Clarify How Client Data is Sent to Authenticator (#1443)

* Clarify How Client Data is Sent to Authenticator In #1442 some questions were brought up about the format in which the client data is sent to the authenticator, hopefully this will clarify it somewhat? * Fix linking error Co-authored-by: Emil Lundberg <emil@yubico.com> * Update with Jeff's suggestions Co-authored-by: =JeffH <jdhodges@google.com> * Update 5.1.3 and 5.1.4 with proper references * editorial: add code tag Co-authored-by: Emil Lundberg <emil@yubico.com> * editorial: add code tag Co-authored-by: Emil Lundberg <emil@yubico.com> Co-authored-by: Emil Lundberg <emil@yubico.com> Co-authored-by: =JeffH <jdhodges@google.com>
w3c · Jun 29, 2020 · 7d6abe2 · 7d6abe2
1 parent b0e0fc3
commit 7d6abe2
Showing 1 changed file with 5 additions and 4 deletions.
diff --git a/index.bs b/index.bs
@@ -1807,7 +1807,7 @@ a numbered step. If outdented, it (today) is rendered either as a bullet in the
                 ::  whose value is an {{AuthenticationExtensionsClientOutputs}} object containing [=extension identifier=] →
                     [=client extension output=] entries. The entries are created by running each extension's
                     [=client extension processing=] algorithm to create the [=client extension outputs=], for each
-                    [=client extension=] in <code>{{AuthenticatorResponse/clientDataJSON}}.clientExtensions</code>.
+                    [=client extension=] in <code>|options|.{{PublicKeyCredentialCreationOptions/extensions}}</code>.
 
 
             1.  Let |constructCredentialAlg| be an algorithm that takes a [=global object=]
@@ -2201,7 +2201,7 @@ When this method is invoked, the user agent MUST execute the following algorithm
                 ::  whose value is an {{AuthenticationExtensionsClientOutputs}} object containing [=extension identifier=] →
                     [=client extension output=] entries. The entries are created by running each extension's
                     [=client extension processing=] algorithm to create the [=client extension outputs=], for each
-                    [=client extension=] in <code>{{AuthenticatorResponse/clientDataJSON}}.clientExtensions</code>.
+                    [=client extension=] in <code>|options|.{{PublicKeyCredentialRequestOptions/extensions}}</code>.
 
             1.  Let |constructAssertionAlg| be an algorithm that takes a [=global object=]
                 |global|, and whose steps are:
@@ -2329,8 +2329,9 @@ Note: Invoking this method from a [=browsing context=] where the [=Web Authentic
 </xmp>
 <div dfn-type="attribute" dfn-for="AuthenticatorResponse">
     :   <dfn>clientDataJSON</dfn>
-    ::  This attribute contains a [[#clientdatajson-serialization|JSON-compatible serialization]] of the [=client data=] passed to the
-        authenticator by the client in its call to either {{CredentialsContainer/create()}} or {{CredentialsContainer/get()}}.
+    ::  This attribute contains a [[#clientdatajson-serialization|JSON-compatible serialization]] of the [=client data=], the [=hash of the serialized client data|hash of which=] is passed to the
+        authenticator by the client in its call to either {{CredentialsContainer/create()}} or {{CredentialsContainer/get()}} (i.e., the 
+        [=client data=] itself is not sent to the authenticator).
 </div>
 
 ### Information About Public Key Credential (interface <dfn interface>AuthenticatorAttestationResponse</dfn>) ### {#iface-authenticatorattestationresponse}