add dfn of webauthn RP

index.bs

@@ -52,6 +52,7 @@ Text Macro: RPS Relying Parties
 Text Macro: INFORMATIVE <em>This section is not normative.</em>
 Text Macro: TRUE <code>true</code>
 Text Macro: WAC WebAuthn Client
+Text Macro: WRP WebAuthn Relying Party
 Ignored Vars: op, alg, type, algorithm
 Abstract: This specification defines an API enabling the creation and use of strong, attested, [=scoped=], public key-based
  credentials by web applications, for the purpose of strongly authenticating users. Conceptually, one or more [=public key
@@ -473,10 +474,10 @@ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "S
 :: A [=Client-side-resident Credential Private Key=] is stored either on the client platform, or in some cases on the
     authenticator itself, e.g., in the case of a discrete first-factor [=roaming authenticator=]. Such <dfn>client-side credential
     private key storage</dfn> has the property that the authenticator is able to select the [=credential private key=] given
-    only an [=RP ID=], possibly with user assistance (e.g., by providing the user a pick list of credentials associated with the RP
+    only an [=RP ID=], possibly with user assistance (e.g., by providing the user a pick list of credentials associated with the [=[RP]=]
     ID). By definition, the private key is always exclusively controlled by the [=authenticator=]. In the case of a
     [=Client-side-resident Credential Private Key=], the [=authenticator=] might offload storage of wrapped key material to the
-    client platform, but the client platform is not expected to offload the key storage to remote entities (e.g. RP Server).
+    client platform, but the client platform is not expected to offload the key storage to remote entities (e.g. [=[RP]=] Server).
 
 : <dfn>Conforming User Agent</dfn>
 :: A user agent implementing, in conjunction with the underlying platform, the [=Web Authentication API=] and algorithms
@@ -581,11 +582,7 @@ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "S
     Note that this includes employing a [=test of user presence=] or [=user verification=].
 
 : <dfn>[RP]</dfn>
-:: The entity whose web application utilizes the [=Web Authentication API=] to register and authenticate users. See
-    [=Registration=] and [=Authentication=], respectively.
-
-        Note: While the term [=[RP]=] is used in other contexts (e.g., X.509 and OAuth), an entity acting as a [=[RP]=] in one
-        context is not necessarily a [=[RP]=] in other contexts.
+:: See [=[WRP]=].
 
 : <dfn>Relying Party Identifier</dfn>
 : <dfn>RP ID</dfn>
@@ -652,6 +649,14 @@ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "S
 : <dfn>[WAC]</dfn>
 :: Also referred to herein as simply a [=client=]. See also [=Conforming User Agent=]. A [=[WAC]=] is an intermediary entity typically implemented in the user agent (in whole, or in part). Conceptually, it underlies the [=Web Authentication API=] and embodies the implementation of the {{PublicKeyCredential/[[Create]](origin, options, sameOriginWithAncestors)}} and {{PublicKeyCredential/[[DiscoverFromExternalSource]](origin, options, sameOriginWithAncestors)}} [=internal methods=]. It is responsible for both marshalling the inputs for the underlying [=authenticator operations=], and for returning the results of the latter operations to the [=Web Authentication API=]'s callers.
 
+: <dfn>[WRP]</dfn>
+:: The entity whose web application utilizes the [=Web Authentication API=] to register and authenticate users. See
+    [=Registration=] and [=Authentication=], respectively.
+
+        Note: While the term [=[RP]=] is used in other contexts (e.g., X.509 and OAuth), an entity acting as a [=[RP]=] in one
+        context is not necessarily a [=[RP]=] in other contexts. In this specification, the term [=[WRP]=] is often shortened 
+        to be just [=[RP]=].
+
 
 # <dfn>Web Authentication API</dfn> # {#api}
 
@@ -1728,7 +1733,7 @@ associated.
 </div>
 
 
-### RP Parameters for Credential Generation (dictionary <dfn dictionary>PublicKeyCredentialRpEntity</dfn>) ### {#sctn-rp-credential-params}
+### Relying Party Parameters for Credential Generation (dictionary <dfn dictionary>PublicKeyCredentialRpEntity</dfn>) ### {#sctn-rp-credential-params}
 
 The {{PublicKeyCredentialRpEntity}} dictionary is used to supply additional [=[RP]=] attributes when creating a new credential.
 
