From fda418be3962f25177816d0c4670fd32c9f0b4d4 Mon Sep 17 00:00:00 2001 From: CI Bot Date: Fri, 8 Apr 2016 22:55:14 +0000 Subject: [PATCH] Script updating gh-pages. [ci skip] --- index.html | 384 +++++++++++++++++++++++++++++------------------------ 1 file changed, 209 insertions(+), 175 deletions(-) diff --git a/index.html b/index.html index 4a192bb95..797caa9a9 100644 --- a/index.html +++ b/index.html @@ -46,7 +46,7 @@

W3C

Web Authentication: A Web API for accessing scoped credentials 1

-

Editor’s Draft,

+

Editor’s Draft,

@@ -71,7 +71,7 @@

Abstract

-

This specification defines an API that enables web pages to access WebAuthn compliant strong cryptographic credentials through browser script. Conceptually, credentials are stored on an authenticator, and each credential is bound to a single Relying Party. Authenticators are responsible for ensuring that no operation is performed without the user’s consent. The user agent mediates access to credentials in order to preserve user privacy. Web Authentication uses the concept of attestation to provide a cryptographic proof of the authenticator model to the relying party. The relying party can derive the authenticator security characteristics from this proof.

+

This specification defines an API that enables web pages to access WebAuthn compliant strong cryptographic credentials through browser script. Conceptually, credentials are stored on an authenticator, and each credential is bound to a single Relying Party. Authenticators are responsible for ensuring that no operation is performed without the user’s consent. The user agent mediates access to credentials in order to preserve user privacy. Web Authentication uses the concept of attestation to provide a cryptographic proof of the authenticator model to the relying party. The relying party can derive the authenticator security characteristics from this proof.

Status of this document

@@ -101,8 +101,8 @@

Table of Contents

  • 1 Use Cases
      -
    1. 1.1 Registration (embedded authenticator mode) -
    2. 1.2 Authentication (external authenticator mode) +
    3. 1.1 Registration (embedded authenticator mode) +
    4. 1.2 Authentication (external authenticator mode)
    5. 1.3 Other configurations
  • @@ -236,7 +236,8 @@

    Table of Contents

  • 10.2 Authentication
  • 10.3 Decommissioning -
  • 11 Acknowledgements +
  • 11 Terminology +
  • 12 Acknowledgements
  • Index
      @@ -255,14 +256,14 @@

      Table of Contents

      1. Use Cases

      This section is not normative.

      -

      This specification defines an API for web pages to access scoped credentials through JavaScript, for the purpose of strongly authenticating a user. Scoped credentials are always scoped to a single WebAuthn Relying Party, and the API respects this requirement. Credentials created by a Relying Party can only be accessed by web origins belonging to that Relying Party. Additionally, privacy across Relying Parties must be maintained; scripts must not be able to detect any properties, or even the existence, of credentials belonging to other Relying Parties.

      -

      Scoped credentials are located on authenticators, which can use them to perform operations subject to user consent. Broadly, authenticators are of two types:

      +

      This specification defines an API for web pages to access scoped credentials through JavaScript, for the purpose of strongly authenticating a user. Scoped credentials are always scoped to a single WebAuthn Relying Party, and the API respects this requirement. Credentials created by a Relying Party can only be accessed by web origins belonging to that Relying Party. Additionally, privacy across Relying Parties must be maintained; scripts must not be able to detect any properties, or even the existence, of credentials belonging to other Relying Parties.

      +

      Scoped credentials are located on authenticators, which can use them to perform operations subject to user consent. Broadly, authenticators are of two types:

        -
      1. Embedded authenticators have their operation managed by the same computing device (e.g., smart phone, tablet, desktop PC) as the user agent is running on. For instance, such an authenticator might consist of a Trusted Platform Module (TPM) or Secure Element (SE) integrated into the computing device, along with appropriate platform software to mediate access to this device’s functionality. -
      2. External authenticators operate autonomously from the device running the user agent, and accessed over a transport such as Universal Serial Bus (USB), Bluetooth Low Energy (BLE) or Near Field Communications (NFC). +
      3. Embedded authenticators#embedded-authenticatorsReferenced in:1.1. Registration (embedded authenticator mode)11. Terminology have their operation managed by the same computing device (e.g., smart phone, tablet, desktop PC) as the user agent is running on. For instance, such an authenticator might consist of a Trusted Platform Module (TPM) or Secure Element (SE) integrated into the computing device, along with appropriate platform software to mediate access to this device’s functionality. +
      4. External authenticators#external-authenticatorsReferenced in:1.2. Authentication (external authenticator mode)10.2. Authentication11. Terminology operate autonomously from the device running the user agent, and accessed over a transport such as Universal Serial Bus (USB), Bluetooth Low Energy (BLE) or Near Field Communications (NFC).

      Note that an external authenticator may itself contain an embedded authenticator. For example, consider a smart phone that contains a scoped credential. The credential may be accessed by a web browser running on the phone itself. In this case the module containing the credential is functioning as an embedded authenticator. However, the credential may also be accessed over BLE by a user agent on a nearby laptop. In this latter case, the phone is functioning as an external authenticator. These modes may even be used in a single end-to-end user scenario. One such scenario is described in the remainder of this section.

      -

      1.1. Registration (embedded authenticator mode)

      +

      1.1. Registration (embedded authenticator mode)

      • On the phone: @@ -274,7 +275,7 @@

        Website shows message, "Registration complete."

      -

      1.2. Authentication (external authenticator mode)

      +

      1.2. Authentication (external authenticator mode)

      • On the laptop: @@ -303,7 +304,7 @@

        User employs a scoped credential as described above to authorize a single transaction, such as a payment or other financial transaction.

      2. Conformance

      -

      This specification defines criteria for a conforming user agent. A user agent MUST behave as described in this specification in order to be considered conformant. User agents MAY implement algorithms given in this specification in any way desired, so long as the end result is indistinguishable from the result that would be obtained by the specification’s algorithms. A conforming Web Authentication API user agent MUST also be a conforming implementation of the IDL fragments of this specification, as described in the “Web IDL” specification. [WebIDL-1]

      +

      This specification defines criteria for a Conforming User Agent. A User Agent MUST behave as described in this specification in order to be considered conformant. User Agents MAY implement algorithms given in this specification in any way desired, so long as the end result is indistinguishable from the result that would be obtained by the specification’s algorithms. A conforming Web Authentication API User Agent MUST also be a conforming implementation of the IDL fragments of this specification, as described in the “Web IDL” specification. [WebIDL-1]

      The term Base64url Encoding refers to the base64 encoding using the URL- and filename-safe character set defined in Section 5 of [RFC4648], with all trailing '=' characters omitted (as permitted by Section 3.2) and without the inclusion of any line breaks, whitespace, or other additional characters. This is the same encoding as used by JSON Web Signature (JWS) [RFC7515].

      2.1. Dependencies

      This specification relies on several other underlying specifications.

      @@ -319,8 +320,8 @@

      JsonWebKey#jsonwebkeyReferenced in:5.1. Client data6.4.3.4. AndroidAttestationClientData: A cryptographic key as defined in [WebCryptoAPI].

    • 3. WebAuthn Authenticator model

    -

    The API defined in this specification implies a specific abstract functional model for an authenticator. This section describes the authenticator model. Client platforms may implement and expose this abstract model in any way desired. However, the behavior of the client’s Web Authentication API implementation, when operating on the embedded and external authenticators supported by that platform, MUST be indistinguishable from the behavior specified in the Web Authentication API section.

    -

    In this abstract model, each authenticator stores some number of scoped credentials. Each scoped credential has an identifier which is unique (or extremely unlikely to be duplicated) among all scoped credentials. Each credential is also associated with a WebAuthn Relying Party, whose identity is represented by a Relying Party Identifier (RP ID).

