attestation statement definition

w3c · Oct 31, 2016 · 2760188 · 2760188
1 parent cfbde5f
commit 2760188
Showing 1 changed file with 7 additions and 6 deletions.
diff --git a/index.bs b/index.bs
@@ -193,14 +193,15 @@ NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED",  "MAY", and
 :: See <a>WebAuthn Assertion</a>.
 
 : <dfn>Attestation</dfn>
+: <dfn>Attestation Statement</dfn>
 :: Generally, a statement that serves to bear witness, confirm, or authenticate.
-    In the WebAuthn context, attestation is employed to attest to the provenance of an authenticator and the data it emits;
-    including, for example: credential IDs, public keys, signature counters, etc.
-    See also <a>attestation format</a>, and <a>attestation type</a>.
+    In the WebAuthn context, a digitally signed <a>attestation statement</a> is employed to attest to the provenance of an
+    authenticator and the data it emits; including, for example: credential IDs, public keys, signature counters, etc. See
+    also <a>attestation format</a>, and <a>attestation type</a>.
 
 : <dfn>Attestation Certificate</dfn>
-:: A X.509 Certificate for a key pair used by an <a>Authenticator</a> to attest to its manufacture and capabilities. The
-    <a>Authenticator</a> uses the attestation private key to sign the <a>[RP]</a>-specific public key (and additional data) it
+:: A X.509 Certificate for a key pair used by an <a>Authenticator</a> to attest to its manufacture and capabilities. An
+    <a>authenticator</a> uses its attestation private key to sign the <a>[RP]</a>-specific public key (and additional data) it
     generates and returns upon invocation via the <a>authenticatorMakeCredential</a> operation.
 
 : <dfn>Authentication</dfn>
@@ -1172,7 +1173,7 @@ MUST return <a>clientDataJSON</a>, <a>authenticatorData</a> and the signature to
 
 ## Credential Attestation Statements ## {#cred-attestation-stmts}
 
-An attestation statement is a specific type of signed data object, containing statements about a credential itself and the
+An <a>attestation statement</a> is a digitally signed data object containing statements about a credential itself and the
 authenticator that created it. It is created using the process described in [[#signature-format]], with the important difference
 that the signature is generated not using the private key associated with the credential but using the key of the attesting
 authority. In order to correctly interpret an attestation statement, a [RP] needs to understand two aspects of the attestation: