From 443482ebdef447bd9fbeb8a5ce1b01d09feea0ac Mon Sep 17 00:00:00 2001 From: Vijay Bharadwaj Date: Tue, 13 Sep 2016 23:23:12 -0700 Subject: [PATCH 1/5] Allow caller to explicitly specify its claimed RP ID Alternative to #162 as suggested by @balfanz. This change also gets rid of references to PSL and eTLD+1, replacing them with references to the HTML specification instead. --- index.bs | 41 ++++++++++++++++++++++++++--------------- 1 file changed, 26 insertions(+), 15 deletions(-) diff --git a/index.bs b/index.bs index 9fbe8fb37..ee2ae9533 100644 --- a/index.bs +++ b/index.bs @@ -130,8 +130,8 @@ or a combination of both. This specification relies on several other underlying specifications. -: HTML5 -:: The concept of origin and the Navigator interface are defined in [[!HTML5]]. +: HTML 5.1 +:: The concept of origin and the Navigator interface are defined in [[!HTML51-20160621]]. : Web IDL :: Many of the interface definitions and all of the IDL in this specification depend on [[!WebIDL-1]]. This updated version of @@ -204,10 +204,6 @@ NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and :: A user agent implementing, in conjunction with the underlying platform, the Web Authentication API and algorithms given in this specification, and handling communication between Authenticators and [RPS]. -: eTLD+1 -:: Also known as a Registered Domain [[PSL]], an eTLD+1 is an effective Top-Level Domain Name (eTLD), plus the - next domain name label, proceeding from right to left. An eTLD is also known as a public suffix [[RFC7719]]. - : Registration :: The ceremony where a user, a [RP], and the user's computing device(s) (containing at least one authenticator) work in concert to create a scoped credential and associate it with the user's [RP] @@ -222,7 +218,8 @@ NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and : Relying Party Identifier : RP ID -:: A Relying Party Identifier is derived from a [RP]'s web origin's hostname by computing the hostname's eTLD+1. +:: A Relying Party Identifier defines the scope of a given credential, i.e. the set of web origins that the client will permit + to access that credential. It is derived from a [RP]'s web origin's hostname or directly specified by the [RP]. : Scoped Credential :: Generically, a credential is data one entity presents to another in order to authenticate the former's identity [[RFC4949]]. @@ -345,10 +342,13 @@ When this method is invoked, the user agent MUST execute the following algorithm 2. Let |promise| be a new Promise. Return |promise| and start a timer for |adjustedTimeout| seconds. Then asynchronously continue executing the following steps. -3. Set |callerOrigin| to the origin of the caller. Derive the RP ID from |callerOrigin| by computing the - "public suffix + 1" or "PS+1" (which is also referred to as the "Effective Top-Level Domain plus One" or "eTLD+1") - part of |callerOrigin| [[PSL]]. Let |rpId| be the lowercase form of this RP ID. Set |rpIdHash| to the SHA-256 hash of the - UTF-8 encoding of |rpId|. +3. Set |callerOrigin| to the origin of the caller. If {{CredentialOptions/rpId}} is not specified, then + set |rpId| to the Unicode serialization of |callerOrigin| as specified in [[!HTML51-20160621]] section 6.4. If + {{CredentialOptions/rpId}} is specified, then check if its value would be an acceptable setting for the current document's + `domain` by running the algorithm in [[!HTML51-20160621]] section 6.4.1 (but do not change the current document's `domain`). + If it is not permissible, reject |promise| with a DOMException whose name is "SecurityError", and terminate this + algorithm. If it is permissible, then set |rpId| to the Unicode serialization of {{CredentialOptions/rpId}}. Set |rpIdHash| + to the SHA-256 hash of the UTF-8 encoding of |rpId|. 4. Process each element of cryptoParameters using the following steps, to produce a new sequence `normalizedParameters`: - Let |current| be the currently selected element of cryptoParameters. @@ -421,10 +421,13 @@ When this method is invoked, the user agent MUST execute the following algorithm 2. Let |promise| be a new Promise. Return |promise| and start a timer for |adjustedTimeout| seconds. Then asynchronously continue executing the following steps. -3. Set |callerOrigin| to the origin of the caller. Derive the RP ID from |callerOrigin| by computing the - "public suffix + 1" or "PS+1" (which is also referred to as the "Effective Top-Level Domain plus One" or "eTLD+1") - part of |callerOrigin| [[PSL]]. Let |rpId| be the lowercase form of this RP ID. Set |rpIdHash| to the SHA-256 hash of the - UTF-8 encoding of |rpId|. +3. Set |callerOrigin| to the origin of the caller. If {{CredentialOptions/rpId}} is not specified, then + set |rpId| to the Unicode serialization of |callerOrigin| as specified in [[!HTML51-20160621]] section 6.4. If + {{CredentialOptions/rpId}} is specified, then check if its value would be an acceptable setting for the current document's + `domain` by running the algorithm in [[!HTML51-20160621]] section 6.4.1 (but do not change the current document's `domain`). + If it is not permissible, reject |promise| with a DOMException whose name is "SecurityError", and terminate this + algorithm. If it is permissible, then set |rpId| to the Unicode serialization of {{CredentialOptions/rpId}}. Set |rpIdHash| + to the SHA-256 hash of the UTF-8 encoding of |rpId|. 4. If {{AssertionOptions/extensions}} was specified, process any extensions supported by this client platform, to produce the extension data that needs to be sent to the authenticator. Call this data |clientExtensions|. @@ -553,6 +556,7 @@ authorizing an authenticator with which to complete the operation. 
     dictionary CredentialOptions {
         unsigned long                       timeoutSeconds;
+        USVString                           rpId;
         sequence < CredentialDescription >  excludeList;
         WebAuthnExtensions                  extensions;
     };
@@ -564,6 +568,9 @@ authorizing an authenticator with which to complete the operation.
 