    +

    The API defined in this specification implies a specific abstract functional model for an authenticator. This section describes the authenticator model. Client platforms may implement and expose this abstract model in any way desired. However, the behavior of the client’s Web Authentication API implementation, when operating on the embedded and external authenticators supported by that platform, MUST be indistinguishable from the behavior specified in the Web Authentication API section.

    +

    In this abstract model, each authenticator stores some number of scoped credentials. Each scoped credential has an identifier which is unique (or extremely unlikely to be duplicated) among all scoped credentials. Each credential is also associated with a WebAuthn Relying Party, whose identity is represented by a Relying Party Identifier (RP ID).

    A client must connect to an authenticator in order to invoke any of the operations of that authenticator. This connection defines an authenticator session. An authenticator must maintain isolation between sessions. It may do this by only allowing one session to exist at any particular time, or by providing more complicated session management.

    The following operations can be invoked by the client in an authenticator session.

    3.1. The authenticatorMakeCredential#authenticatormakecredentialReferenced in:3.3. The authenticatorCancel operation (2)4.1.1. Create a new credential (makeCredential() method) operation

    @@ -407,14 +408,14 @@

    4. 4.1. WebAuthentication#webauthenticationReferenced in:4. Web Authentication API (2) Interface

    This interface consists of the following methods.

    4.1.1. Create a new credential (makeCredential()#dom-webauthentication-makecredentialReferenced in:3.1. The authenticatorMakeCredential operation4. Web Authentication API6.4.3.5. Verifying AndroidClientData specific contextual bindings7. WebAuthn Extensions (2)7.2. Defining extensions7.3. Extending request parameters (2)8.2. Authenticator Selection Extension method)

    -

    With this method, a script can request the user agent to create a new credential of a given type and persist it to the underlying platform, which may involve data storage managed by the browser or the OS. The user agent will prompt the user to approve this operation. On success, the promise will be resolved with a ScopedCredentialInfo object describing the newly created credential.

    +

    With this method, a script can request the User Agent to create a new credential of a given type and persist it to the underlying platform, which may involve data storage managed by the browser or the OS. The user agent will prompt the user to approve this operation. On success, the promise will be resolved with a ScopedCredentialInfo object describing the newly created credential.

    This method takes the following parameters:

    When this method is invoked, the user agent MUST execute the following algorithm:

    @@ -422,7 +423,7 @@

  • If credentialTimeoutSeconds was specified, check if its value lies within a reasonable range as defined by the platform and if not, correct it to the closest value lying within that range. Set adjustedTimeout to this adjusted value. If credentialTimeoutSeconds was not specified then set adjustedTimeout to a platform-specific default.
  • Let promise be a new Promise. Return promise and start a timer for adjustedTimeout seconds. Then asynchronously continue executing the following steps. -
  • Set callerOrigin to the origin of the caller. Derive the RP ID from callerOrigin by computing the "public suffix + 1" or "PS+1" (which is also referred to as the "Effective Top-Level Domain plus One" or "eTLD+1") part of callerOrigin [PSL]. Set rpId to the RP ID. +
  • Set callerOrigin to the origin of the caller. Derive the RP ID from callerOrigin by computing the "public suffix + 1" or "PS+1" (which is also referred to as the "Effective Top-Level Domain plus One" or "eTLD+1") part of callerOrigin [PSL]. Set rpId to the RP ID.
  • Initialize issuedRequests to an empty list.
  • Process each element of cryptoParameters using the following steps: @@ -459,7 +460,7 @@

  • If assertionTimeoutSeconds was specified, check if its value lies within a reasonable range as defined by the platform and if not, correct it to the closest value lying within that range. Set adjustedTimeout to this adjusted value. If assertionTimeoutSeconds was not specified then set adjustedTimeout to a platform-specific default.
  • Let promise be a new Promise. Return promise and start a timer for adjustedTimeout seconds. Then asynchronously continue executing the following steps. -
  • Set callerOrigin to the origin of the caller. Derive the RP ID from callerOrigin by computing the "public suffix + 1" or "PS+1" (which is also referred to as the "Effective Top-Level Domain plus One" or "eTLD+1") part of callerOrigin [PSL]. Set rpId to the RP ID. +
  • Set callerOrigin to the origin of the caller. Derive the RP ID from callerOrigin by computing the "public suffix + 1" or "PS+1" (which is also referred to as the "Effective Top-Level Domain plus One" or "eTLD+1") part of callerOrigin [PSL]. Set rpId to the RP ID.
  • Initialize issuedRequests to an empty list.
  • If assertionExtensions was specified, process any extensions supported by this client platform, to produce the extension data that needs to be sent to the authenticator. Call this data clientExtensions.
  • @@ -483,14 +484,14 @@

    4.2. ScopedCredentialInfo#scopedcredentialinfoReferenced in:4. Web Authentication API (2)4.1.1. Create a new credential (makeCredential() method) (2) Interface

    -

    This interface represents a newly-created scoped credential. It contains information about the credential that can be used to locate it later for use, and also contains metadata that can be used by the WebAuthn Relying Party to assess the strength of the credential during registration.

    +

    This interface represents a newly-created scoped credential. It contains information about the credential that can be used to locate it later for use, and also contains metadata that can be used by the WebAuthn Relying Party to assess the strength of the credential during registration.

    The credential attribute contains a unique identifier for the credential represented by this object.

    The publicKey attribute contains the public key associated with the credential, represented as a JsonWebKey structure as defined in [WebCryptoAPI].

    The attestation attribute contains a key attestation statement returned by the authenticator. This provides information about the credential and the authenticator it is held in, such as the level of security assurance provided by the authenticator.

    4.3. User Account Information (dictionary Account#dictdef-accountReferenced in:4. Web Authentication API (2))

    -

    This dictionary is used by the caller to specify information about the user account and Relying Party with which a credential is to be associated. It is intended to help the authenticator in providing a friendly credential selection interface for the user.

    +

    This dictionary is used by the caller to specify information about the user account and WebAuthn Relying Party with which a credential is to be associated. It is intended to help the authenticator in providing a friendly credential selection interface for the user.

    The rpDisplayName member contains the friendly name of the Relying Party, such as "Acme Corporation", "Widgets Inc" or "Awesome Site".

    The displayName member contains the friendly name associated with the user account by the Relying Party, such as "John P. Smith".

    The name member contains a detailed name for the account, such as "john.p.smith@example.com".

    @@ -527,7 +528,7 @@

    < the extension identifier as the key, and the extension’s value as the value (see §5 Signature Format for details).

    4.5.6. Key Attestation Statement (interface AttestationStatement)

    -

    Authenticators also provide some form of key attestation. The basic requirement is that the authenticator can produce, for each credential public key, attestation information that can be verified by a WebAuthn Relying Party. Typically this information contains a signature by an attesting key over the attested public key and a challenge, as well as a certificate or similar information providing provenance information for the attesting key, enabling a trust decision to be made. The structure of these attestation statements is defined in §6 Key Attestation Format.

    +

    Authenticators also provide some form of key attestation. The basic requirement is that the authenticator can produce, for each credential public key, attestation information that can be verified by a WebAuthn Relying Party. Typically this information contains a signature by an attesting key over the attested public key and a challenge, as well as a certificate or similar information providing provenance information for the attesting key, enabling a trust decision to be made. The structure of these attestation statements is defined in §6 Key Attestation Format.

    5. Signature Format

    WebAuthn signatures are bound to various contextual data. These data are observed, and added at different levels of the stack as a signature request @@ -535,17 +536,16 @@

    WebAuthn Relying Party (RP), which uses the WebAuthn services. + The relying party may, for example, be a web-application running in a browser, + or a native application that runs directly on the OS platform. +
  • The WebAuthn Client platform, which consists of the user’s OS and device used to host the RP’s client-side app. For web-applications, the browser also belongs to this layer. -
  • The authenticator itself, which provides key management and +
  • The Authenticator itself, which provides key management and cryptographic signatures. -

    When the RP client-side application is a web-application, the interface between 1 and 2 +

    When the Relying Party client-side application is a web-application, the interface between 1 and 2 is the Web Authentication API, but is platform specific for native applications. In cases where the authenticator is not tightly integrated with the platform, the interface between 2 and 3 is a separately-defined protocol. @@ -575,7 +575,7 @@

    5.1. Client data

    -

    The client data represents the contextual bindings of both the RP and the +

    The client data represents the contextual bindings of both the WebAuthn Relying Party and the client platform. It is a key-value mapping with string-valued keys. Values may be any type that has a valid encoding in JSON. It MUST contain at least the following key-value pairs.

