Skip to content

Commit

Permalink
Rename 'makeCredential()' to 'create()'.
Browse files Browse the repository at this point in the history
  • Loading branch information
@mikewest
mikewest committed Mar 16, 2017
1 parent 394babd commit 46eff1a
Showing 1 changed file with 22 additions and 22 deletions.
44 changes: 22 additions & 22 deletions index.bs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -92,7 +92,7 @@ is [=Registration=], where a [=scoped credential=] is created on an [=authentica
with the present user's account (the account may already exist or may be created at this time). The second is
[=Authentication=], where the [=[RP]=] is presented with an <em>[=Authentication Assertion=]</em> proving the presence
and consent of the user who registered the [=scoped credential=]. Functionally, the [=Web Authentication API=] comprises
two methods (along with associated data structures): {{makeCredential()}} and {{getAssertion()}}. The former is used
two methods (along with associated data structures): {{create()}} and {{getAssertion()}}. The former is used
during [=Registration=] and the latter during [=Authentication=].

Broadly, compliant [=authenticators=] protect [=scoped credentials=], and interact with user agents to implement the
Expand Down Expand Up @@ -287,7 +287,7 @@ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "S
credentials can only be used for authentication by the same entity (as identified by RP ID) that created and registered
them. By default, the RP ID for a WebAuthn operation is set to the [=origin=] specified by the {{WebAuthentication}}
object's [=relevant settings object=]. This default can be overridden by the caller subject to certain restrictions, as
specified in [[#makeCredential]] and [[#getAssertion]].
specified in [[#createCredential]] and [[#getAssertion]].

: <dfn>Scoped Credential</dfn>
:: Generically, a credential is data one entity presents to another in order to authenticate the former's identity [[RFC4949]].
Expand Down Expand Up @@ -382,9 +382,9 @@ The Web Authentication API is defined by the union of the Web IDL fragments pres
This interface has two methods, which are described in the following subsections.


### Create a new credential - makeCredential() method ### {#makeCredential}
### Create a new credential - ScopedCredential::create() method ### {#createCredential}

<div link-for-hint="ScopedCredential/makeCredential(accountInformation, cryptoParameters, attestationChallenge, options)">
<div link-for-hint="ScopedCredential/create(accountInformation, cryptoParameters, attestationChallenge, options)">
With this method, a script can request the User Agent to create a new credential of a given type and persist it to the
underlying platform, which may involve data storage managed by the browser or the OS. The user agent will prompt the user to
approve this operation. On success, the promise will be resolved with a {{ScopedCredential}} which contains an
Expand All @@ -393,7 +393,7 @@ approve this operation. On success, the promise will be resolved with a {{Scoped
<div class="note">
This method takes the following parameters:

<ul dfn-type="argument" dfn-for="ScopedCredential/makeCredential(accountInformation, cryptoParameters, attestationChallenge, options)">
<ul dfn-type="argument" dfn-for="ScopedCredential/create(accountInformation, cryptoParameters, attestationChallenge, options)">
- The <dfn>accountInformation</dfn> parameter specifies information about the user account for which the credential is being
created. This is meant for later use by the authenticator when it needs to prompt the user to select a credential. An
authenticator is only required to store one credential for any given value of {{accountInformation}}. Specifically, if an
Expand Down Expand Up @@ -851,7 +851,7 @@ evidence of user consent to a specific transaction. The structure of these signa
[[#extensions]].

- The <dfn>attachment</dfn> parameter contains authenticator attachment descriptions, which are used as an additional
constraint on which authenticators are eligible to participate in a [[#makeCredential]] or [[#getAssertion]] operation.
constraint on which authenticators are eligible to participate in a [[#createCredential]] or [[#getAssertion]] operation.
See [[#attachment]] for a description of the attachment values and their meanings.

