Incorporate feedback from @equalsJeffH

Note this PR also fixes #178 by removing all use of the term lowercase
w3c · Sep 28, 2016 · f03e4e5 · f03e4e5
1 parent f44ba9e
commit f03e4e5
Showing 1 changed file with 17 additions and 15 deletions.
diff --git a/index.bs b/index.bs
@@ -381,13 +381,14 @@ When this method is invoked, the user agent MUST execute the following algorithm
 
 3. Set |callerOrigin| to the <a>current settings object</a>'s <a link-for='web'>origin</a>. If |callerOrigin| is an <a>opaque
     origin</a>, reject |promise| with a <a>DOMException</a> whose name is "NotAllowedError", and terminate this algorithm.
-    Otherwise, if {{ScopedCredentialOptions/rpId}} is not specified, then set |rpId| to |callerOrigin|. If
-    {{ScopedCredentialOptions/rpId}} is specified, then invoke the procedure used for
-    <a>relaxing the same-origin restriction</a> by setting the `document.domain` attribute, using
-    {{ScopedCredentialOptions/rpId}} as the given value but without changing the current document's `domain`. If any errors are
-    thrown, reject |promise| with a <a>DOMException</a> whose name is "SecurityError", and terminate this algorithm. If no
-    errors are thrown, set |rpId| to the value of `host` as computed by the algorithm. Set |rpIdHash| to the SHA-256 hash of the
-    UTF-8 encoding of |rpId|.
+    Otherwise,
+    - If {{ScopedCredentialOptions/rpId}} is not specified, then set |rpId| to |callerOrigin|, and |rpIdHash| to the SHA-256
+        hash of |rpId|.
+    - If {{ScopedCredentialOptions/rpId}} is specified, then invoke the procedure used for <a>relaxing the same-origin
+        restriction</a> by setting the `document.domain` attribute, using {{ScopedCredentialOptions/rpId}} as the given value
+        but without changing the current document's `domain`. If no errors are thrown, set |rpId| to the value of `host` as
+        computed by this procedure, and |rpIdHash| to the SHA-256 hash of |rpId|. Otherwise, reject |promise| with a
+        <a>DOMException</a> whose name is "SecurityError", and terminate this algorithm.
 
 4. Process each element of {{cryptoParameters}} using the following steps, to produce a new sequence |normalizedParameters|.
     - Let |current| be the currently selected element of {{cryptoParameters}}.
@@ -468,13 +469,14 @@ When this method is invoked, the user agent MUST execute the following algorithm
 
 3. Set |callerOrigin| to the <a>current settings object</a>'s <a link-for='web'>origin</a>. If |callerOrigin| is an <a>opaque
     origin</a>, reject |promise| with a <a>DOMException</a> whose name is "NotAllowedError", and terminate this algorithm.
-    Otherwise, if {{ScopedCredentialOptions/rpId}} is not specified, then set |rpId| to |callerOrigin|. If
-    {{ScopedCredentialOptions/rpId}} is specified, then invoke the procedure used for
-    <a>relaxing the same-origin restriction</a> by setting the `document.domain` attribute, using
-    {{ScopedCredentialOptions/rpId}} as the given value but without changing the current document's `domain`. If any errors are
-    thrown, reject |promise| with a <a>DOMException</a> whose name is "SecurityError", and terminate this algorithm. If no
-    errors are thrown, set |rpId| to the value of `host` as computed by the algorithm. Set |rpIdHash| to the SHA-256 hash of the
-    UTF-8 encoding of |rpId|.
+    Otherwise,
+    - If {{AssertionOptions/rpId}} is not specified, then set |rpId| to |callerOrigin|, and |rpIdHash| to the SHA-256
+        hash of |rpId|.
+    - If {{AssertionOptions/rpId}} is specified, then invoke the procedure used for <a>relaxing the same-origin restriction</a>
+        by setting the `document.domain` attribute, using {{AssertionOptions/rpId}} as the given value but without changing the
+        current document's `domain`. If no errors are thrown, set |rpId| to the value of `host` as computed by this procedure,
+        and |rpIdHash| to the SHA-256 hash of |rpId|. Otherwise, reject |promise| with a <a>DOMException</a> whose name is
+        "SecurityError", and terminate this algorithm.
 
 4. If {{AssertionOptions/extensions}} was specified, process any extensions supported by this client platform, to produce the
     extension data that needs to be sent to the authenticator. If an error is encountered while processing an extension, skip
@@ -1288,7 +1290,7 @@ Upon receiving an attestation statement in the form of a {{WebAuthnAttestation}}
 
 2. Verify that the {{ClientData/challenge}} in the {{ClientData}} matches the challenge that was sent to the authenticator.
 
-3. Verify that the {{ClientData/origin}} in the {{ClientData}} matches the origin used by the RP.
+3. Verify that the {{ClientData/origin}} in the {{ClientData}} matches the [RP]'s origin.
 
 4. Verify that the {{ClientData/tokenBinding}} in the {{ClientData}} matches the token binding public key for the TLS connection
     over which the attestation was obtained.