     - The timeoutSeconds parameter specifies a time, in seconds, that the caller is willing to wait for the call to
         complete. This is treated as a hint, and may be overridden by the platform.
+    
+    - The rpId parameter explicitly specifies the RP ID that the credential should be associated with. If it is
+        omitted, the RP ID will be set to the caller's origin.
 
     - The excludeList parameter is intended for use by [RPS] that wish to limit the creation of multiple
         credentials for the same account on a single authenticator. The platform is requested to return an error if the new
@@ -610,6 +617,7 @@ user consent to a specific transaction. The structure of these signatures is def
 
     dictionary AssertionOptions {
         unsigned long                      timeoutSeconds;
+        USVString                          rpId;
         sequence < CredentialDescription > allowList;
         WebAuthnExtensions                 extensions;
     };
@@ -620,6 +628,9 @@ user consent to a specific transaction. The structure of these signatures is def
 
     - The optional timeoutSeconds parameter specifies a time, in seconds, that the caller is willing to wait for the
         call to complete. This is treated as a hint, and may be overridden by the platform.
+        
+    - The optional rpId parameter specifies the rpId claimed by the caller. If it is omitted, it will be assumed to
+        be equal to the caller's origin.
 
     - The optional allowList member contains a list of credentials acceptable to the caller, in order of the caller's
         preference.

From a9c6b38eaf4936c01981e4f7918a73542f833847 Mon Sep 17 00:00:00 2001
From: Vijay Bharadwaj 
Date: Fri, 16 Sep 2016 02:04:13 -0700
Subject: [PATCH 2/5] Remove rpId from ClientData

Since rpId is now equal to origin except when explicitly specified by
the caller, and it is folded into the authenticatorData, having it in
ClientData adds no value.

Fixes #189
---
 index.bs | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/index.bs b/index.bs
index ee2ae9533..eed98117c 100644
--- a/index.bs
+++ b/index.bs
@@ -702,7 +702,6 @@ string-valued keys. Values may be any type that has a valid encoding in JSON. It
     dictionary ClientData {
         required DOMString           challenge;
         required DOMString           origin;
-        required DOMString           rpId;
         required AlgorithmIdentifier hashAlg;
         DOMString                    tokenBinding;
         WebAuthnExtensions           extensions;
@@ -715,8 +714,6 @@ string-valued keys. Values may be any type that has a valid encoding in JSON. It
     The origin member contains the fully qualified web origin of the requester, as provided to the authenticator by
     the client, in the syntax defined by [[RFC6454]].
 
-    The rpId member contains the RP ID of the requester, as computed by the client.
-
     The hashAlg member specifies the hash algorithm used to compute clientDataHash (see
     [[#authenticator-signature]]). Use "S256" for SHA-256, "S384" for SHA384, "S512" for SHA512, and "SM3" for SM3 (see
     [[#iana-considerations]]). This algorithm is chosen by the client at its sole discretion.

