMString      id;
    BufferSource   handle;
};
```

I haven't lifted `id` up to the parent here because it will have different descriptions in the child types. The authenticator shouldn't give out a `PublicKeyCredentialUserEntity` without first verifying the user, so it shouldn't hurt to make all three fields required, right?

I think this would improve clarity a lot, but it would be a breaking change. What do people think?

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/646 using your GitHub account
Received on Monday, 16 October 2017 11:50:02 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:28 UTC