    @@ -593,7 +593,7 @@

    facet
    A string value describing the RP identifier facet. - When the RP client-side app is a website, this is its fully qualified web origin, + When the WebAuthn Relying Party client-side app is a website, this is its fully qualified web origin, using the syntax defined by [RFC6454]. When the client-side app is a native application, this string is a platform specific identifier.
    JsonWebKey tokenBinding @@ -624,16 +624,15 @@

    §5.3 Generating a signature). + the WebAuthn Relying Party (see §5.3 Generating a signature). This is necessary since multiple JSON encodings of the same client data are possible.

    -

    The hash algorithm hashAlg used to compute clientDataHash is - included in the ClientData object. This way it is available to the RP and +

    The hash algorithm hashAlg used to compute clientDataHash is + included in the ClientData object. This way it is available to the Relying Party and it is also hashed over when computing clientDataHash and hence anchored in the signature itself.

    5.2. Authenticator data

    -

    The authenticator data encodes contextual bindings made by the - authenticator itself. The authenticator data has a compact but extensible +

    The authenticator data encodes contextual bindings made by the authenticator itself. The authenticator data has a compact but extensible encoding. This is desired since authenticators can be devices with limited capabilities and low power requirements, with much simpler software stacks than the client platform components.

    @@ -675,7 +674,7 @@

    5.3. Generating a signature

    A raw cryptographic signature must assert the integrity of both the - client data and the authenticator data. Thus, an authenticator SHALL + client data and the authenticator data. Thus, an authenticator SHALL compute a signature over the concatenation of the authenticatorData and the clientDataHash.

    @@ -686,9 +685,9 @@

    The authenticator MUST return both the authenticatorData and the raw signature back to the client.

    5.4. Client encoding of assertions

    -

    The client platform uses an authenticator assertion to construct - the final {{WebAuthn assertion}} object returned to the RP as follows.

    -
    interface WebAuthnAssertion#webauthnassertionReferenced in:4. Web Authentication API4.1.2. Use an existing credential (getAssertion() method)4.5.4. WebAuthn Assertion (interface WebAuthnAssertion) {
+   
    The client platform uses an authenticator assertion to construct
+  the final WebAuthnAssertion object returned to the Relying Party as follows.
    
+
    interface WebAuthnAssertion#webauthnassertionReferenced in:4. Web Authentication API4.1.2. Use an existing credential (getAssertion() method)4.5.4. WebAuthn Assertion (interface WebAuthnAssertion)5.4. Client encoding of assertions {
   attribute Credential credential;
   attribute DOMString  clientData;
   attribute DOMString  authenticatorData#dom-webauthnassertion-authenticatordataReferenced in:5.4. Client encoding of assertions;
@@ -709,15 +708,15 @@ 
     A base64url encoding of the raw signature returned from the authenticator.
       (See §5.3 Generating a signature) 
     
-    
    This assertion is delivered to the RP in either a platform specific manner, or
+    
    This assertion is delivered to the WebAuthn Relying Party in either a platform specific manner, or
   in the case of web applications, according to the Web Authentication API (§4 Web Authentication API).
-  It contains all the information that the RP’s server requires to
+  It contains all the information that the Relying Party’s server requires to
   reconstruct the signature base string, as well as to decode and validate
   the bindings of both the client- and authenticator data.
    
     
    6. Key Attestation Format
    
     
    This specification defines generic data structures that cover the
-	semantics of authenticator attestation. This specification also 
-	provides a profile of these structures when a TPM [TPM] acts as a crypto kernel. 
+	semantics of authenticator attestation. This specification also
+	provides a profile of these structures when a TPM [TPM] acts as a crypto kernel.
 	More profiles are expected to be added as the specification
 	evolves.
    
     
    6.1. Overview
    
@@ -731,19 +730,19 @@ 
    This model is also used for FIDO UAF 1.0 and FIDO U2F 1.0.
    
      
    Surrogate Basic Attestation
-     
    In the case of surrogate basic attestation [UAFProtocol], the 
-	    Authenticator doesn’t have any specific attestation key.  Instead it uses 
-	    the authentication key to (self-)sign the (surrogate) attestation message.  
+     
    In the case of surrogate basic attestation [UAFProtocol], the
+	    Authenticator doesn’t have any specific attestation key.  Instead it uses
+	    the authentication key to (self-)sign the (surrogate) attestation message.
 	    Authenticators without meaningful protection measures for an attestation private key
 	    typically use this attestation model. 
      
    Privacy CA
      
    
-      In this case, the authenticator owns an authenticator-specific (endorsement) key.  
-	    This key is used to securely communicate with a trusted third party, 
+      In this case, the Authenticator owns an authenticator-specific (endorsement) key.
+	    This key is used to securely communicate with a trusted third party,
 	    the Privacy CA.  The Authenticator can generate
-	    multiple attestation key pairs and asks the Privacy CA to issue an 
+	    multiple attestation key pairs and asks the Privacy CA to issue an
 	    attestation certificate for it. 
-      
    Using this approach, the Authenticator can limit the exposure of the 
+      
    Using this approach, the Authenticator can limit the exposure of the
 	      endorsement key (which is a global correlation handle) to Privacy CA(s).
 	      Attestation keys can be requested for each scoped credential individually. 
    
       
    This concept typically leads to multiple attestation certificates.
@@ -753,12 +752,12 @@ 
    WebAuthn supports DAA using elliptic curve cryptography and bilinear pairings, 
+      
    WebAuthn supports DAA using elliptic curve cryptography and bilinear pairings,
 	      called ECDAA (see [FIDOEcdaaAlgorithm]) in this specification.
    
     
-    
    Compliant servers MUST support all attestation models.  
+    
    Compliant servers MUST support all attestation models.
 	  Authenticators can choose what attestation model to implement. 
    
-    
    Relying parties can always decide what attestation models are acceptable by policy. 
    
+    
    WebAuthn Relying Parties can always decide what attestation models are acceptable by policy. 
    
     
    6.1.2. Contextual Data
    
     
    WebAuthn attestation statements are bound to various contextual data. These data are
 	  observed, and added at different levels of the stack as a signature request
@@ -766,14 +765,13 @@ 
    
 	  server checks these bindings against expected values.
    
     
    These components can be divided into three layers:
    
     
      
-     
    1. The WebAuthn relying party (RP) consists of two subcomponents: an online
+     
    2. The WebAuthn Relying Party (RP) consists of two subcomponents: an online
 	    service and a client-side application. The client-side app may, for
 	    example, be a web application running in a browser, or a native application
 	    that runs directly on the OS platform.
-     
    3. The client platform, which consists of the user’s OS and device used to
-	    host the RP’s client-side app. For web applications, the browser also belongs
-	    to this layer.
-     
    4. The authenticator itself, which provides key generation and key management and
+     
    5. The WebAuthn Client platform, which consists of the user’s OS and device used to
+	    host the RP’s client-side app. The Conforming User Agent belongs to this layer.
+     
    6. The Authenticator itself, which provides key generation and key management and
 	    cryptographic signatures.
     
    
     
    The goals of this design can be summarized as follows. 
    
@@ -792,7 +790,7 @@ 
    
     
     
    
     
     There are two kinds of contextual bindings:
-	  Those added by the RP or the client platform,
+	  Those added by the Relying Party or the client platform,
 	  referred to as client data (see §5 Signature Format)
 	  and those added by the
 	  authenticator, referred to as the attestation data.  The client
@@ -803,35 +801,35 @@ 
    
 	  the hash result to the authenticator. The authenticator attestation statement includes the combination
 	  of this hash, and its own attestation data. 
    