From 7943865cd0d71c329dbbc822e1e209e60364a397 Mon Sep 17 00:00:00 2001
From: Vijay Bharadwaj 
Date: Fri, 16 Sep 2016 15:28:35 -0700
Subject: [PATCH 3/5] Incorporate feedback from @equalsJeffH

---
 index.bs | 28 +++++++++++++---------------
 1 file changed, 13 insertions(+), 15 deletions(-)

diff --git a/index.bs b/index.bs
index eed98117c..b8b53e5a4 100644
--- a/index.bs
+++ b/index.bs
@@ -130,7 +130,7 @@ or a combination of both.
 
 This specification relies on several other underlying specifications.
 
-: HTML 5.1
+: HTML
 :: The concept of origin and the Navigator interface are defined in [[!HTML51-20160621]].
 
 : Web IDL
@@ -218,8 +218,8 @@ NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED",  "MAY", and
 
 : Relying Party Identifier
 : RP ID
-:: A Relying Party Identifier defines the scope of a given credential, i.e. the set of web origins that the client will permit
-    to access that credential. It is derived from a [RP]'s web origin's hostname or directly specified by the [RP]. 
+:: A Relying Party Identifier defines the scope of a given credential, i.e. the set of origins that the client will permit to
+    access that credential. It is derived from a [RP]'s web origin's hostname or directly specified by the [RP]. 
 
 : Scoped Credential
 :: Generically, a credential is data one entity presents to another in order to authenticate the former's identity [[RFC4949]].
@@ -343,12 +343,11 @@ When this method is invoked, the user agent MUST execute the following algorithm
     Then asynchronously continue executing the following steps.
 
 3. Set |callerOrigin| to the origin of the caller. If {{CredentialOptions/rpId}} is not specified, then
-    set |rpId| to the Unicode serialization of |callerOrigin| as specified in [[!HTML51-20160621]] section 6.4. If
-    {{CredentialOptions/rpId}} is specified, then check if its value would be an acceptable setting for the current document's
-    `domain` by running the algorithm in [[!HTML51-20160621]] section 6.4.1 (but do not change the current document's `domain`).
-    If it is not permissible, reject |promise| with a DOMException whose name is "SecurityError", and terminate this
-    algorithm. If it is permissible, then set |rpId| to the Unicode serialization of {{CredentialOptions/rpId}}. Set |rpIdHash|
-    to the SHA-256 hash of the UTF-8 encoding of |rpId|.
+    set |rpId| to |callerOrigin|. If {{CredentialOptions/rpId}} is specified, then invoke the algorithm for relaxing the same-
+    origin restriction as specified in [[!HTML51-20160621]] section 6.4.1, using {{CredentialOptions/rpId}} as the given value
+    and without changing the current document's `domain`. If any errors are thrown, reject |promise| with a DOMException
+    whose name is "SecurityError", and terminate this algorithm. If no errors are thrown, set |rpId| to the value of `host` as
+    computed by the algorithm. Set |rpIdHash| to the SHA-256 hash of |rpId|.
 
 4. Process each element of cryptoParameters using the following steps, to produce a new sequence `normalizedParameters`:
     - Let |current| be the currently selected element of cryptoParameters.
@@ -422,12 +421,11 @@ When this method is invoked, the user agent MUST execute the following algorithm
     Then asynchronously continue executing the following steps.
 
 3. Set |callerOrigin| to the origin of the caller. If {{CredentialOptions/rpId}} is not specified, then
-    set |rpId| to the Unicode serialization of |callerOrigin| as specified in [[!HTML51-20160621]] section 6.4. If
-    {{CredentialOptions/rpId}} is specified, then check if its value would be an acceptable setting for the current document's
-    `domain` by running the algorithm in [[!HTML51-20160621]] section 6.4.1 (but do not change the current document's `domain`).
-    If it is not permissible, reject |promise| with a DOMException whose name is "SecurityError", and terminate this
-    algorithm. If it is permissible, then set |rpId| to the Unicode serialization of {{CredentialOptions/rpId}}. Set |rpIdHash|
-    to the SHA-256 hash of the UTF-8 encoding of |rpId|.
+    set |rpId| to |callerOrigin|. If {{CredentialOptions/rpId}} is specified, then invoke the algorithm for relaxing the same-
+    origin restriction as specified in [[!HTML51-20160621]] section 6.4.1, using {{CredentialOptions/rpId}} as the given value
+    and without changing the current document's `domain`. If any errors are thrown, reject |promise| with a DOMException
+    whose name is "SecurityError", and terminate this algorithm. If no errors are thrown, set |rpId| to the value of `host` as
+    computed by the algorithm. Set |rpIdHash| to the SHA-256 hash of |rpId|.
 
