Clarify, simplify and align parameter descriptions #1621
Conversation
We already do this for UserVerificationRequirement values even though both types are "non-exhaustive" enumerations for DOMString attributes.
These parameter descriptions are the primary API documentation for Relying Parties, so this rewrites attempts to simplify the descriptions and clearer explain how to use them from an RP perspective. Also removes some unnecessary words and aligns some similar descriptions into more recognizable patterns.
|
Looks good :) |
There was a problem hiding this comment.
Hi @emlun, thanks for taking on this gnarly complicated polishing! Overall it looks good, although I have several detail-level comments & suggestions.
An overall comment/suggestion is that we ought to define/circumscribe the difference between a "ceremony" and an "operation" and then use those terms consistently. Here's a back-of-the-envelope attempt:
A "ceremony" is the overall entire flow includes the user's actions, the UI the user interacts with, the RP's particular webauthn deployment approach, and the behavior of the webauthn-defined .create() / .get() operations (plus the "stack" underneath those operations (eg CTAP2 or a platform API+implementation)).
An "operation" is either a "registration operation" or "authentication operation" which are discrete invocations of .create() or .get(), including the marshalling of arguments and the subsequent evaluation of results.
Then in the below we may wish to use "operation" in some places where you're presently suggesting "ceremony".
Another item is that in various places we are using the term "user" where we actually mean "user account", and that creds are mapped to user accounts by RPs, via user handles. We ought to define "user account" in the terminology section.
emlun
force-pushed
the
issue-1618-clarify-params
branch
from
5d354ef to
03becb6
Compare
Co-authored-by: =JeffH <jdhodges@google.com>
There was a problem hiding this comment.
I do not understand why you marked various comments below as "resolved" without incorporating the suggestion or offering rationale as to why not to incorporate the suggestion.
I'm away for an extended period and unable to split hairs over this, so do what you think is best.
equalsJeffH
dismissed
their stale review
I'm away for an extended period and unable to split hairs over this, so do what you think is best.
Sorry, my mistake. I'd resolved them locally but hadn't pushed the changes, I think I was waiting to see what happens in #1649 and base the continuation here on that. I'll go back and un-resolve them for now for proper bookkeeping. |
Co-authored-by: =JeffH <jdhodges@google.com>
Ah, ok, thanks, that makes sense. |
Define "user account"
|
is this waiting on @sbweeden ? |
|
No, it's waiting on me. I'll update it within the next few days. |
Co-authored-by: =JeffH <jdhodges@google.com>
index.bs
Outdated
| The value SHOULD be a member of {{AuthenticatorAttachment}} but [=client platforms=] MUST ignore unknown values, | ||
| treating an unknown value as if the [=map/exist|member does not exist=]. | ||
|
|
||
| The [=[RP]=] can determine the resulting [=authenticator attachment modality|attachment=] for the created credential |
There was a problem hiding this comment.
I don't know that this is entirely true. My understanding is that the use of getTransports() will return all attachments supported by the authenticator that generated the credential - not just the particular transport used in this ceremony. There is a discussion in #1668 about potentially including a transport field in PublicKeyCredential for the purpose of determining the transport that was actually used.
Maybe the change here is just to reword to the plural attachments, as at the moment it reads as if it returns the singular transport that was used for the ceremony.
There was a problem hiding this comment.
Also a good point. I don't think we really clarify how one can determine the authenticator attachment(s) from the transports list, so it might be appropriate to introduce a small section on that. We already have §5.2.1.1. Easily accessing credential data as a subsection of the AuthenticatorAttestationResponse section, so another sibling subsection there seems reasonable. I think I'll do that as a meta-pull request into this one.
There was a problem hiding this comment.
Addressed in meta-PR #1670.
There was a problem hiding this comment.
It is good that #1670 adds an explanation of how getTransports() may be interpreted by the RP. That said, I don't think it addresses the original comment here, at least not always. If getTransports() returned a list, with one of those values being internal, and another being a different transport (such as the mobile phone as an authenticator use case), the RP cannot determine the resulting authenticator attachment modality for the created credential. This however could be determined with the proposal in #1668, which I think better addresses the use case of an RP trying to determine if a platform-bound credential has been created as part of this ceremony.
I am in favour of keeping the changes in #1670 to aid in the understanding of RPs interpretation and use of getTransports(), but I don't think that this section should attempt to claim that the getTransports() API is alone enough to determine the resulting authenticator attachment modality.
There was a problem hiding this comment.
Ah right, looks like I missed that nuance in your first comment. getTransports() (if non-empty) is enough to determine the possible attachment options for the credential, but indeed it is not enough to determine the attachment used in this particular ceremony. So I agree that needs to be clearer. But perhaps an even better solution is to extend the proposal in issue #1666 and PR #1668 to apply to registration too?
There was a problem hiding this comment.
To land this PR, we could just remove this section completely:
The [=[RP]=] can determine the resulting [=authenticator attachment modality|attachment=] for the created credential using the {{AuthenticatorAttestationResponse/getTransports()}} method of the resulting {{AuthenticatorAttestationResponse}}.
See [[#enum-transport]] for details.
and let #1668 deal with the issue of deterministically allowing an RP to understand the attachment modality of an authenticator for a particular ceremony.
There was a problem hiding this comment.
Yeah, that works too I guess. There's not really much reason to hurry to get this one merged.
Address review comments by @sbweeden
|
on 2021-09-22 call: |
|
I could be wrong, but it seems this PR has not recently had a merge-from-main. Catching it up with the changes in the main branch would be helpful for reviewing it. thanks. |
index.bs
Outdated
| The value SHOULD be a member of {{AuthenticatorAttachment}} but [=client platforms=] MUST ignore unknown values, | ||
| treating an unknown value as if the [=map/exist|member does not exist=]. | ||
|
|
||
| The [=[RP]=] can determine the resulting [=authenticator attachment modality|attachment=] for the created credential |
…er a successful ceremony
There was a problem hiding this comment.
LGTM @emlun, thanks again for this non-trivial polishing. ( I've one minor comment below )
SHA: bc87207 Reason: push, by @YubicoDemo Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Motivated by #1618, though I'm not sure this will fully resolve all the concerns there.
These parameter descriptions are the primary API documentation for Relying Parties, so this rewrite attempts to simplify the descriptions and clearer explain how to use them from an RP perspective. Also removes some unnecessary words and aligns some similar descriptions into more recognizable patterns.
Preview | Diff