     
    6.1.3. Attestation Raw Data Types
    
-    
     WebAuthn supports pluggable attestation raw data types, i.e., 
-	  ways to serialize the data being attested to by the authenticator.
+    
     WebAuthn supports pluggable attestation raw data types, i.e.,
+	  ways to serialize the data being attested to by the Authenticator.
 	  The reason is to be able to support existing devices like TPMs and other
 	  platform-specific formats. 
    
     
    Each attestation type provides the ability to cryptographically attest to a public key, the
 	  authenticator model, and contextual data to a remote party. 
    
-    
    Attestation raw data types are orthogonal to attestation models, i.e. 
+    
    Attestation raw data types are orthogonal to attestation models, i.e.
 	  attestation raw data types in general are not restricted to a single attestation model. 
    
     
    6.2. Attestation Statement
    
-    
    When an attestation statement is required for an Authenticator, the client
+    
    When an attestation statement is required for an Authenticator, the client
 	needs to ask the Authenticator to generate one. This section describes the
 	attestation statement data structures. Attestation statements
 	can also include some host and other Authenticator information. 
    
     
    The attestation statement consists of
    
     
      
-     
    1. the header object, containing the signing algorithm and 
+     
    2. the header object, containing the signing algorithm and
 	  additional information required to verify the attestation signature. 
      
    3. the core object, containing the attested data.  This object
-	  is a container and can carry multiple, authenticator model specific, 
+	  is a container and can carry multiple, authenticator model specific,
 	  attestation rawData types (see section §6.4 Defined Attestation Raw Data Types). 
      
    4. the signature object.  This object contains the cryptographic
-	  signature computed over the rawData object.  
+	  signature computed over the rawData object. 
 	  The structure of this object depends on the signature algorithm. 
     
    
     
    6.3. Client encoding of attestation statements
    
-    
    The client platform uses an authenticator generated 
-	  attestation signature (signature) and the 
+    
    The client platform uses an authenticator generated
+	  attestation signature (signature) and the
 	  authenticator generated rawData object to construct
-	  the final attestation statement object (which will be returned to the RP). 
+	  the final attestation statement object (which will be returned to the RP).
 	  This attestation statement is encoded as: 
    
 
    interface AttestationStatement#webauthnassertion-attestationstatementReferenced in:4. Web Authentication API {
     readonly    attribute AttestationHeader header;
@@ -844,26 +842,26 @@ 
    Attestation header, including algorithm, (optionally) the claimed AAGUID 
 	    and (optionally) the attestation certificate chain. 
      
    readonly attribute AttestationCore core
-     
    AttestationCore object.  This object includes the attested rawData and 
+     
    AttestationCore object.  This object includes the attested rawData and
 	    its type and version.
      
    readonly attribute DOMString signature
      
    The base64url-encoded attestation signature.  The structure of this 
 	    object depends on the signature algorithm specified in the header. 
     
-    
    This attestation statement is delivered to the RP according to the Client API.
-	  It contains all the information that the RP’s server requires to
+    
    This attestation statement is delivered to the WebAuthn Relying Party according to the Client API.
+	  It contains all the information that the Relying Party’s server requires to
 	  reconstruct the signature base string, as well as to decode and validate
 	  the bindings of both the client- and authenticator data. 
    
     
    6.3.1. AttestationCore
    
     
    Data attested by the Authenticator and description of its structure.
-	Different types of Authenticators might generate different object types 
+	Different types of Authenticators might generate different object types
 	(identified by type and version).
    
 
    interface AttestationCore#webauthnassertion-attestationcoreReferenced in:6.3. Client encoding of attestation statements {
     readonly    attribute DOMString     type;
     readonly    attribute unsigned long version;
     readonly    attribute DOMString     rawData;
     readonly    attribute DOMString     clientData;
-};  
+};
 
    
     
    
      
    readonly attribute DOMString type
@@ -896,12 +894,12 @@ 
    
     
    
      
    readonly attribute DOMString claimedAAGUID
-     
    The claimed Authenticator Attestation GUID (a version 4 GUID, see [RFC4122]).  
-	    This value is used by the WebAuthn Relying Party to 
-	    lookup the trust anchor for verifying this AttestationCore object.  
-	    If the verification succeeds, 
+     
    The claimed Authenticator Attestation GUID (a version 4 GUID, see [RFC4122]).
+	    This value is used by the WebAuthn Relying Party to
+	    lookup the trust anchor for verifying this AttestationCore object.
+	    If the verification succeeds,
 	    the AAGUID related to the trust anchor is trusted.  This field MUST be present, if either no
-	    attestation certificates are used (e.g., DAA) or if the attestation 
+	    attestation certificates are used (e.g., DAA) or if the attestation
 	    certificate doesn’t contain the AAGUID value in an extension. 
      
    readonly attribute DOMString[] x5c
      
    Attestation Certificate and its certificate chain as described
@@ -909,23 +907,21 @@ 
    readonly attribute DOMString alg
      
    
       The name of the algorithm used to generate the attestation signature according to [RFC7518]. 
-      
    See §6.4.1.3 Signature for the signature algorithms 
+      
    See §6.4.1.3 Signature for the signature algorithms
 	      to be implemented by servers.
    
     
    
     
    6.4. Defined Attestation Raw Data Types
    
     
     Attestation Raw Data (rawData) is the to-be-signed object of
 	  the attestation statement. WebAuthn supports pluggable attestation data types.
 	  This allows support of TPM generated attestation data as well as support of
-	  other WebAuthn authenticators. 
    
+	  other WebAuthn authenticators. 
    
     
     The contents of the attestation data must be controlled (i.e., generated or
 	  at least verified) by the authenticator itself. 
    
     
    6.4.1. Packed Attestation
    
     
    Packed attestation is a WebAuthn optimized format of attestation data.  It uses a very compact but
-	  still extensible encoding method.  Encoding this format can even be implemented by authenticators
-	  with very limited resources (e.g., secure elements).
    
+	  still extensible encoding method.  Encoding this format can even be implemented by authenticators with very limited resources (e.g., secure elements).
    
     
    6.4.1.1. Attestation rawData (type="packed")
    
-    
    The attestation data encodes contextual bindings made by the
-	      authenticator itself. Unlike client data, the authenticator data has
+    
    The attestation data encodes contextual bindings made by the authenticator itself. Unlike client data, the authenticator data has
 	      a compact but extensible encoding. This is desired since authenticators can
 	      be devices with limited capabilities and low power requirements, with much
 	      simpler software stacks than the client platform components.
    
@@ -941,7 +937,7 @@ 
    Description
       
        2
-       0xF1D0, fixed big-endian TAG to make sure this object won’t be 
+       0xF1D0, fixed big-endian TAG to make sure this object won’t be
 		  confused with other (non-WebAuth) binary objects.
       
        1
@@ -1001,19 +997,18 @@ 
    Byte length n of clientDataHash 
       
        n
-       clientDataHash (see §6.3.1.1 Client data).  
+       clientDataHash (see §6.3.1.1 Client data).
 		  This is the hash of clientData.  The hash algorithm itself is stored
 		  in the clientData object §5 Signature Format. 
       
        As defined by the extension map
-       Extension-defined authenticator data. This is a CBOR [RFC7049] map with 
-		  extension identifiers as keys, and extension authenticator data values as values. 
-		  See §7 WebAuthn Extensions for a description 
+       Extension-defined authenticator data. This is a CBOR [RFC7049] map with
+		  extension identifiers as keys, and extension authenticator data values as values.
+		  See §7 WebAuthn Extensions for a description
 		  of the extension mechanism.
 		  See §6.4.1.2 Extensions for Packed Attestation rawData for pre-defined extensions. 
     
