Skip to content

Commit

Permalink
Address some review comments
Browse files Browse the repository at this point in the history 
See #998 (review)
  • Loading branch information
@emlun
emlun committed Jul 16, 2018
1 parent 2804949 commit 9ee3253
Showing 1 changed file with 8 additions and 8 deletions.
16 changes: 8 additions & 8 deletions index.bs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -690,7 +690,7 @@ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "S

This section normatively specifies the API for creating and using [=public key credentials=]. The basic
idea is that the credentials belong to the user and are managed by an authenticator, with which the [=[WRP]=] interacts through the
[=client platform=]. Scripts can (with the [=user consent|user's consent=]) request the
[=client platform=]. [=[RP]=] scripts can (with the [=user consent|user's consent=]) request the
browser to create a new credential for future use by the [=[RP]=]. Scripts can also request the user’s permission to perform
authentication operations with an existing credential. All such operations are performed in the authenticator and are mediated by
the [=client platform=] on the user's behalf. At no point does the script get access to the credentials themselves; it only
Expand Down Expand Up @@ -959,8 +959,8 @@ a numbered step. If outdented, it (today) is rendered as a bullet in the midst o

1. Let |issuedRequests| be a new [=ordered set=].

1. Let |authenticators| represent a value which at any given instant is a [=set=] of [=client device=]-specific handles, where each
[=set/item=] identifies an [=authenticator=] presently available on this [=client device=] at that instant.
1. Let |authenticators| represent a value which at any given instant is a [=set=] of [=client platform=]-specific handles, where each
[=set/item=] identifies an [=authenticator=] presently available on this [=client platform=] at that instant.

Note: What qualifies an [=authenticator=] as "available" is intentionally unspecified; this is meant to represent how
[=authenticators=] can be <a href="https://en.wikipedia.org/w/index.php?title=Hot_plug">hot-plugged</a> into (e.g., via USB)
Expand Down Expand Up @@ -1295,8 +1295,8 @@ When this method is invoked, the user agent MUST execute the following algorithm

1. Let |savedCredentialIds| be a new [=map=].

1. Let |authenticators| represent a value which at any given instant is a [=set=] of [=client device=]-specific handles, where each
[=set/item=] identifies an [=authenticator=] presently available on this [=client device=] at that instant.
1. Let |authenticators| represent a value which at any given instant is a [=set=] of [=client platform=]-specific handles, where each
[=set/item=] identifies an [=authenticator=] presently available on this [=client platform=] at that instant.

Note: What qualifies an [=authenticator=] as "available" is intentionally unspecified; this is meant to represent how
[=authenticators=] can be <a href="https://en.wikipedia.org/w/index.php?title=Hot_plug">hot-plugged</a> into (e.g., via USB)
Expand Down Expand Up @@ -1358,7 +1358,7 @@ When this method is invoked, the user agent MUST execute the following algorithm
: [=list/is not empty=]
:: 1. Let |allowCredentialDescriptorList| be a new [=list=].

1. Execute a [=client device=]-specific procedure to determine which, if any, [=public key credentials=] described by
1. Execute a [=client platform=]-specific procedure to determine which, if any, [=public key credentials=] described by
<code>|options|.{{PublicKeyCredentialRequestOptions/allowCredentials}}</code> are bound to this
|authenticator|, by matching with |rpId|,
<code>|options|.{{PublicKeyCredentialRequestOptions/allowCredentials}}.{{PublicKeyCredentialDescriptor/id}}</code>,
Expand Down Expand Up @@ -1550,7 +1550,7 @@ This [=internal method=] accepts no arguments.
<div link-for-hint="WebAuthentication/isUserVerifyingPlatformAuthenticatorAvailable">

[=[WRPS]=] use this method to determine whether they can create a new credential using a [=user-verifying platform authenticator=].
Upon invocation, the [=client=] employs a [=client device=]-specific procedure to discover available [=user-verifying platform authenticators=].
Upon invocation, the [=client=] employs a [=client platform=]-specific procedure to discover available [=user-verifying platform authenticators=].
If any are discovered, the promise is resolved with the value of [TRUE].
Otherwise, the promise is resolved with the value of [FALSE].
Based on the result, the [=[RP]=] can take further actions to guide the user to create a credential.
Expand Down Expand Up @@ -2881,7 +2881,7 @@ statement=], a [=[RP]=] needs to understand these two aspects of [=attestation=]

1. The <dfn>attestation statement format</dfn> is the manner in which the signature is represented and the various contextual
bindings are incorporated into the attestation statement by the [=authenticator=]. In other words, this defines the
syntax of the statement. Various existing [=client devices=] (such as TPMs and the Android OS) have previously defined
syntax of the statement. Various existing components and OS platforms (such as TPMs and the Android OS) have previously defined
[=attestation statement formats=]. This specification supports a variety of such formats in an extensible way, as defined in
[[#attestation-formats]].

Expand Down

0 comments on commit 9ee3253

Please sign in to comment.