Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add authenticatorDisplayName to credProps #1880

Merged
merged 3 commits into from
Oct 11, 2023
Merged

Add authenticatorDisplayName to credProps #1880

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
29a8692
Add userDisplayName and vendorDisplayName to credProps
emlun Apr 21, 2023
d2b4dd7
Merge userDisplayName and vendorDisplayName into authenticatorDisplay…
emlun Apr 21, 2023
8dd7190
Rename credential record displayName to authenticatorDisplayName
emlun Apr 24, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
33 changes: 30 additions & 3 deletions index.bs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1167,6 +1167,17 @@ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "S
when the [=public key credential source=] was [=registration|registered=].
Storing this in combination with the above [$credential record/attestationObject$] [=struct/item=]
enables the [=[RP]=] to re-verify the [=attestation signature=] at a later time.

: <dfn>authenticatorDisplayName</dfn>
:: A [=human palatability|human-palatable=] description of the [=public key credential source=].

If used, the [=[RP]=] SHOULD use this to describe the [=credential record=] in the user's account settings.
The [=[RP]=] SHOULD allow the user to choose this value, and MAY allow the user to modify it at will.

The [=credProps|Credential Properties Extension=] defines the [=credential property=]
{{CredentialPropertiesOutput/authenticatorDisplayName}}
which, when available, MAY be offered as a default for this value.
The [=[RP]=] MAY also derive a default value from the authenticator's [=attestation statement=], if any.
</dl>

[=WebAuthn extensions=] MAY define additional [=struct/items=] needed to process the extension.
Expand Down Expand Up @@ -6564,9 +6575,6 @@ During a transition from the FIDO U2F JavaScript API, a [=[RP]=] may have a popu

This [=client extension|client=] [=registration extension=] facilitates reporting certain [=credential properties=] known by the [=client=] to the requesting [=[WRP]=] upon creation of a [=public key credential source=] as a result of a [=registration ceremony=].

At this time, one [=credential property=] is defined: the [=resident key credential property=]
(i.e., [=client-side discoverable credential property=]).

: Extension identifier
:: `credProps`

Expand All @@ -6590,6 +6598,7 @@ At this time, one [=credential property=] is defined: the [=resident key credent
<xmp class="idl">
dictionary CredentialPropertiesOutput {
boolean rk;
USVString authenticatorDisplayName;
};

partial dictionary AuthenticationExtensionsClientOutputs {
Expand All @@ -6608,6 +6617,24 @@ At this time, one [=credential property=] is defined: the [=resident key credent
If {{rk}} is not present, it is not known whether the credential is a [=discoverable credential=] or a [=server-side credential=].

Note: some [=authenticators=] create [=discoverable credentials=] even when not requested by the [=client platform=]. Because of this, [=client platforms=] may be forced to omit the {{rk}} property because they lack the assurance to be able to set it to [FALSE]. [=[RPS]=] should assume that, if the `credProps` extension is supported, then [=client platforms=] will endeavour to populate the {{rk}} property. Therefore a missing {{rk}} indicates that the created credential is most likely a [=non-discoverable credential=].

: <dfn>authenticatorDisplayName</dfn>
:: This OPTIONAL property is a [=human palatability|human-palatable=] description of the credential's [=managing authenticator=],
chosen by the user.

The [=client=] MUST allow the user to choose this value,
MAY or MAY not present that choice during [=registration ceremonies=],
MasterKale marked this conversation as resolved.
Show resolved Hide resolved
and MAY reuse the same value for multiple credentials with the same [=managing authenticator=] across multiple [=[RPS]=].

The [=client=] MAY query the [=authenticator=], by some unspecified mechanism, for this value.
The [=authenticator=] MAY allow the user to configure the response to such a query.
The [=authenticator=] vendor MAY provide a default response to such a query.
The [=client=] MAY consider a user-configured response chosen by the user,
and SHOULD allow the user to modify a vendor-provided default response.
MasterKale marked this conversation as resolved.
Show resolved Hide resolved

If the [=[RP]=] includes an <code>[$credential record/authenticatorDisplayName$]</code> [=struct/item=] in [=credential records=],
the [=[RP]=] MAY offer this value, if present,
emlun marked this conversation as resolved.
Show resolved Hide resolved
as a default value for the <code>[$credential record/authenticatorDisplayName$]</code> of the new [=credential record=].
</div>


Expand Down