-    
    The TUP flag SHALL be set if and only if the authenticator
-	      detected a user through an authenticator-specific gesture. The RFU bits in the flags byte SHALL be cleared (i.e., zeroed).
    
+    
    The TUP flag SHALL be set if and only if the authenticator detected a user through an authenticator-specific gesture. The RFU bits in the flags byte SHALL be cleared (i.e., zeroed).
    
     
    If the authenticator does not wish to add extensions, it MUST clear
 	      the ED flag in the third byte.
    
     
    6.4.1.2. Extensions for Packed Attestation rawData
    
@@ -1028,23 +1023,23 @@ 
    Authenticator argument
      
    N/A
      
    Authenticator processing
-     
    This extension is added automatically by the authenticator.  This extension can be added
+     
    This extension is added automatically by the authenticator.  This extension can be added
 		  to attestation statements and signatures. 
      
    Authenticator data
      
    
       A 128-bit Authenticator Attestation GUID encoded as a CBOR text string (major type 3). 
       
    This AAGUID is used to identify the Authenticator model (Authenticator Attestation GUID).
    
       
    
-       
    The authenticator model (identified by the AAGUID) can be derived from 
-			(a) here, or  
+       
    The authenticator model (identified by the AAGUID) can be derived from
+			(a) here, or
 			(b) from the attestation certificate (if we have an authenticator specific
-			or authenticator model specific attestation certificate), 
-			or (c) or from the claimed AAGUID in the client 
-			encoded attestation statement (if we have one attestation root certificate 
+			or authenticator model specific attestation certificate),
+			or (c) or from the claimed AAGUID in the client
+			encoded attestation statement (if we have one attestation root certificate
 			per authenticator model). 
    
-       
    In the case of DAA there is no need for an X.509 
-			attestation certificate hierarchy. 
-			Instead the trust anchor being known to the RP is 
+       
    In the case of DAA there is no need for an X.509
+			attestation certificate hierarchy.
+			Instead the trust anchor being known to the Relying Party is
 			the DAA root key (i.e. ECPoint2 X, Y).  This root key must be dedicated
 			to a single authenticator model. 
    
       
    
@@ -1063,7 +1058,7 @@ 
    6.4.1.2.3. User Verification Index (UVI) Extension
    
@@ -1081,18 +1076,18 @@ 
    Authenticator data
      
    
-      The user verification index (UVI) is a value uniquely identifying 
+      The user verification index (UVI) is a value uniquely identifying
 		  a user verification data record.  The UVI is encoded as CBOR byte string (type 0x58). 
-      
    Each UVI value MUST be specific to the related key (in order to provide unlinkability).  
-		      It also must contain sufficient entropy that makes guessing impractical.  
+      
    Each UVI value MUST be specific to the related key (in order to provide unlinkability).
+		      It also must contain sufficient entropy that makes guessing impractical.
 		      UVI values MUST NOT be reused by the Authenticator (for other biometric data or users). 
    
       
    The UVI data can be used by servers to understand whether an authentication
 		      was authorized by the exact same biometric data as the initial key generation.
 		      This allows the detection and prevention of "friendly fraud". 
    
       
    As an example, the UVI could be computed as SHA256(KeyID | SHA256(rawUVI)),
-		      where the rawUVI reflects (a) the biometric reference data, 
+		      where the rawUVI reflects (a) the biometric reference data,
 		      (b) the related OS level user ID and (c) an identifier which changes whenever a
-		      factory reset is performed for the device, e.g. 
+		      factory reset is performed for the device, e.g.
 		      rawUVI = biometricReferenceData | OSLevelUserID | FactoryResetCounter. 
    
       
    Servers supporting UVI extensions MUST support a length of up to 32 bytes
 		      for the UVI value. 
    
@@ -1114,7 +1109,7 @@ 
    
     
    6.4.1.3. Signature
    
     
    The signature is computed over the base64url-decoded rawData field.
    
-     The following 
+     The following
 	    algorithms must be implemented by servers: 
     
      
      
    1. "ES256" [RFC7518]
@@ -1122,9 +1117,9 @@ 
      [RFC7518]
      
    2. "ED256" [FIDOEcdaaAlgorithm]
     
    
-     Authenticators can choose which algorithm to implement. 
+     Authenticators can choose which algorithm to implement. 
     
    6.4.1.4. Packed attestation statement certificate requirements
    
-    
    In the case of DAA attestation [FIDOEcdaaAlgorithm] no attestation certificate is used. 
    
+    
    In the case of DAA attestation [FIDOEcdaaAlgorithm] no attestation certificate is used. 
    
     
    The attestation certificate MUST have the following
 	      fields/extensions: 
    
     
      
@@ -1142,23 +1137,23 @@ 
      [RFC5280] are both optional as the status of attestation certificates is
 		available through the FIDO Metadata Service [FIDOMetadataService]. 
     
    
     
    6.4.2. TPM Attestation
    
     
    6.4.2.1. Attestation rawData (type="tpm")
    
     
     The value of rawData is the base64url encoding of a binary object.
-	      This binary object is either a
+	            This binary object is either a
               TPM_CERTIFY_INFO or a TPM_CERTIFY_INFO2 structure [TPMv1-2-Part2] sections 11.1 and 11.2, if attestationStatement.core.version equals 1. Else, if attestationStatement.core.version equals 2, it MUST be
               the base64url encoding of a TPMS_ATTEST structure as defined in [TPMv2-Part2] sections 10.12.9. 
    
-    
     The field "extraData" (in the case of TPMS_ATTEST) or the field "data" 
-	      (in the case of TPM_CERTIFY_INFO or TPM_CERTIFY_INFO2) MUST contain 
+    
     The field "extraData" (in the case of TPMS_ATTEST) or the field "data"
+	      (in the case of TPM_CERTIFY_INFO or TPM_CERTIFY_INFO2) MUST contain
 	      the clientDataHash (see [[#signature-format]). 
    
     
    6.4.2.2. Signature
    
     
     If attestationStatement.core.version equals 1, (i.e., for
@@ -1166,7 +1161,7 @@ 
    
     
     If attestationStatement.core.version equals 2, the
               following algorithms can be used by WebAuthn Authenticators: 
    
     
      
-     
    1. TPM_ALG_RSASSA (0x14).  This is the same algorithm RSASSA-PKCS1-v1_5 
+     
    2. TPM_ALG_RSASSA (0x14).  This is the same algorithm RSASSA-PKCS1-v1_5
 		as for version 1 but for use with TPMv2. attestationStatement.header.alg="RS256".
      
    3. TPM_ALG_RSAPSS (0x16); attestationStatement.header.alg="PS256".
      
    4. TPM_ALG_ECDSA (0x18); attestationStatement.header.alg="ES256".
@@ -1174,10 +1169,10 @@ 
      
      
    5. TPM_ALG_SM2 (0x1B); attestationStatement.header.alg="SM256".
     
    
     
    The signature is computed over the base64url-decoded rawData field
    
-    
    See §6.4.1.3 Signature for the signature algorithms 
+    
    See §6.4.1.3 Signature for the signature algorithms
 	      to be implemented by servers. 
    
     
    6.4.2.3. TPM attestation statement certificate requirements
    
-    
    TPM attestation certificate MUST have the following
+    
    TPM attestation certificate MUST have the following
 	      fields/extensions: 
    
     
      
      
    • Version must be set to 3.
@@ -1188,17 +1183,17 @@ 
      The Basic Constraints extension MUST have the CA component set
 		to false 
-     
    • An Authority Information Access (AIA) extension with entry id-ad-ocsp and 
+     
    • An Authority Information Access (AIA) extension with entry id-ad-ocsp and
 		a CRL Distribution Point extension [RFC5280] are both optional as the status of attestation certificates is
 		available through the FIDO Metadata Service [FIDOMetadataService]. 
     
