Re: [webauthn] Fix #593 - Refer to RFC 8266 for RP-controlled UI strings from Peter Saint-Andre via GitHub on 2018-05-10 (public-webauthn@w3.org from May 2018)

From: Peter Saint-Andre via GitHub <sysbot+gh@w3.org>
Date: Thu, 10 May 2018 19:39:38 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-388162488-1525981175-sysbot+gh@w3.org>

Taking a cue from RFC 8266 (Section 6.1), we might want to say something like this:

OLD

> Its value’s name member is required.
>
> Its value’s id member specifies the relying party identifier with which the credential should be associated. If omitted, its value will be the CredentialsContainer object’s relevant settings object's origin's effective domain.

NEW

> Its value's name member, which is required, is a user-friendly handle for the RelyingParty.
>
> Its value’s id member specifies the relying party identifier with which the credential should be associated. If omitted, its value will be the CredentialsContainer object’s relevant settings object's origin's effective domain.
>
> To ensure secure operation, authentication and authorization decisions MUST be made on the basis of the id member, not on the name member.


-- 
GitHub Notification of comment by stpeter
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/878#issuecomment-388162488 using your GitHub account

Received on Thursday, 10 May 2018 19:39:40 UTC