From ec9dd1b96bdaefc618fdd6e2ed5cc33fdc9c6183 Mon Sep 17 00:00:00 2001 From: Matthew Miller Date: Wed, 26 Jul 2023 10:05:46 -0700 Subject: [PATCH 01/10] Emphasize user.name as primary identifier --- index.bs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/index.bs b/index.bs index 6f2734374..1569cb406 100644 --- a/index.bs +++ b/index.bs @@ -3184,8 +3184,8 @@ associated with or [=scoped=] to, respectively. including the value as a parameter of the [=authenticatorMakeCredential=] operation. - When inherited by {{PublicKeyCredentialUserEntity}}, it is a [=human palatability|human-palatable=] identifier for a - [=user account=]. It is intended only for display, i.e., aiding the user in determining the difference between user - accounts with similar {{PublicKeyCredentialUserEntity/displayName}}s. For example, "alexm", "alex.mueller@example.com" + [=user account=]. This identifier is the primary value displayed to users by [=Clients=] to help users understand with which + [=user account=] a credential is associated. Examples of suitable values for this identifier include, "alexm", "alex.mueller@example.com" or "+14255551234". - The [=[RP]=] MAY let the user choose this value. The [=[RP]=] SHOULD perform enforcement, From a87aa308a3a7e44c8ac9e9fec1de3fd15a2c0aa7 Mon Sep 17 00:00:00 2001 From: Matthew Miller Date: Wed, 26 Jul 2023 10:06:04 -0700 Subject: [PATCH 02/10] Define intended use case for displayName --- index.bs | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/index.bs b/index.bs index 1569cb406..847371c39 100644 --- a/index.bs +++ b/index.bs @@ -3254,8 +3254,12 @@ credential. with more than one [=user account=] at the [=[RP]=]. : displayName - :: A [=human palatability|human-palatable=] name for the [=user account=], intended only for display. For example, "Alex Müller" or "田中倫". The - [=[RP]=] SHOULD let the user choose this, and SHOULD NOT restrict the choice more than necessary. + :: A [=human palatability|human-palatable=] name for the [=user account=], intended only for display. + [=Clients=] may display this value to help users differentiate between multiple sub-accounts for a + given [=user account=] for situations in which every credential uses the same value for + {{PublicKeyCredentialEntity/name}}. Examples of suitable values for this identifier include, + "Alex Müller" or "田中倫". The [=[RP]=] SHOULD let the user choose this, and SHOULD NOT restrict + the choice more than necessary. - [=[RPS]=] SHOULD perform enforcement, as prescribed in Section 2.3 of [[!RFC8266]] for the Nickname Profile of the PRECIS FreeformClass [[!RFC8264]], From f09e3d8cea148765c5d634b283e9cc81f583ee6e Mon Sep 17 00:00:00 2001 From: Matthew Miller Date: Tue, 1 Aug 2023 12:56:59 -0700 Subject: [PATCH 03/10] Clarify that displayName can be the same as name --- index.bs | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/index.bs b/index.bs index 847371c39..55a459856 100644 --- a/index.bs +++ b/index.bs @@ -3257,9 +3257,12 @@ credential. :: A [=human palatability|human-palatable=] name for the [=user account=], intended only for display. [=Clients=] may display this value to help users differentiate between multiple sub-accounts for a given [=user account=] for situations in which every credential uses the same value for - {{PublicKeyCredentialEntity/name}}. Examples of suitable values for this identifier include, - "Alex Müller" or "田中倫". The [=[RP]=] SHOULD let the user choose this, and SHOULD NOT restrict - the choice more than necessary. + {{PublicKeyCredentialEntity/name}}. When such differentiation is not required, this value + MAY be set to the same value as {{PublicKeyCredentialEntity/name}}. Examples of suitable values for this identifier include, + "Alex Müller" or "田中倫". + + A [=[RP]=] MAY let the user specify this value, and SHOULD NOT restrict the choice + more than necessary when doing so. - [=[RPS]=] SHOULD perform enforcement, as