 4. If {{AssertionOptions/extensions}} was specified, process any extensions supported by this client platform, to produce the
     extension data that needs to be sent to the authenticator. Call this data |clientExtensions|.

From f44ba9e2cf08fcafeeb71471ab01ccabb9abbd0d Mon Sep 17 00:00:00 2001
From: Vijay Bharadwaj 
Date: Fri, 23 Sep 2016 15:06:58 -0700
Subject: [PATCH 4/5] More feedback from @equalsJeffH

---
 index.bs | 51 +++++++++++++++++++++++++++------------------------
 1 file changed, 27 insertions(+), 24 deletions(-)

diff --git a/index.bs b/index.bs
index 4f1a34a4b..5b4f972c2 100644
--- a/index.bs
+++ b/index.bs
@@ -149,9 +149,8 @@ or a combination of both.
 This specification relies on several other underlying specifications.
 
 : HTML
-:: The concepts of current settings object, |given value|, opaque origin, origin, the
-    Navigator interface, and the relaxing the same-origin restriction "setting" algorithm are defined in
-    [[!HTML51]].
+:: The concepts of current settings object, origin, opaque origin,
+    relaxing the same-origin restriction, and the Navigator interface are defined in [[!HTML51]].
 
 : Web IDL
 :: Many of the interface definitions and all of the IDL in this specification depend on [[!WebIDL-1]]. This updated version of
@@ -243,19 +242,21 @@ NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED",  "MAY", and
 
 : Relying Party Identifier
 : RP ID
-:: A Relying Party Identifier defines the scope of a given credential, i.e. the set of origins that the client will permit to
-    access that credential. It is derived from a [RP]'s origin's hostname or directly specified by the [RP]. 
+:: An identifier for the [RP] on whose behalf a given registration or authentication ceremony is being performed. Scoped
+    credentials can only be used for authentication by the same entity (as identified by RP ID) that created and registered
+    them. By default, the RP ID for a WebAuthn operation is set to the current settings object's
+    origin. This default can be overridden by the caller subject to certain restrictions, as specified in
+    [[#makeCredential]] and [[#getAssertion]].
 
 : Scoped Credential
 :: Generically, a credential is data one entity presents to another in order to authenticate the former's identity [[RFC4949]].
 	A WebAuthn scoped credential is a { identifier, type } pair identifying authentication
-	information established by the authenticator and the [RP], together, at registration time. 
-	The authentication information consists of an asymmetric key pair, where the public key portion is returned to the [RP]. who
-	stores it in conjunction with the present user's account.
-	The authenticator maps the private key to the [RP]'s RP ID and stores it. 
-	Subsequently, only that [RP], as identified by its RP ID, is able to employ the scoped credential in 
-	authentication ceremonies, via the getAssertion() method. 
-	The [RP] uses its copy of the stored public key to verify the resultant WebAuthn Assertion.
+	information established by the authenticator and the [RP], together, at registration time. The authentication
+    information consists of an asymmetric key pair, where the public key portion is returned to the [RP], which stores it in
+    conjunction with the present user's account. The authenticator maps the private key to the [RP]'s RP ID and stores
+    it. Subsequently, only that [RP], as identified by its RP ID, is able to employ the scoped credential in 
+	authentication ceremonies, via the getAssertion() method. The [RP] uses its copy of the stored public key to
+    verify the resultant WebAuthn Assertion.
 
