Address some review comments

w3c · Jun 13, 2018 · f97fb77 · f97fb77
1 parent 0b3e939
commit f97fb77
Showing 1 changed file with 10 additions and 11 deletions.
diff --git a/index.bs b/index.bs
@@ -4785,7 +4785,7 @@ The privacy principles in [[!FIDO-Privacy-Principles]] also apply to this specif
 Many aspects of the design of the [=Web Authentication API=] are motivated by privacy concerns. The main concern considered in
 this specification is the protection of the user's personal identity, i.e., the identification of a human being or a correlation
 of separate identities as belonging to the same human being. Although the [=Web Authentication API=] does not use or provide any
-form of global identity, the following kinds of potentially correlatable identities are used:
+form of global identity, the following kinds of potentially correlatable identifiers are used:
 
 - The user's [=credential IDs=] and [=credential public keys=].
 
@@ -4798,7 +4798,7 @@ form of global identity, the following kinds of potentially correlatable identit
     These identities are obviously used by each [=[RP]=] to identify a user in their system. They are also visible to the
     [=client=] in the communication with the [=authenticator=].
 
-- The user's biometric information, e.g., fingerprints or facial recognition data.
+- The user's biometric characteristic(s), e.g., fingerprints or facial recognition data [[ISOBiometricVocabulary]].
 
     This is optionally used by the [=authenticator=] to perform [=user verification=]. It is not revealed to the [=[RP]=], but in
     the case of [=platform authenticators=], it might be visible to the [=client=] depending on the implementation.
@@ -4822,14 +4822,13 @@ prevent malicious [=[RPS]=] from using it to discover a user's personal identity
 [INFORMATIVE]
 
 Although [=Credential IDs=] and [=credential public keys=] are necessarily shared with the [=[RP]=] to enable strong
-authentication, the [=public key credentials=] employed in this specification are designed to be minimally identifying and never
-shared between [=[RPS]=].
+authentication, they are designed to be minimally identifying and not shared between [=[RPS]=].
 
 - [=Credential IDs=] and [=credential public keys=] are meaningless in isolation, as they only identify [=credential key pairs=]
     and not users directly.
 
-- Each [=public key credential=] is strictly bound to a specific [=[RP]=], and the [=client=] ensures that its existence is never
-    revealed to other [=[RPS]=]. A malicious [=[RP]=] thus cannot ask the [=client=] to reveal other identities owned by the user.
+- Each [=public key credential=] is strictly bound to a specific [=[RP]=], and the [=client=] ensures that its existence is not
+    revealed to other [=[RPS]=]. A malicious [=[RP]=] thus cannot ask the [=client=] to reveal a user's other identities.
 
 - The [=client=] also ensures that the existence of a [=public key credential=] is not revealed to the [=[RP]=] without [=user
     consent=]. This is detailed further in [[#sec-make-credential-privacy]] and [[#sec-assertion-privacy]]. A malicious [=[RP]=]
@@ -4855,12 +4854,12 @@ without a traditional username, further improving non-correlatability between [=
 authenticators=] the biometric data might also be visible to the [=client=], depending on the implementation. Biometric data is
 not revealed to the [=[RP]=]; it is only used as an additional layer of security for unlocking use of the [=authenticator=]. A
 malicious [=[RP]=] therefore cannot discover the user's personal identity via biometric data, and a security breach at a [=[RP]=]
-cannot expose biometric data for an attacker to use for forging logins at a different [=[RP]=].
+cannot expose biometric data for an attacker to use for forging logins at other [=[RPS]=].
 
-In the case where a [=[RP]=] requires [=biometric recognition=], this is instead achieved by the [=biometric authenticator=]
-setting the [=UV=] [=flag=] in the signed [=assertion=] response. The [=[RP]=] can trust the authenticity of this bit as long as
-it trusts the security guarantees of the [=attestation certificate=] presented when the [=biometric authenticator=] was
-[=registration|registered=].
+In the case where a [=[RP]=] requires [=biometric recognition=], this is achieved by the [=biometric authenticator=] setting the
+[=UV=] [=flag=] in the signed [=assertion=] response, instead of revealing the biometric data itself to the [=[RP]=]. The [=[RP]=]
+can trust the authenticity of the [=UV=] [=flag=] as long as it trusts the security guarantees of the [=attestation certificate=]
+presented when the [=biometric authenticator=] was [=registration|registered=].
 
 
 ## Attestation Privacy ## {#sec-attestation-privacy}