Re: [webauthn] Fix #593 - Refer to RFC 8266 for RP-controlled UI strings from =JeffH via GitHub on 2018-05-01 (public-webauthn@w3.org from May 2018)

From: =JeffH via GitHub <sysbot+gh@w3.org>
Date: Tue, 01 May 2018 23:48:22 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-385823259-1525218501-sysbot+gh@w3.org>

I agree that the spec needs to refer to the PRECIS spec suite [1] regarding its use and treatment of internationalized (unicode-encoded) strings. I am thinking ([IIUC](https://en.wiktionary.org/wiki/IIUC)) the proposed two single-line additions in this PR are a start, but to properly utilize PRECIS (and user-visible internat'd strings) we ought to specify things more thoroughly.  

I.e., in RFC8266 [S 4 Use in Application Protocols](https://tools.ietf.org/html/rfc8266#section-4), there's these directions:
> It is the responsibility of an application
   protocol (e.g., MSRP, XCON, or XMPP) or application definition to
   specify **(1)** the protocol slots in which nickname strings can appear, **(2) the
   entities that are expected to enforce the rules governing nickname
   strings,** and **(3) the point during protocol processing or interface
   handling when the rules need to be enforced**.
   [numbers and emphasis added]

This PR presently seems to be a start on (1), but (2) and (3) do not seem to be presently address? 

E.g., as a suggestion we should perhaps specify in [5.4.1. Public Key Entity Description](https://w3c.github.io/webauthn/#dictionary-pkcredentialentity) that the RP is responsible for [the preparation and the enforcement](https://tools.ietf.org/html/rfc8264#section-3) of [PublicKeyCredentialEntity.name](https://w3c.github.io/webauthn/#dictdef-publickeycredentialentity)'s value, via the PRECIS [nickname profile](https://tools.ietf.org/html/rfc8266#section-2)'s [preparation](https://tools.ietf.org/html/rfc8266#section-2.2) and [enforcement](https://tools.ietf.org/html/rfc8266#section-2.3) rules. 

Similarly in [5.4.3. User Account Parameters for Credential Generation](https://w3c.github.io/webauthn/#sctn-rp-credential-params) specify the same for  [PublicKeyCredentialUserEntity.displayName](https://w3c.github.io/webauthn/#dictdef-publickeycredentialuserentity)'s value.  

Then [IIUC](https://en.wiktionary.org/wiki/IIUC) we need to find the places in the spec where these strings are compared and indicate that PRECIS [nickname profile comparison rules](https://tools.ietf.org/html/rfc8266#section-2.4) are enforced. 

WDYT?

cc @stpeter

-----
[1] PRECIS Framework: Preparation, Enforcement, and Comparison of Internationalized Strings in Application Protocols, RFCs [8264](https://tools.ietf.org/html/rfc8264), [8265](https://tools.ietf.org/html/rfc8265), [8266](https://tools.ietf.org/html/rfc8266).

-- 
GitHub Notification of comment by equalsJeffH
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/878#issuecomment-385823259 using your GitHub account

Received on Tuesday, 1 May 2018 23:48:26 UTC