 
 : User Consent
@@ -381,11 +382,12 @@ When this method is invoked, the user agent MUST execute the following algorithm
 3. Set |callerOrigin| to the current settings object's origin. If |callerOrigin| is an opaque
     origin, reject |promise| with a DOMException whose name is "NotAllowedError", and terminate this algorithm.
     Otherwise, if {{ScopedCredentialOptions/rpId}} is not specified, then set |rpId| to |callerOrigin|. If
-    {{ScopedCredentialOptions/rpId}} is specified, then invoke the relaxing the same-origin restriction "setting"
-    algorithm, using {{ScopedCredentialOptions/rpId}} as the |given value| and without changing the current document's `domain`.
-    If any errors are thrown, reject |promise| with a DOMException whose name is "SecurityError", and terminate this
-    algorithm. If no errors are thrown, set |rpId| to the value of `host` as computed by the algorithm. Set |rpIdHash| to the
-    SHA-256 hash of the UTF-8 encoding of |rpId|.
+    {{ScopedCredentialOptions/rpId}} is specified, then invoke the procedure used for
+    relaxing the same-origin restriction by setting the `document.domain` attribute, using
+    {{ScopedCredentialOptions/rpId}} as the given value but without changing the current document's `domain`. If any errors are
+    thrown, reject |promise| with a DOMException whose name is "SecurityError", and terminate this algorithm. If no
+    errors are thrown, set |rpId| to the value of `host` as computed by the algorithm. Set |rpIdHash| to the SHA-256 hash of the
+    UTF-8 encoding of |rpId|.
 
 4. Process each element of {{cryptoParameters}} using the following steps, to produce a new sequence |normalizedParameters|.
     - Let |current| be the currently selected element of {{cryptoParameters}}.
@@ -467,11 +469,12 @@ When this method is invoked, the user agent MUST execute the following algorithm
 3. Set |callerOrigin| to the current settings object's origin. If |callerOrigin| is an opaque
     origin, reject |promise| with a DOMException whose name is "NotAllowedError", and terminate this algorithm.
     Otherwise, if {{ScopedCredentialOptions/rpId}} is not specified, then set |rpId| to |callerOrigin|. If
-    {{ScopedCredentialOptions/rpId}} is specified, then invoke the relaxing the same-origin restriction "setting"
-    algorithm, using {{ScopedCredentialOptions/rpId}} as the |given value| and without changing the current document's `domain`.
-    If any errors are thrown, reject |promise| with a DOMException whose name is "SecurityError", and terminate this
-    algorithm. If no errors are thrown, set |rpId| to the value of `host` as computed by the algorithm. Set |rpIdHash| to the
-    SHA-256 hash of the UTF-8 encoding of |rpId|.
+    {{ScopedCredentialOptions/rpId}} is specified, then invoke the procedure used for
+    relaxing the same-origin restriction by setting the `document.domain` attribute, using
+    {{ScopedCredentialOptions/rpId}} as the given value but without changing the current document's `domain`. If any errors are
+    thrown, reject |promise| with a DOMException whose name is "SecurityError", and terminate this algorithm. If no
+    errors are thrown, set |rpId| to the value of `host` as computed by the algorithm. Set |rpIdHash| to the SHA-256 hash of the
+    UTF-8 encoding of |rpId|.
 
 4. If {{AssertionOptions/extensions}} was specified, process any extensions supported by this client platform, to produce the
     extension data that needs to be sent to the authenticator. If an error is encountered while processing an extension, skip
@@ -616,7 +619,7 @@ authorizing an authenticator with which to complete the operation.
         complete. This is treated as a hint, and may be overridden by the platform.
     
     - The rpId parameter explicitly specifies the RP ID that the credential should be associated with. If it is
-        omitted, the RP ID will be set to the caller's origin.
+        omitted, the RP ID will be set to the current settings object's origin.
 
     - The excludeList parameter is intended for use by [RPS] that wish to limit the creation of multiple
         credentials for the same account on a single authenticator. The platform is requested to return an error if the new
@@ -677,7 +680,7 @@ user consent to a specific transaction. The structure of these signatures is def
         call to complete. This is treated as a hint, and may be overridden by the platform.
         
     - The optional rpId parameter specifies the rpId claimed by the caller. If it is omitted, it will be assumed to
-        be equal to the caller's origin.
+        be equal to the current settings object's origin.
 
     - The optional allowList member contains a list of credentials acceptable to the caller, in order of the caller's
         preference.

From f03e4e54782e70b96cc71edc93d3ca52e3244982 Mon Sep 17 00:00:00 2001
From: Vijay Bharadwaj 
Date: Tue, 27 Sep 2016 23:34:10 -0700
Subject: [PATCH 5/5] Incorporate feedback from @equalsJeffH

Note this PR also fixes #178 by removing all use of the term lowercase
---
 index.bs | 32 +++++++++++++++++---------------
 1 file changed, 17 insertions(+), 15 deletions(-)

diff --git a/index.bs b/index.bs
index 5b4f972c2..d873b54a2 100644
--- a/index.bs
+++ b/index.bs
@@ -381,13 +381,14 @@ When this method is invoked, the user agent MUST execute the following algorithm
 