prescribed in Section 2.3 of [[!RFC8266]] for the Nickname Profile of the PRECIS FreeformClass [[!RFC8264]], From c24ac18d5ecc27e3a8e3350b7c391ba5c60cab66 Mon Sep 17 00:00:00 2001 From: Matthew Miller Date: Tue, 1 Aug 2023 12:58:21 -0700 Subject: [PATCH 04/10] Trim line length --- index.bs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/index.bs b/index.bs index 55a459856..23206bdc7 100644 --- a/index.bs +++ b/index.bs @@ -3258,8 +3258,8 @@ credential. [=Clients=] may display this value to help users differentiate between multiple sub-accounts for a given [=user account=] for situations in which every credential uses the same value for {{PublicKeyCredentialEntity/name}}. When such differentiation is not required, this value - MAY be set to the same value as {{PublicKeyCredentialEntity/name}}. Examples of suitable values for this identifier include, - "Alex Müller" or "田中倫". + MAY be set to the same value as {{PublicKeyCredentialEntity/name}}. Examples of suitable + values for this identifier include, "Alex Müller" or "田中倫". A [=[RP]=] MAY let the user specify this value, and SHOULD NOT restrict the choice more than necessary when doing so. From ea2241817ecd2e43d11c368d4afe3136e855e0a1 Mon Sep 17 00:00:00 2001 From: Matthew Miller Date: Wed, 2 Aug 2023 14:42:46 -0700 Subject: [PATCH 05/10] Fix line length for `name` --- index.bs | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/index.bs b/index.bs index 23206bdc7..d193968e4 100644 --- a/index.bs +++ b/index.bs @@ -3183,10 +3183,12 @@ associated with or [=scoped=] to, respectively. on {{PublicKeyCredentialEntity/name}}'s value prior to displaying the value to the user or including the value as a parameter of the [=authenticatorMakeCredential=] operation. - - When inherited by {{PublicKeyCredentialUserEntity}}, it is a [=human palatability|human-palatable=] identifier for a - [=user account=]. This identifier is the primary value displayed to users by [=Clients=] to help users understand with which - [=user account=] a credential is associated. Examples of suitable values for this identifier include, "alexm", "alex.mueller@example.com" - or "+14255551234". + - When inherited by {{PublicKeyCredentialUserEntity}}, it is a + [=human palatability|human-palatable=] identifier for a [=user account=]. This + identifier is the primary value displayed to users by [=Clients=] to help users + understand with which [=user account=] a credential is associated. Examples of suitable + values for this identifier include, "alexm", "alex.mueller@example.com", or + "+14255551234". - The [=[RP]=] MAY let the user choose this value. The [=[RP]=] SHOULD perform enforcement, as prescribed in Section 3.4.3 of [[!RFC8265]] for the UsernameCasePreserved Profile of the PRECIS From 074be7fa540c50a2e5b2bad117f8aef1ee3297db Mon Sep 17 00:00:00 2001 From: Matthew Miller Date: Wed, 2 Aug 2023 14:42:57 -0700 Subject: [PATCH 06/10] Tweak `displayName` based on feedback --- index.bs | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/index.bs b/index.bs index d193968e4..ddc0224b1 100644 --- a/index.bs +++ b/index.bs @@ -3256,15 +3256,14 @@ credential. with more than one [=user account=] at the [=[RP]=]. : displayName - :: A [=human palatability|human-palatable=] name for the [=user account=], intended only for display. - [=Clients=] may display this value to help users differentiate between multiple sub-accounts for a - given [=user account=] for situations in which every credential uses the same value for - {{PublicKeyCredentialEntity/name}}. When such differentiation is not required, this value - MAY be set to the same value as {{PublicKeyCredentialEntity/name}}. Examples of suitable - values for this identifier include, "Alex Müller" or "田中倫". - - A [=[RP]=] MAY let the user specify this value, and SHOULD NOT restrict the choice - more than necessary when doing so. + :: A [=human palatability|human-palatable=] name