The "authenticator" concept in WebAuthn is an abstraction which includes but is not limited to FIDO2 authenticators, and I believe end users are not an intended audience for the spec. I'm not convinced this is an issue that warrants change to the spec.

Typoe FIDO authr. Or is the assumption that in future there might be non-fido authrs that this API will support?

Depends on what you mean by FIDO, I suppose (FIDO certified? Communicates over CTAP1/CTAP2/CTAP-N?) - but yes, WebAuthn is designed to work with any authenticator+client combination capable of satisfying the abstract interface. I don't know if Intel's U2F implementation counts as a "FIDO authenticator", for example - at least they make no effort to mention FIDO or U2F on that marketing page.

By FIDO I mean those which support FIDO protocols.

WebAuthn is designed to work with any authenticator+client combination capable of satisfying the abstract interface.

You mean any authenticator. The client is the webauthn.

Maybe we need definition for "WebAuthn authenticator" so people don't get confused.

By FIDO I mean those which support FIDO protocols.

In that case WebAuthn is definitely not limited to FIDO authenticators - pretty much every platform authenticator will be communicating with the client using something else than a FIDO protocol.

WebAuthn is designed to work with any authenticator+client combination capable of satisfying the abstract interface.

You mean any authenticator. The client is the webauthn.

I do mean authenticator+client combination. 🙂 For example, at this moment Chrome on Android is capable of using the security systems in Android as a WebAuthn authenticator but Firefox on Android is not.

Maybe we need definition for "WebAuthn authenticator" so people don't get confused.

Maybe - the current Authenticator could probably use a couple of examples. It's also lacking the alias "WebAuthn Authenticator" that we have for Client, Relying Party etc.

@emlun jup

associated PRs were merged, this issue now closed