 3. Set |callerOrigin| to the current settings object's origin. If |callerOrigin| is an opaque
     origin, reject |promise| with a DOMException whose name is "NotAllowedError", and terminate this algorithm.
-    Otherwise, if {{ScopedCredentialOptions/rpId}} is not specified, then set |rpId| to |callerOrigin|. If
-    {{ScopedCredentialOptions/rpId}} is specified, then invoke the procedure used for
-    relaxing the same-origin restriction by setting the `document.domain` attribute, using
-    {{ScopedCredentialOptions/rpId}} as the given value but without changing the current document's `domain`. If any errors are
-    thrown, reject |promise| with a DOMException whose name is "SecurityError", and terminate this algorithm. If no
-    errors are thrown, set |rpId| to the value of `host` as computed by the algorithm. Set |rpIdHash| to the SHA-256 hash of the
-    UTF-8 encoding of |rpId|.
+    Otherwise,
+    - If {{ScopedCredentialOptions/rpId}} is not specified, then set |rpId| to |callerOrigin|, and |rpIdHash| to the SHA-256
+        hash of |rpId|.
+    - If {{ScopedCredentialOptions/rpId}} is specified, then invoke the procedure used for relaxing the same-origin
+        restriction by setting the `document.domain` attribute, using {{ScopedCredentialOptions/rpId}} as the given value
+        but without changing the current document's `domain`. If no errors are thrown, set |rpId| to the value of `host` as
+        computed by this procedure, and |rpIdHash| to the SHA-256 hash of |rpId|. Otherwise, reject |promise| with a
+        DOMException whose name is "SecurityError", and terminate this algorithm.
 
 4. Process each element of {{cryptoParameters}} using the following steps, to produce a new sequence |normalizedParameters|.
     - Let |current| be the currently selected element of {{cryptoParameters}}.
@@ -468,13 +469,14 @@ When this method is invoked, the user agent MUST execute the following algorithm
 
 3. Set |callerOrigin| to the current settings object's origin. If |callerOrigin| is an opaque
     origin, reject |promise| with a DOMException whose name is "NotAllowedError", and terminate this algorithm.
-    Otherwise, if {{ScopedCredentialOptions/rpId}} is not specified, then set |rpId| to |callerOrigin|. If
-    {{ScopedCredentialOptions/rpId}} is specified, then invoke the procedure used for
-    relaxing the same-origin restriction by setting the `document.domain` attribute, using
-    {{ScopedCredentialOptions/rpId}} as the given value but without changing the current document's `domain`. If any errors are
-    thrown, reject |promise| with a DOMException whose name is "SecurityError", and terminate this algorithm. If no
-    errors are thrown, set |rpId| to the value of `host` as computed by the algorithm. Set |rpIdHash| to the SHA-256 hash of the
-    UTF-8 encoding of |rpId|.
+    Otherwise,
+    - If {{AssertionOptions/rpId}} is not specified, then set |rpId| to |callerOrigin|, and |rpIdHash| to the SHA-256
+        hash of |rpId|.
+    - If {{AssertionOptions/rpId}} is specified, then invoke the procedure used for relaxing the same-origin restriction
+        by setting the `document.domain` attribute, using {{AssertionOptions/rpId}} as the given value but without changing the
+        current document's `domain`. If no errors are thrown, set |rpId| to the value of `host` as computed by this procedure,
+        and |rpIdHash| to the SHA-256 hash of |rpId|. Otherwise, reject |promise| with a DOMException whose name is
+        "SecurityError", and terminate this algorithm.
 
 4. If {{AssertionOptions/extensions}} was specified, process any extensions supported by this client platform, to produce the
     extension data that needs to be sent to the authenticator. If an error is encountered while processing an extension, skip
@@ -1288,7 +1290,7 @@ Upon receiving an attestation statement in the form of a {{WebAuthnAttestation}}
 
 2. Verify that the {{ClientData/challenge}} in the {{ClientData}} matches the challenge that was sent to the authenticator.
 
-3. Verify that the {{ClientData/origin}} in the {{ClientData}} matches the origin used by the RP.
+3. Verify that the {{ClientData/origin}} in the {{ClientData}} matches the [RP]'s origin.
 
 4. Verify that the {{ClientData/tokenBinding}} in the {{ClientData}} matches the token binding public key for the TLS connection
     over which the attestation was obtained.