refine extension terminology

[equalsJeffH]

the spec presently does not define appropriate terms for naming the different subclasses of extensions. some possible terms:

• authenticator-produced extension
• webauthn relying party-requested extension
• assertion extension (nee signature extension)
• attestation extension
• client extension

[vijaybh]

Jeff, do you agree that fixing #131 would fix this issue, now that we don't have unprompted extensions any more?

[equalsJeffH]

hm... I don't think #131 will address this issue in its entirety because there are undefined terms re extensions other than "registration extension" and "authentication extension". Even given unprompted extensions having gone away ( upon merge of PR #130 ), we still arguably have notions of...

• client+authnr-processed extension
• client-processed extension
• authnr-processed extension

..it seems, though I haven't gone thru the spec here to see if such terms would actually be used. I'm thinking we ought to polish-up the extensions language througout sections https://w3c.github.io/webauthn/#extensions and https://w3c.github.io/webauthn/#extension-predef, see what terms are necessary to explain things and go from there.. ?

[vijaybh]

Sure, let's do that as part of our editorial polishing.

[selfissued]

I agree that the extensions language does not yet clearly enough differentiate the three cases. In too many places, the language assumes processing by both the client and the authenticator, when only one may be required.

[selfissued]

PR #389 added defined terms for all of these things (and more). See [=registration extension=], [=authentication extension=], [=client extension=], and [=authenticator extension=], for starters.