Merge branch 'master' into angelo-secondAuthnrSelect

index.bs

@@ -22,6 +22,7 @@ Editor: Rolf Lindemann, w3cid 84447, Nok Nok Labs, rolf@noknok.com
 Editor: J.C. Jones, w3cid 87240, Mozilla, jc@mozilla.com
 group: webauthn
 Issue Tracking: Github https://github.com/w3c/webauthn/issues
+!Tests: <a href=https://github.com/w3c/web-platform-tests/tree/master/webauthn>web-platform-tests webauthn/</a> (<a href=https://github.com/w3c/web-platform-tests/labels/webauthn>ongoing work</a>)
 Text Macro: RP Relying Party
 Text Macro: RPS Relying Parties
 Text Macro: INFORMATIVE <em>This section is not normative.</em>
@@ -347,6 +348,9 @@ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "S
     [=authenticatorGetAssertion=] operations implies use of key material managed by the authenticator. Note that for
     security, [=user verification=] and use of [=credential private keys=] must occur within a single logical security boundary
     defining the [=authenticator=].
+
+: <dfn id=concept-user-verified>User Verified</dfn>
+:: Upon successful completion of a [=user verification=] process, the user is said to be "verified".
 
 : <dfn>[WAC]</dfn>
 :: Also referred to herein as simply a [=client=]. See also [=Conforming User Agent=].
@@ -574,6 +578,9 @@ When this method is invoked, the user agent MUST execute the following algorithm
 
 1. Let |issuedRequests| and |currentlyAvailableAuthenticators| be new [=ordered sets=].
 
+1. If |currentlyAvailableAuthenticators| [=list/is empty=], return a {{DOMException}} whose name is 
+    "{{NotFoundError}}", and terminate this algorithm.
+
 1. For each [=authenticator=] currently available on this platform, process each option in 
     |options|.{{MakeCredentialOptions/authenticatorSelection}} by checking if the [=authenticator=] satisfies the 
     requirement of the option. 
@@ -586,7 +593,7 @@ When this method is invoked, the user agent MUST execute the following algorithm
             |currentlyAvailableAuthenticators|. 
         1. If there is no [=authenticator=] that satisfies the criterias listed in 
             |options|.{{MakeCredentialOptions/authenticatorSelection}}, return a {{DOMException}} whose name is 
-            "{{ConstraintError}}", and terminate the algorithm.
+            "{{ConstraintError}}", and terminate this algoritm.
 
 1. [=set/For each=] |authenticator| in |currentlyAvailableAuthenticators|:
     1. Let |excludeList| be a new [=list=].
@@ -735,6 +742,9 @@ When this method is invoked, the user agent MUST execute the following algorithm
 
 1. Let |issuedRequests| be a new [=ordered set=]. 
 
+1. If there are no [=authenticators=] currently available on this platform, return a {{DOMException}} whose name is 
+    "{{NotFoundError}}", and terminate this algorithm.
+
 1. For each |authenticator| currently available on this platform, perform the following steps:
 
     1. Let |credentialList| be a new [=list=].
@@ -958,15 +968,17 @@ optionally evidence of [=user consent=] to a specific transaction.
         Its value's {{ScopedCredentialEntity/name}} member is required, and contains a name for the user account 
         (e.g., "john.p.smith@example.com" or "+14255551234").
 
-        Its value's {{ScopedCredentialEntity/displayName}} member is required, and contains a friendly name for the user account (e.g., "John P. Smith").
+        Its value's {{ScopedCredentialUserEntity/displayName}} member is required, and contains a friendly name for the user
+        account (e.g., "John P. Smith").
 
         Its value's {{ScopedCredentialEntity/id}} member is required, and contains an identifier for the account, specified by
         the [=relying party=]. This is not meant to be displayed to the user, but is used by the relying party to control the
         number of credentials - an authenticator will never contain more than one credential for a given relying party under the
         same {{ScopedCredentialEntity/id}}.
 
     :   <dfn>challenge</dfn>
-    ::  This member contains a challenge intended to be used for generating the newly created credential's [=attestation object=].
+    ::  This member contains a challenge intended to be used for generating the newly created credential's [=attestation
+        object=].
 
     :   <dfn>parameters</dfn>
     ::  This member contains information about the desired properties of the credential to be created. The sequence is ordered
@@ -1059,7 +1071,8 @@ authenticator
 Clients may communicate with authenticators using a variety of mechanisms. For example, a client may use a platform-specific
 API to communicate with an authenticator which is physically bound to a platform. On the other hand, a client may use a
 variety of standardized cross-platform transport protocols such as Bluetooth (see [[#transport]]) to discover and
-communicate with [=cross-platform attached=] authenticators. We define authenticators that are part of the client's
+communicate with [=cross-platform attached=] authenticators. Therefore, we use {{Attachment}} to describe an 
+[=authenticator=]'s <dfn>attachment modality</dfn>. We define authenticators that are part of the client's
 platform as having a [=platform attachment=], and refer to them as <dfn>platform authenticators</dfn>. While those that
 are reachable via cross-platform transport protocols are defined as having [=cross-platform attachment=], and refer to
 them as <dfn>roaming authenticators</dfn>.