Initial effort to allow credProps use during auth

w3c · Oct 12, 2023 · 76e88e1 · 76e88e1
1 parent 28d90b2
commit 76e88e1
Showing 1 changed file with 6 additions and 8 deletions.
diff --git a/index.bs b/index.bs
@@ -6371,7 +6371,7 @@ The "compound" attestation statement format is used to pass multiple, self-conta
 
     2. If sufficiently many (as determined by [=[RP]=] policy) [=list/items=] of |attStmt| verify successfully,
         return implementation-specific values representing any combination of outputs from successful [=verification procedures=].
-        
+
 
 # <dfn>WebAuthn Extensions</dfn> # {#sctn-extensions}
 
@@ -6777,13 +6777,13 @@ During a transition from the FIDO U2F JavaScript API, a [=[RP]=] may have a popu
 
 ### Credential Properties Extension (<dfn>credProps</dfn>) ### {#sctn-authenticator-credential-properties-extension}
 
-This [=client extension|client=] [=registration extension=] facilitates reporting certain [=credential properties=] known by the [=client=] to the requesting [=[WRP]=] upon creation of a [=public key credential source=] as a result of a [=registration ceremony=].
+This [=client extension|client=] [=registration extension=] and [=authentication extension=] facilitates reporting certain [=credential properties=] known by the [=client=] to the requesting [=[WRP]=] upon creation or use of a [=public key credential source=].
 
 : Extension identifier
 :: `credProps`
 
 : Operation applicability
-:: [=registration extension|Registration=]
+:: [=registration extension|Registration=] and [=authentication extension|authentication=]
 
 : Client extension input
 :: The Boolean value [TRUE] to indicate that this extension is requested by the [=[RP]=].
@@ -6797,9 +6797,7 @@ This [=client extension|client=] [=registration extension=] facilitates reportin
 ::  None, other than to report on credential properties in the output.
 
 : Client extension output
-:: [=map/Set=] <code>[=credentialCreationData/clientExtensionResults=]["{{AuthenticationExtensionsClientOutputs/credProps}}"]["rk"]</code> to the value of the |requireResidentKey| parameter that was used in the <a href='#CreateCred-InvokeAuthnrMakeCred'>invocation</a> of the [=authenticatorMakeCredential=] operation.
-
-    <xmp class="idl">
+::  <xmp class="idl">
     dictionary CredentialPropertiesOutput {
         boolean rk;
         USVString authenticatorDisplayName;
@@ -6826,8 +6824,8 @@ This [=client extension|client=] [=registration extension=] facilitates reportin
         ::  This OPTIONAL property is a [=human palatability|human-palatable=] description of the credential's [=managing authenticator=],
             chosen by the user.
 
-            The [=client=] MUST allow the user to choose this value,
-            MAY or MAY not present that choice during [=registration ceremonies=],
+            During [=registration ceremonies=] the [=client=] MUST allow the user to choose this value,
+            MAY or MAY not present that choice,
             and MAY reuse the same value for multiple credentials with the same [=managing authenticator=] across multiple [=[RPS]=].
 
             The [=client=] MAY query the [=authenticator=], by some unspecified mechanism, for this value.