</div>
Expand Down Expand Up @@ -1011,7 +1011,7 @@ are returned to the caller when a new credential is created, or a new assertion
readonly attribute ArrayBuffer rawID;
readonly attribute AuthenticatorResponse response;

static Promise<ScopedCredential> makeCredential(
static Promise<ScopedCredential> create(
Account accountInformation,
sequence<ScopedCredentialParameters> cryptoParameters,
BufferSource attestationChallenge,
Expand All @@ -1029,7 +1029,7 @@ are returned to the caller when a new credential is created, or a new assertion

: <dfn>response</dfn>
:: This attribute contains the [=authenticator=]'s response to the client's assertion or attestation request. If the
{{ScopedCredential}} is created in response to {{ScopedCredential/makeCredential()}}, this attribute's
{{ScopedCredential}} is created in response to {{ScopedCredential/create()}}, this attribute's
value will be an {{AuthenticatorAttestationResponse}}, otherwise, the {{ScopedCredential}} was created in response to
{{WebAuthentication/getAssertion()}}, and this attribute's value will be an {{AuthenticatorAssertionResponse}}.

Expand All @@ -1046,11 +1046,11 @@ are returned to the caller when a new credential is created, or a new assertion
an authenticator without on-board storage may create identifiers that consist of the key material wrapped with a key
that is burned into the authenticator.

: <dfn method>makeCredential(accountInformation, cryptoParameters, attestationChallenge, options)</dfn>
: <dfn method>create(accountInformation, cryptoParameters, attestationChallenge, options)</dfn>
:: This methid allows a developer to request the User Agent to create a new credential, and persist it to the underlying
platform, which may involve data storage managed by the browser or the OS. The user agent will prompt the user to
approve this operation. On success, the promise will be resolved with a {{ScopedCredential}} which contains an
{{AuthenticatorAttestationResponse}} object. Implementation details are found in [#makeCredential].
{{AuthenticatorAttestationResponse}} object. Implementation details are found in [#createCredential].
</dl>


Expand All @@ -1065,7 +1065,7 @@ are returned to the caller when a new credential is created, or a new assertion
</xmp>

This dictionary contains the attributes that are specified by a caller when referring to a credential as an input parameter to
the {{makeCredential()}} or {{getAssertion()}} method. It mirrors the fields of the {{ScopedCredential}} object returned by
the {{create()}} or {{getAssertion()}} method. It mirrors the fields of the {{ScopedCredential}} object returned by
these methods.

<div dfn-type="dict-member" dfn-for="ScopedCredentialDescriptor">
Expand Down Expand Up @@ -1631,7 +1631,7 @@ should be specified in the attestation certificate itself, so that it can be ver

# [RP] Operations # {#rp-operations}

Upon successful execution of a {{makeCredential()}} or {{getAssertion()}} call, the [RP]'s script receives a
Upon successful execution of a {{create()}} or {{getAssertion()}} call, the [RP]'s script receives a
{{AuthenticatorAttestationResponse}} or {{AuthenticatorAssertionResponse}} structure respectively from the client. It must then deliver the
contents of this structure to the [=[RP]=], using methods outside the scope of this specification. This section describes the
operations that the [RP] must perform upon receipt of these structures.
Expand All @@ -1646,7 +1646,7 @@ ceremony, a [RP] MUST proceed as follows:
extract the [=client data=] |C| claimed to have been used for the credential's attestation.

2. Verify that the {{ClientData/challenge}} in |C| matches the challenge that was sent to the authenticator in the
{{makeCredential()}} call.
{{create()}} call.

3. Verify that the {{ClientData/origin}} in |C| matches the [RP]'s origin.

Expand Down Expand Up @@ -1684,8 +1684,8 @@ ceremony, a [RP] MUST proceed as follows:

13. If the attestation statement |attStmt| verified successfully and is found to be trustworthy, then register the new
credential with the account that was denoted in the
{{ScopedCredential/makeCredential(accountInformation, cryptoParameters, attestationChallenge, options)/accountInformation}}
passed to {{makeCredential()}}, by associating it with the credential ID and credential public key contained in |authData|'s
{{ScopedCredential/create(accountInformation, cryptoParameters, attestationChallenge, options)/accountInformation}}
passed to {{create()}}, by associating it with the credential ID and credential public key contained in |authData|'s
[=attestation data=], as appropriate for the [RP]'s systems.

