New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update Authenticator Definition #1195
Conversation
Is there an issue corresponding to this PR? |
Mostly #1175 - I wanted to draw more attention to the fact that the authenticator could be defined in either software or hardware |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks pretty good to me.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks!
Thanks for the edits! I think this is much more concise 👍 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't feel strongly but I prefer the current wording.
The current definition doesn't mention that authenticators can be grounded in software, which I think is something important to denote. I think there is confusion currently around what an authenticator is, and this is a helpful point to make. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Overall this is a nicely done polishing, tho I'm hesitant to lose the notion of [=user verification=].
Current wording includes “or a software component of the [=client=]”. |
I believe the wording that @agl quotes does the trick. |
It isn't only "of the [=client=]" though, it could also be a component of the client device. |
s/ownership/possession/
@akshayku can you approve that the changes from your comments have been added? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
see comment/suggestion below. thx.
index.bs
Outdated
cryptographically signing and returning, in the form of an [=Authentication Assertion=], | ||
a challenge and other data presented by a [=[WRP]=] (in concert with the [=[WAC]=]). | ||
:: A cryptographic entity, existing in hardware or software, that can [=registration|register=] a user with a given [=[RP]=] | ||
and later [=Authentication Assertion|assert possession=] of the registered [=public key credential=] when requested by the [=[RP]=]. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think we want to loose the notion of user verification:
suggest:
...assert possession=] of the registered [=public key credential=], and optionally [=user verification|verifying the user=], when requested by the [=[RP]=].
@nicksteele Please see @equalsJeffH comments, and update so we can merge this |
Changes have been made and are ready for review @equalsJeffH |
Preview | Diff