    
     
    6.4.3. Android Attestation
    
-    
     When the Authenticator in question is a platform-provided
+    
     When the Authenticator in question is a platform-provided
        Authenticator on the Android platform, the attestation statement is
        based on the  SafetyNet API. 
    
-    
    Android attestation statement MUST always be used in conjunction with the more 
+    
    Android attestation statement MUST always be used in conjunction with the more
 	  specific AndroidAttestationClientData (see §6.4.3.4 AndroidAttestationClientData)
-	  in order to let the RP App store the public key in the attestation object. 
    
+	  in order to let the Relying Party App store the public key in the attestation object. 
    
     
    6.4.3.1. Attestation rawData (type="android")
    
     
     Android SafetyNet returns a JWS [RFC7515] object (see  SafetyNet online documentation) in Compact
 	    Serialization. A JWS in Compact Serialization consists of three segments
@@ -1218,13 +1213,13 @@ 
    6.4.3.3. Converting SafetyNet response to attestationStatement
    
-    
     The Authenticator and/or platform SHOULD use the steps outlined below to
+    
     The Authenticator and/or platform SHOULD use the steps outlined below to
 	    create an attestationStatement from an Android SafetyNet response. It MAY
 	    use a different algorithm, as long as the results are the same. 
    
     
      
-     
    1. create clientDataJSON with type AndroidAttestationClientData (see below) and 
+     
    2. create clientDataJSON with type AndroidAttestationClientData (see below) and
 	      compute clientData as base64url-encoded clientDataJSON.
-     
    3. provide the clientDataHash computed as the hash value of clientData 
+     
    4. provide the clientDataHash computed as the hash value of clientData
 	      as Nonce value when requesting the SafetyNet attestation.
      
    5. take SafetyNet response snr.  This is a JWS object ([RFC7515]).
      
    6. extract the base64url-encoded Protected Header hdr from snr (see [RFC7515])
@@ -1235,10 +1230,10 @@ 
      base64url-decode hdr into hdr-d
      
    7. set AttestationStatement.header.alg = hdr-d.alg
      
    8. if hdr-d.x5c is present, then set AttestationStatement.header.x5c = hdr-d.x5c
-     
    9.  if hdr-d.x5u is present, then resolve the URL and add the 
+     
    10.  if hdr-d.x5u is present, then resolve the URL and add the
 	      retrieved certificate chain to AttestationStatement.header.x5c 
      
    11. set AttestationStatement.core.type = "android"
-     
    12. set AttestationStatement.core.version to the 
+     
    13. set AttestationStatement.core.version to the
 	      version number of Google Play Services responsible for providing the SafetyNet API
     
    
     
    6.4.3.4. AndroidAttestationClientData
    
@@ -1248,7 +1243,7 @@ 
    isInsideSecureHardware;
              DOMString              userAuthentication;
              unsigned long userAuthenticationValidityDurationSeconds; // optional
-};  
+};
 
    
     
    
      
    JsonWebKey publicKey
@@ -1277,19 +1272,19 @@ 
    makeCredential() call. 
      
  •  Check that the facet and tokenBinding parameters in the AndroidAttestationClientData match the
-		RP App. 
+		Relying Party App. 
      
  •  Check that AndroidAttestationClientData.publicKey is the same key as the one
 		returned in the ScopedCredentialInfo by the makeCredential call. 
      
  •  Check that the hash of the clientDataJSON matches the nonce attribute in the payload of the safetynetResponse JWS. 
      
  •  Check that the ctsProfileMatch attribute in the payload
 		of the safetynetResponse is true. 
-     
  •  Check that the apkPackageName attribute in the payload of the safetynetResponse matches package name of the application calling 
+     
  •  Check that the apkPackageName attribute in the payload of the safetynetResponse matches package name of the application calling
 		SafetyNet API. 
      
  •  Check that the apkDigestSha256 attribute in the
-		payload of the safetynetResponse matches the package hash 
+		payload of the safetynetResponse matches the package hash
 		of the application calling SafetyNet API. 
      
  •  Check that the apkCertificateDigestSha256 attribute in the
-		payload of the safetynetResponse matches the hash of the signing certificate 
+		payload of the safetynetResponse matches the hash of the signing certificate
 		of the application calling SafetyNet API. 
     
     
    6.5. Verifying an Attestation Statement
    
@@ -1302,24 +1297,24 @@ 
    
-       
  • Lookup the attestation root certificate from a trusted source.  
+       
  • Lookup the attestation root certificate from a trusted source.
 		The FIDO Metadata Service [FIDOMetadataService] provides an easy way to access such information.
 		The header.claimedAAGUID can be used for this lookup. 
-       
  • Verify that 
+       
  • Verify that
 		the attestation certificate chain is valid and
 		chains up to a trusted root (following [RFC5280]). 
        
  • Verify that the attestation certificate has the right Extended Key Usage (EKU) based
 		on the WebAuthn Authenticator type (as denoted by the header.type member). In case of a
 		type="tpm", this EKU shall be OID "2.23.133.8.3". 
-       
  • If the attestation type is "android", verify that the attestation certificate is issued 
+       
  • If the attestation type is "android", verify that the attestation certificate is issued
 	          to the hostname "attest.android.com" (see  SafetyNet online documentation). 
        
  • Verify that all issuing CA certificates in the chain are valid
 		and not revoked. 
        
  •  Verify the signature on core.rawData using the
 		attestation certificate public key and algorithm as identified by header.alg. 
-       
  •  Verify core.rawData syntax and that it doesn’t contradict the signing 
+       
  •  Verify core.rawData syntax and that it doesn’t contradict the signing
 		algorithm specified in header.alg. 
-       
  • If the attestation certificate contains an extension with 
+       
  • If the attestation certificate contains an extension with
 		OID 1 3 6 1 4 1 45724 1 1 4 (id-fido-gen-ce-aaguid) verify that the value of this extension matches header.claimedAAGUID.  This identifies the Authenticator model. 
        
  • If such extension doesn’t exist,
 		the attestation root certificate is dedicated to a single Authenticator model. 
@@ -1335,9 +1330,9 @@ 
    §6.3.1.1 Client data). 
-     
  •  Verify that user verification method and other authenticator characteristics 
+     
  •  Verify that user verification method and other authenticator characteristics
 	    related to this authenticator model, match the relying party policy.
 	    The FIDO Metadata Service [FIDOMetadataService] provides an easy way to access the authenticator characteristics. 
     
@@ -1347,10 +1342,10 @@ 
    §6.1.1 Attestation Models), if policy allows it.
-	    If doing so, there is no cryptographic proof that the Scoped Credential 
-	    has been generated by a particular Authenticator model.  
+	    If doing so, there is no cryptographic proof that the Scoped Credential
+	    has been generated by a particular Authenticator model.
 	    See [FIDOSecRef] and [UAFProtocol] for more details on the relevance on attestation. 
     
     
    Verification of attestation statements requires that the relying
@@ -1366,30 +1361,30 @@ 
    
     
      
-     
    • A WebAuthn Authenticator manufacturer may choose to ship all of their devices with
+     
    • A WebAuthn Authenticator manufacturer may choose to ship all of their devices with
 	    the same (or a fixed number of) attestation key(s) (called Full Basic Attestation). This will
 	    anonymize the user at the risk of not being able to revoke a
 	    particular attestation key should its WebAuthn Authenticator be compromised. 
      
    • A WebAuthn Authenticator may be capable of dynamically generating different attestation keys
-	    (and requesting related certificates) per origin (following the Privacy CA model). 
-	    For example, a WebAuthn Authenticator can ship with a master 
+	    (and requesting related certificates) per origin (following the Privacy CA model).
+	    For example, a WebAuthn Authenticator can ship with a master
 	    attestation key (and certificate), and
 	    combined with a cloud operated privacy CA, can dynamically generate per origin
 	    attestation keys and attestation certificates. 
-     
    • A WebAuthn Authenticator can implement direct anonymous 
+     
    • A WebAuthn Authenticator can implement direct anonymous
 	    attestation (see [FIDOEcdaaAlgorithm]).  Using this scheme the authenticator
-	    generates a blinded attestation signature.  This allows the relying party to verify 
-	    the signature using the DAA root key, but the attestation signature doesn’t 
+	    generates a blinded attestation signature.  This allows the relying party to verify
+	    the signature using the DAA root key, but the attestation signature doesn’t
 	    serve as a global correlation handle. 
     
