[webauthn] Incorrect "to create" phrase used in get() section's introduction? (#1687)

equalsJeffH has just created a new issue for https://github.com/w3c/webauthn:

== Incorrect "to create" phrase used in get() section's introduction? ==
There these two paragraphs in section [5.1.4. Use an Existing Credential to **Make an Assertion** - PublicKeyCredential’s \[\[Get\]\]\(options) Method](https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#sctn-getAssertion);
> The get() implementation [CREDENTIAL-MANAGEMENT-1] calls PublicKeyCredential.\[\[CollectFromCredentialStore]]() to collect any credentials that should be available without user mediation (roughly, this specification’s authorization gesture), and if it does not find exactly one of those, it then calls PublicKeyCredential.\[\[DiscoverFromExternalSource]]() to have the user select a credential source.

> Since this specification requires an authorization gesture **to create** any credentials, the PublicKeyCredential.[[CollectFromCredentialStore]](origin, options, sameOriginWithAncestors) internal method inherits the default behavior of Credential.\[\[CollectFromCredentialStore]](), of returning an empty set.  [emphasis added]

When I recently re-read that section of the spec and encountered that "to create" phrase, I immediately had these questions: 

Why is the phrase "to create" used here?  Ought it be "to use" or "to exercise" ?  

I.e., I do not understand how a gesture at cred creation time would factor in here?  

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1687 using your GitHub account

Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Friday, 10 December 2021 18:07:06 UTC