14. If the attestation statement |attStmt| successfully verified but is not trustworthy per step 12 above, the [RP] SHOULD fail
Expand Down Expand Up @@ -2204,7 +2204,7 @@ The mechanism for generating scoped credentials, as well as requesting and gener
[[#api]], can be extended to suit particular use cases. Each case is addressed by defining a registration extension and/or
an authentication extension. Extensions can define additions to the following steps and data:

- {{makeCredential()}} request parameters for registration extension.
- {{create()}} request parameters for registration extension.

- {{getAssertion()}} request parameters for authentication extensions.

Expand All @@ -2214,7 +2214,7 @@ an authentication extension. Extensions can define additions to the following st

When requesting an assertion for a scoped credential, a [RP] can list a set of extensions to be used, if they are supported by
the client and/or the authenticator. It sends the client arguments for each extension in the {{getAssertion()}} call (for
authentication extensions) or {{makeCredential()}} call (for registration extensions) to the client platform. The client
authentication extensions) or {{create()}} call (for registration extensions) to the client platform. The client
platform performs additional processing for each extension that it supports, and augments the [=client data=] as required by the
extension. In addition, the client collects the authenticator arguments for the above extensions, and passes them to the
authenticator in the [=authenticatorMakeCredential=] call (for registration extensions) or [=authenticatorGetAssertion=]
Expand Down Expand Up @@ -2263,7 +2263,7 @@ Identifiers.
## Defining extensions ## {#extension-specification}

A definition of an extension must specify, at minimum, an extension identifier and an extension client argument sent via the
{{getAssertion()}} or {{makeCredential()}} call. Additionally, extensions may specify additional values in the [=client data=],
{{getAssertion()}} or {{create()}} call. Additionally, extensions may specify additional values in the [=client data=],
[=authenticator data=] (in the case of authentication extensions), or both. Finally, if the extension requires any
authenticator processing, it must also specify an authenticator argument to be sent via the [=authenticatorGetAssertion=] or
[=authenticatorMakeCredential=] call.
Expand All @@ -2277,11 +2277,11 @@ authenticator.
## Extending request parameters ## {#extension-request-parameters}

An extension defines up to two request arguments. The <dfn>client argument</dfn> is passed from the [=[RP]=] to the client
in the {{getAssertion()}} or {{makeCredential()}} call, while the <dfn>authenticator argument</dfn> is passed from the client
in the {{getAssertion()}} or {{create()}} call, while the <dfn>authenticator argument</dfn> is passed from the client
to the authenticator during the processing of these calls.

A [RP] simultaneously requests the use of an extension and sets its client argument by including an entry in the
{{ScopedCredentialOptions/extensions}} option to the {{makeCredential()}} or {{getAssertion()}} call. The entry key MUST be the
{{ScopedCredentialOptions/extensions}} option to the {{create()}} or {{getAssertion()}} call. The entry key MUST be the
extension identifier, and the value MUST be the [=client argument=].

<pre class="example" highlight="js">
Expand Down Expand Up @@ -2502,7 +2502,7 @@ credential. It is intended primarily for [RPS] that wish to tightly control the
</pre>

: Client processing
:: This extension can only be used during {{makeCredential()}}. If the client supports the Authenticator Selection Extension, it
:: This extension can only be used during {{create()}}. If the client supports the Authenticator Selection Extension, it
MUST use the first available authenticator whose AAGUID is present in the {{AuthenticatorSelectionList}}. If none of
the available authenticators match a provided AAGUID, the client MUST select an authenticator from among the available
authenticators to generate the credential.
Expand Down Expand Up @@ -2781,7 +2781,7 @@ The sample code for generating and registering a new key follows:
};

// Note: The following call will cause the authenticator to display UI.
ScopedCredential.makeCredential(userAccountInformation, cryptoParams, challenge, options)
ScopedCredential.create(userAccountInformation, cryptoParams, challenge, options)
.then(function (newCredentialInfo) {
// Send new credential info to server for verification and registration.
}).catch(function (err) {
Expand Down

0 comments on commit 46eff1a

Please sign in to comment.