    
     
    6.6.2. Attestation Certificate and Attestation Certificate CA Compromise
    
     
    When an intermediate CA or a root CA used for issuing attestation
-	  certificates is compromised, WebAuthn Authenticator attestation keys are still
+	  certificates is compromised, WebAuthn Authenticator attestation keys are still
 	  safe although their certificates can no longer be trusted. A
 	  WebAuthn Authenticator manufacturer that has recorded the public attestation keys
 	  for their devices can issue new attestation certificates for
 	  these keys from a new intermediate CA or from a new root CA.
-	  If the root CA changes, the relying parties must update their trusted 
+	  If the root CA changes, the relying parties must update their trusted
 	  root certificates accordingly. 
    
     
    A WebAuthn Authenticator attestation certificate must be revoked by the issuing CA
 	  if its key has been compromised. A WebAuthn Authenticator manufacturer may need to
@@ -1415,14 +1410,14 @@ 
    [FIDOMetadataService] provides an easy way to access such information. 
    
     
    6.6.3. Attestation Certificate Hierarchy
    
-    
    A 3 tier hierarchy for attestation certificates is recommended 
-	  (i.e., Attestation Root, Attestation Issuing CA, Attestation Certificate). 
+    
    A 3 tier hierarchy for attestation certificates is recommended
+	  (i.e., Attestation Root, Attestation Issuing CA, Attestation Certificate).
 	  It is also recommended that
 	  for each WebAuthn Authenticator device line (i.e., model), a separate issuing CA is used to help
 	  facilitate isolating problems with a specific version of a device. 
    
-    
    If the attestation root certificate is not dedicated 
+    
    If the attestation root certificate is not dedicated
 	  to a single WebAuthn Authenticator device line (i.e., AAGUID),
-	  the AAGUID must be specified either in the attestation certificate itself or 
+	  the AAGUID must be specified either in the attestation certificate itself or
 	  as an extension in the core.rawData. 
    
     
    7. WebAuthn Extensions
    
     
     The mechanism for generating scoped credentials, as well as requesting and
@@ -1439,7 +1434,7 @@ 
    7
     registration extensions and signature extensions. 
      
  •  Authenticator processing, and the authenticatorData structure, for signature extensions. 
     
-    
     When requesting an assertion for a scoped credential, an RP can list a set
+    
     When requesting an assertion for a scoped credential, an Relying Party can list a set
   of extensions to be used, if they are supported by the client and/or the
   authenticator. It sends the request parameters for each extension in the getAssertion() call (for signature extensions) or makeCredential() call (for registration extensions) to the client
   platform. The client platform performs additional processing for each
@@ -1468,14 +1463,14 @@ 
    
     
    7.3. Extending request parameters
    
-    
     An extension defines two request arguments. The client argument#webauthnassertion-client-argumentReferenced in:7.3. Extending request parameters is passed from the RP to the client in the getAssertion() or makeCredential() call, while the authenticator
+    
     An extension defines two request arguments. The client argument#webauthnassertion-client-argumentReferenced in:7.3. Extending request parameters is passed from the WebAuthn Relying Party to the client in the getAssertion() or makeCredential() call, while the authenticator
     argument is passed from the client to the authenticator during the
     processing of these calls. 
    
     
     Extension definitions MUST specify the valid values for their client
     argument. Clients are free to ignore extensions with an invalid client
     argument. Specifying an authenticator argument is optional, since some
     extensions may only affect client processing. 
    
-    
     An RP simultaneously requests the use of an extension and sets its client
+    
     A WebAuthn Relying Party simultaneously requests the use of an extension and sets its client
     argument by including an entry in the credentialExtensions or assertionExtensions dictionary
     parameters to the makeCredential() or getAssertion() call. The entry key MUST be the extension identifier, and the value
     MUST be the client argument. 
    
@@ -1506,8 +1501,8 @@ 
    <
     
    7.4. Extending client processing
    
     
     Extensions may define additional processing requirements on the client
     platform during the creation of credentials or the generation of an
-    assertion. In order for the RP to verify the processing took place, or if
-    the processing has a result value that the RP needs to be aware of, the
+    assertion. In order for the WebAuthn Relying Party to verify the processing took place, or if
+    the processing has a result value that the Relying Party needs to be aware of, the
     extension should specify a client data value to be included in the ClientData structure. 
    
     
     The value may be any value that can be encoded as a JSON value. If any
     extension processed by a client defines such a value, the client SHOULD
@@ -1530,8 +1525,8 @@ 
    
     
     The extension identifier is chosen as com.example.webauthn.geo.
     The client argument is the constant value true, since the
-    extension does not require the RP to pass any particular information to the
-    client, other than that it requests the use of the extension. The RP sets
+    extension does not require the WebAuthn Relying Party to pass any particular information to the
+    client, other than that it requests the use of the extension. The Relying Party sets
     this value in its request for an assertion: 
    
 
    var assertionPromise =
     credentials.getAssertion("SGFuIFNvbG8gc2hvdCBmaXJzdC4",
@@ -1626,7 +1621,7 @@ 
    typedef sequence < AAGUID > AuthenticatorSelectionList#typedefdef-webauthnassertion-authenticatorselectionlistReferenced in:8.2. Authenticator Selection Extension;
 
    
       
    Each AAGUID corresponds to an authenticator attestation that is
-      acceptable to the RP for this credential creation. The list is ordered by
+      acceptable to the Relying Party for this credential creation. The list is ordered by
       decreasing preference.
    
       
    An AAGUID is defined as a DOMString, and is the globally unique identifier
       of the authenticator attestation being sought.
    
@@ -1755,7 +1750,7 @@ 
    10. Sample scenarios
    
     
    This section is not normative.
    
     
    In this section, we walk through some events in the lifecycle of a scoped credential, along with the corresponding sample code for using this API. Note that this is an example flow, and does not limit the scope of how the API can be used.
    
-    
    As was the case in earlier sections, this flow focuses on a use case involving an external first-factor authenticator with its own display. One example of such an authenticator would be a smart phone. Other authenticator types are also supported by this API, subject to implementation by the platform. For instance, this flow also works without modification for the case of an authenticator that is embedded in the client platform. The flow also works for the case of an external authenticator without its own display (similar to a smart card) subject to specific implementation considerations. Specifically, the client platform needs to display any prompts that would otherwise be shown by the authenticator, and the authenticator needs to allow the client platform to enumerate all the authenticator’s credentials so that the client can have information to show appropriate prompts.
    
+    
    As was the case in earlier sections, this flow focuses on a use case involving an external first-factor authenticator with its own display. One example of such an authenticator would be a smart phone. Other authenticator types are also supported by this API, subject to implementation by the platform. For instance, this flow also works without modification for the case of an authenticator that is embedded in the client platform. The flow also works for the case of an external authenticator without its own display (similar to a smart card) subject to specific implementation considerations. Specifically, the client platform needs to display any prompts that would otherwise be shown by the authenticator, and the authenticator needs to allow the client platform to enumerate all the authenticator’s credentials so that the client can have information to show appropriate prompts.
    
     
    10.1. Registration
    
     
    This is the first time flow, when a new credential is created and registered with the server. 
    
     
      
@@ -1764,17 +1759,17 @@ 
      The client platform searches for and locates the external authenticator.
      