for the [=user account=], intended only for + display. [=Clients=] may display this value to help users differentiate between multiple + [=credentials=] with the same value of {{PublicKeyCredentialEntity/name}}. Examples of + suitable values for this identifier include, "Alex Müller" or "田中倫". + + The [=[RP]=] SHOULD let the user choose this, and SHOULD NOT restrict the choice more than necessary. + + The [=[RP]=] MAY set this to the same value as {{PublicKeyCredentialEntity/name}}. - [=[RPS]=] SHOULD perform enforcement, as prescribed in Section 2.3 of [[!RFC8266]] for the Nickname Profile of the PRECIS FreeformClass [[!RFC8264]], From 03937f40adebdd2970c99edc1fd4bf844ecd0b46 Mon Sep 17 00:00:00 2001 From: Matthew Miller Date: Tue, 15 Aug 2023 14:07:50 -0700 Subject: [PATCH 07/10] Try to tweak wording to emphasize name --- index.bs | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/index.bs b/index.bs index ddc0224b1..725302b8d 100644 --- a/index.bs +++ b/index.bs @@ -2784,7 +2784,7 @@ Note: Invoking this method from a [=browsing context=] where the [=Web Authentic
[=[WRPS]=] use this method to determine whether they can create a new [=passkey=] using a [=user-verifying platform authenticator=] or a {{AuthenticatorTransport/hybrid}} authenticator. -Upon invocation, the [=client=] employs a [=client platform=]-specific procedure to discover available [=user-verifying platform authenticators=] and the +Upon invocation, the [=client=] employs a [=client platform=]-specific procedure to discover available [=user-verifying platform authenticators=] and the availability of {{AuthenticatorTransport/hybrid}} transport. If one or both are discovered, the promise is resolved with the value of [TRUE]. If neither is discovered, the promise is resolved with the value of [FALSE]. @@ -3186,9 +3186,12 @@ associated with or [=scoped=] to, respectively. - When inherited by {{PublicKeyCredentialUserEntity}}, it is a [=human palatability|human-palatable=] identifier for a [=user account=]. This identifier is the primary value displayed to users by [=Clients=] to help users - understand with which [=user account=] a credential is associated. Examples of suitable - values for this identifier include, "alexm", "alex.mueller@example.com", or - "+14255551234". + understand with which [=user account=] a credential is associated. The [=[RP]=] MAY + extend the identifier to help a user differentiate between multiple credentials for + a single [=user account=] when the same value would otherwise be used for all + credentials. + + Examples of suitable values for this identifier include, "alex.mueller@example.com (Production)", "alexm", or "+14255551234". - The [=[RP]=] MAY let the user choose this value. The [=[RP]=] SHOULD perform enforcement, as prescribed in Section 3.4.3 of [[!RFC8265]] for the UsernameCasePreserved Profile of the PRECIS @@ -3257,13 +3260,10 @@ credential. : displayName :: A [=human palatability|human-palatable=] name for the [=user account=], intended only for - display. [=Clients=] may display this value to help users differentiate between multiple - [=credentials=] with the same value of {{PublicKeyCredentialEntity/name}}. Examples of - suitable values for this identifier include, "Alex Müller" or "田中倫". - - The [=[RP]=] SHOULD let the user choose this, and SHOULD NOT restrict the choice more than necessary. + display. The [=[RP]=] SHOULD let the user choose this, and SHOULD NOT restrict the choice + more than necessary. The [=[RP]=] MAY set this to the same value as {{PublicKeyCredentialEntity/name}}. - The [=[RP]=] MAY set this to the same value as {{PublicKeyCredentialEntity/name}}. + Examples of suitable values for this identifier include, "Alex Müller (ACME Co.)" or "田中倫". - [=[RPS]=] SHOULD perform enforcement, as prescribed in Section 2.3 of [[!RFC8266]] for the Nickname Profile of the PRECIS FreeformClass [[!RFC8264]], From 6b9a84020ce47408c3c85cc382b04eb000d9a67b Mon Sep 17 00:00:00 2001 From: Matthew Miller Date: Thu, 24 Aug 2023 15:35:33 -0700 Subject: [PATCH 08/10] Suggest empty string for displayName when needed --- index.bs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/index.bs b/index.bs index 725302b8d..1269022db 100644 --- a/index.bs +++ b/index.bs @@ -3261,7 +3261,8 @@ credential. : displayName :: A [=human palatability|human-palatable=] name for the [=user account=], intended only for display. The [=[RP]=] SHOULD let the user choose this, and SHOULD NOT restrict the choice - more than necessary. The [=[RP]=] MAY set this to the same value as {{PublicKeyCredentialEntity/name}}. + more than necessary. If no suitable or [=human palatability|human-palatable=] name is + available, the [=[RP]=] SHOULD set this value to an empty string. Examples of suitable values for this identifier include, "Alex Müller (ACME Co.)" or "田中倫". From 7068cfa7dc9e83e846ada183517e0e1e9c2d2679 Mon Sep 17 00:00:00 2001 From: Matthew Miller Date: Thu, 24 Aug 2023 15:46:09 -0700 Subject: [PATCH 09/10] Streamline user.name definition and add examples --- index.bs | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/index.bs b/index.bs index 1269022db..bebb432a4 100644 --- a/index.bs +++ b/index.bs @@ -3186,12 +3186,11 @@ associated with or [=scoped=] to, respectively. - When inherited by {{PublicKeyCredentialUserEntity}}, it is a [=human palatability|human-palatable=] identifier for a [=user account=]. This identifier is the primary value displayed to users by [=Clients=] to help users - understand with which [=user account=] a credential is associated. The [=[RP]=] MAY - extend the identifier to help a user differentiate between multiple credentials for - a single [=user account=] when the same value would otherwise be used for all - credentials. + understand with which [=user account=] a credential is associated. - Examples of suitable values for this identifier include, "alex.mueller@example.com (Production)", "alexm", or "+14255551234". + Examples of suitable values for this identifier include, "alexm", "+14255551234", + "alex.mueller@example.com", "alex.mueller@example.com (prod-env)", + "alex.mueller@example.com (ACME Corp.)", or "alex.mueller@example.com (ОАО Примертех)". - The [=[RP]=] MAY let the user choose this value. The [=[RP]=] SHOULD perform enforcement, as prescribed in Section 3.4.3 of [[!RFC8265]] for the UsernameCasePreserved Profile of the PRECIS From aefe8f2d4ae2fe9020063618019742efe40c630f Mon Sep 17 00:00:00 2001 From: Matthew Miller Date: Wed, 6 Sep 2023 10:41:41 -0700 Subject: [PATCH 10/10] Tweak examples based on feedback --- index.bs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/index.bs b/index.bs index bebb432a4..9eb84eb4e 100644 --- a/index.bs +++ b/index.bs @@ -3190,7 +3190,7 @@ associated with or [=scoped=] to, respectively. Examples of suitable values for this identifier include, "alexm", "+14255551234", "alex.mueller@example.com", "alex.mueller@example.com (prod-env)", - "alex.mueller@example.com (ACME Corp.)", or "alex.mueller@example.com (ОАО Примертех)". + or "alex.mueller@example.com (ОАО Примертех)". - The [=[RP]=] MAY let the user choose this value. The [=[RP]=] SHOULD perform enforcement, as prescribed in Section 3.4.3 of [[!RFC8265]] for the UsernameCasePreserved Profile of the PRECIS @@ -3263,7 +3263,7 @@ credential. more than necessary. If no suitable or [=human palatability|human-palatable=] name is available, the [=[RP]=] SHOULD set this value to an empty string. - Examples of suitable values for this identifier include, "Alex Müller (ACME Co.)" or "田中倫". + Examples of suitable values for this identifier include, "Alex Müller", "Alex Müller (ACME Co.)" or "田中倫". - [=[RPS]=] SHOULD perform enforcement, as prescribed in Section 2.3 of [[!RFC8266]] for the Nickname Profile of the PRECIS FreeformClass [[!RFC8264]],