@@ -2221,13 +2226,13 @@ Each authenticator stores a <dfn for=authenticator>credentials map</dfn>, a [=ma
 Additionally, each authenticator has an AAGUID, which is a 128-bit identifier indicating the type (e.g. make and model) of the
 authenticator. The AAGUID MUST be chosen by the manufacturer to be identical across all substantially identical authenticators
 made by that manufacturer, and different (with high probability) from the AAGUIDs of all other types of authenticators.
-The AAGUID for a given type of authenticator SHOULD be randomly generated to ensure this. The RP MAY use the AAGUID to infer certain
+The AAGUID for a given type of authenticator SHOULD be randomly generated to ensure this. The [=[RP]=] MAY use the AAGUID to infer certain
 properties of the authenticator, such as certification level and strength of key protection, using information from other sources.
 
 The primary function of the authenticator is to provide WebAuthn signatures, which are bound to various contextual data. These
 data are observed and added at different levels of the stack as a signature request passes from the server to the
 authenticator. In verifying a signature, the server checks these bindings against expected values. These contextual bindings
-are divided in two: Those added by the RP or the client, referred to as [=client data=]; and those added by the authenticator,
+are divided in two: Those added by the [=[RP]=] or the client, referred to as [=client data=]; and those added by the authenticator,
 referred to as the [=authenticator data=]. The authenticator signs over the [=client data=], but is otherwise not interested in
 its contents. To save bandwidth and processing requirements on the authenticator, the client hashes the [=client data=] and
 sends only the result to the authenticator. The authenticator signs over the combination of the
@@ -3960,7 +3965,7 @@ JavaScript APIs.
         parameter of [=authenticatorGetAssertion=].
 
 : Client extension output
-:: Returns the value [TRUE] to indicate to the RP that the extension was acted upon.
+:: Returns the value [TRUE] to indicate to the [=[RP]=] that the extension was acted upon.
     <xmp class="idl">
     partial dictionary AuthenticationExtensionsClientOutputs {
       boolean appid;
@@ -4114,7 +4119,7 @@ creation.
     MUST select an authenticator from among the available authenticators to generate the credential.
 
 : Client extension output
-:: Returns the value [TRUE] to indicate to the RP that the extension was acted upon.
+:: Returns the value [TRUE] to indicate to the [=[RP]=] that the extension was acted upon.
     <xmp class="idl">
     partial dictionary AuthenticationExtensionsClientOutputs {
       boolean authnSel;
@@ -4403,7 +4408,7 @@ as candidates to be employed in a [=registration=] ceremony.
     sources such as the FIDO Metadata Service [[FIDOMetadataService]] (see Sec. 3.2 of [[FIDOUAFAuthenticatorMetadataStatements]]).
 
 : Client extension output
-:: Returns the JSON value [TRUE] to indicate to the RP that the extension was acted upon
+:: Returns the JSON value [TRUE] to indicate to the [=[RP]=] that the extension was acted upon
 
 : Authenticator extension input
 :: None.
@@ -4630,15 +4635,15 @@ a [=user verification|user-verifying=] [=platform authenticator=].
 1. If the user is not willing, terminate this flow.
 
 1. The user is shown appropriate UI and guided in creating a credential using one of the available platform authenticators.
-    Upon successful credential creation, the RP script conveys the new credential to the server.
+    Upon successful credential creation, the [=[RP]=] script conveys the new credential to the server.
 
 <pre class="example" highlight="js">
     if (!window.PublicKeyCredential) { /* Platform not capable of the API. Handle error. */ }
 
     PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable()
         .then(function (userIntent) {
 
-            // If the user has affirmed willingness to register with RP using an available platform authenticator
+            // If the user has affirmed willingness to register with [=[RP]=] using an available platform authenticator
             if (userIntent) {
                 var publicKeyOptions = { /* Public key credential creation options. */};