    1. The client platform connects to the external authenticator, performing any pairing actions if necessary.
      
    2. The external authenticator shows appropriate UI for the user to select the authenticator on which the new credential will be created, and obtains a biometric or other authorization gesture from the user.
-     
    3. The external authenticator returns a response to the client platform, which in turn returns a response to the RP script. If the user declined to select an authenticator or provide authorization, an appropriate error is returned.
+     
    4. The external authenticator returns a response to the client platform, which in turn returns a response to the Relying Party script. If the user declined to select an authenticator or provide authorization, an appropriate error is returned.
      
    5. 
       If a new credential was created, 
       
        
-       
      1. The RP script sends the newly generated public key to the server, along with additional information about public key such as attestation that it is held in trusted hardware.
+       
      2. The Relying Party script sends the newly generated public key to the server, along with additional information about public key such as attestation that it is held in trusted hardware.
        
      3. The server stores the public key in its database and associates it with the user as well as with the strength of authentication indicated by attestation, also storing a friendly name for later use.
        
      4. The script may store data such as the credential ID in local storage, to improve future UX by narrowing the choice of credential for the user.
       
      
     
    
     
    The sample code for generating and registering a new key follows:
    
-
    var webauthnAPI = window.webauthn;
+
    var webauthnAPI = window.webauthn;
 
 if (!webauthnAPI) { /* Platform not capable. Handle error. */ }
 
@@ -1786,7 +1781,7 @@ 
    
      
  • The user visits example.com, which serves up a script.
      
  • The script asks the client platform for a WebAuthn identity assertion, providing as much information as possible to narrow the choice of acceptable credentials for the user. This may be obtained from the data that was stored locally after registration, or by other means such as prompting the user for a username.
-     
  • The Relying Party script runs one of the code snippets below.
+     
  • The WebAuthn Relying Party script runs one of the code snippets below.
      
  • The client platform searches for and locates the external authenticator.
      
  • The client platform connects to the external authenticator, performing any pairing actions if necessary.
-     
  • The external authenticator presents the user with a notification that their attention is required. On opening the notification, the user is shown a friendly selection menu of acceptable credentials using the account information provided when creating the credentials, along with some information on the origin that is requesting these keys.
+     
  • The external authenticator presents the user with a notification that their attention is required. On opening the notification, the user is shown a friendly selection menu of acceptable credentials using the account information provided when creating the credentials, along with some information on the origin that is requesting these keys.
      
  • The authenticator obtains a biometric or other authorization gesture from the user.
-     
  • The external authenticator returns a response to the client platform, which in turn returns a response to the RP script. If the user declined to select a credential or provide an authorization, an appropriate error is returned.
+     
  • The external authenticator returns a response to the client platform, which in turn returns a response to the Relying Party script. If the user declined to select a credential or provide an authorization, an appropriate error is returned.
      
  • 
       If an assertion was successfully generated and returned, 
       
      
@@ -1883,7 +1878,7 @@ 
      User goes to server.example.net, authenticates and follows a link to report a lost/stolen device.
        
    1. Server returns a page showing the list of registered credentials with friendly names as configured during registration.
        
    2. User selects a credential and the server deletes it from its database.
-       
    3. In future, Relying Party script does not specify this credential in any list of acceptable credentials, and assertions signed by this credential are rejected.
+       
    4. In future, the WebAuthn Relying Partya> script does not specify this credential in any list of acceptable credentials, and assertions signed by this credential are rejected.
       
      
    5. 
        Possibility #2 — server deregisters the credential due to inactivity. 
@@ -1899,7 +1894,38 @@ 
      Sometime later, the server deregisters this credential due to inactivity.
       
     
-    
      11. Acknowledgements
      
+    
      11. Terminology
      
+    
      
+     
      
+      
      Attestation Certificate#webauthnassertion-attestation-certificateReferenced in:6.4.1.4. Packed attestation statement certificate requirements6.4.2.3. TPM attestation statement certificate requirements
      
+     
      
+      
      A X.509 Certificate for a keypair used by an Authenticator to attest to its manufacture and capabilities.
      
+     
      
+      
      Authenticator#webauthnassertion-authenticatorReferenced in:1. Use Cases3. WebAuthn Authenticator model5. Signature Format5.2. Authenticator data5.3. Generating a signature5.4. Client encoding of assertions6.1.2. Contextual Data6.1.3. Attestation Raw Data Types6.2. Attestation Statement6.4. Defined Attestation Raw Data Types6.4.1. Packed Attestation6.4.1.1. Attestation rawData (type="packed") (2)6.4.1.2.1. AAGUID Extension6.4.1.3. Signature6.4.3. Android Attestation6.4.3.3. Converting SafetyNet response to attestationStatement6.6.1. Privacy6.6.2. Attestation Certificate and Attestation Certificate CA Compromise10. Sample scenarios11. Terminology (2)
      
+     
      
+      
      The device used by the user agent to authenticate with the Relying Party. These can be Embedded Authenticators or External Authenticators.
      
+     
      
+      
      Client
      
+     
      
+      
      WebAuthn Client#webauthnassertion-webauthn-clientReferenced in:5. Signature Format6.1.2. Contextual Data
      
+     
      
+      
      See Conforming User Agent.
      
+     
      
+      
      Conforming User Agent#webauthnassertion-conforming-user-agentReferenced in:2. Conformance6.1.2. Contextual Data11. Terminology
      
+     
      
+      
      A user agent which implements algorithms given in this specification, and handles communication between the Authenticator and the WebAuthn Relying Party.
      
+     
      
+      
      eTLD+1#webauthnassertion-etld1Referenced in:4.1.1. Create a new credential (makeCredential() method)4.1.2. Use an existing credential (getAssertion() method)
      
+     
      
+      
      The effective top-level domain, plus the first label. Also known as a Registered Domain. See https://publicsuffix.org/.
      
+     
      
+      
      Relying Party
      
+     
      
+      
      WebAuthn Relying Party#webauthnassertion-webauthn-relying-partyReferenced in:1. Use Cases3. WebAuthn Authenticator model4.1.1. Create a new credential (makeCredential() method)4.2. ScopedCredentialInfo Interface4.3. User Account Information (dictionary Account)4.5.6. Key Attestation Statement (interface AttestationStatement)5. Signature Format5.4. Client encoding of assertions6.1.2. Contextual Data6.3. Client encoding of attestation statements6.3.2. AttestationHeader7.3. Extending request parameters7.4. Extending client processing7.6. Example extension10.2. Authentication10.3. Decommissioning11. Terminology
      
+     
      
+      
      The entity which needs to rely in the authentication provided by the WebAuthn specification. At the conclusion of the account creation, the Relying Party has the public key that was created by the Authenticator.
      
+    
      
+    
      12. Acknowledgements
      
     
      We would like to thank the following for their contributions to, and thorough review of, this specification: Jing Jin, Michael B. Jones, Rolf Lindemann.

    • @@ -1933,6 +1959,7 @@

    attribute for ScopedCredentialInfo, in §4
  • dfn for ScopedCredentialInfo, in §4.2 +
  • Attestation Certificate, in §11
  • attestationChallenge, in §4.1.1
  • AttestationCore, in §6.3.1
  • attestation data, in §6.1.2 @@ -1943,6 +1970,7 @@

    definition of, in §4.5.6
  • interface for WebAuthnAssertion, in §6.3 +
  • Authenticator, in §11
  • authenticator argument, in §7.3
  • authenticatorCancel, in §3.3 @@ -1964,6 +1992,7 @@

    attribute for AttestationHeader, in §6.3.2
  • dfn for AttestationHeader, in §6.3.2 +
  • Client, in §11
  • client argument, in §7.3
  • clientData @@ -1981,7 +2010,7 @@

    ClientData, in §5.1
  • clientDataJSON, in §5.1 -
  • conforming user agent, in §2 +
  • Conforming User Agent, in §11
  • content, in §8.1
  • contentType, in §8.1
  • @@ -2011,6 +2040,7 @@

    DOMException, in §2.1
  • Embedded authenticators, in §1 +
  • eTLD+1, in §11
  • extensions +
  • Relying Party, in §11 +
  • Relying Party Identifier, in §3
  • rpDisplayName