Merge pull request #1880 from w3c/credProps-displayNames

Add authenticatorDisplayName to credProps
w3c · Oct 11, 2023 · 28d90b2 · 28d90b2
2 parents 14eca3a + 8dd7190
commit 28d90b2
Showing 1 changed file with 30 additions and 3 deletions.
diff --git a/index.bs b/index.bs
@@ -1181,6 +1181,17 @@ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "S
             when the [=public key credential source=] was [=registration|registered=].
             Storing this in combination with the above [$credential record/attestationObject$] [=struct/item=]
             enables the [=[RP]=] to re-verify the [=attestation signature=] at a later time.
+
+        :   <dfn>authenticatorDisplayName</dfn>
+        ::  A [=human palatability|human-palatable=] description of the [=public key credential source=].
+
+            If used, the [=[RP]=] SHOULD use this to describe the [=credential record=] in the user's account settings.
+            The [=[RP]=] SHOULD allow the user to choose this value, and MAY allow the user to modify it at will.
+
+            The [=credProps|Credential Properties Extension=] defines the [=credential property=]
+            {{CredentialPropertiesOutput/authenticatorDisplayName}}
+            which, when available, MAY be offered as a default for this value.
+            The [=[RP]=] MAY also derive a default value from the authenticator's [=attestation statement=], if any.
     </dl>
 
     [=WebAuthn extensions=] MAY define additional [=struct/items=] needed to process the extension.
@@ -6768,9 +6779,6 @@ During a transition from the FIDO U2F JavaScript API, a [=[RP]=] may have a popu
 
 This [=client extension|client=] [=registration extension=] facilitates reporting certain [=credential properties=] known by the [=client=] to the requesting [=[WRP]=] upon creation of a [=public key credential source=] as a result of a [=registration ceremony=].
 
-At this time, one [=credential property=] is defined: the [=resident key credential property=]
-(i.e., [=client-side discoverable credential property=]).
-
 : Extension identifier
 :: `credProps`
 
@@ -6794,6 +6802,7 @@ At this time, one [=credential property=] is defined: the [=resident key credent
     <xmp class="idl">
     dictionary CredentialPropertiesOutput {
         boolean rk;
+        USVString authenticatorDisplayName;
     };
 
     partial dictionary AuthenticationExtensionsClientOutputs {
@@ -6812,6 +6821,24 @@ At this time, one [=credential property=] is defined: the [=resident key credent
             If {{rk}} is not present, it is not known whether the credential is a [=discoverable credential=] or a [=server-side credential=].
 
             Note: some [=authenticators=] create [=discoverable credentials=] even when not requested by the [=client platform=]. Because of this, [=client platforms=] may be forced to omit the {{rk}} property because they lack the assurance to be able to set it to [FALSE]. [=[RPS]=] should assume that, if the `credProps` extension is supported, then [=client platforms=] will endeavour to populate the {{rk}} property. Therefore a missing {{rk}} indicates that the created credential is most likely a [=non-discoverable credential=].
+
+        :   <dfn>authenticatorDisplayName</dfn>
+        ::  This OPTIONAL property is a [=human palatability|human-palatable=] description of the credential's [=managing authenticator=],
+            chosen by the user.
+
+            The [=client=] MUST allow the user to choose this value,
+            MAY or MAY not present that choice during [=registration ceremonies=],
+            and MAY reuse the same value for multiple credentials with the same [=managing authenticator=] across multiple [=[RPS]=].
+
+            The [=client=] MAY query the [=authenticator=], by some unspecified mechanism, for this value.
+            The [=authenticator=] MAY allow the user to configure the response to such a query.
+            The [=authenticator=] vendor MAY provide a default response to such a query.
+            The [=client=] MAY consider a user-configured response chosen by the user,
+            and SHOULD allow the user to modify a vendor-provided default response.
+
+            If the [=[RP]=] includes an <code>[$credential record/authenticatorDisplayName$]</code> [=struct/item=] in [=credential records=],
+            the [=[RP]=] MAY offer this value, if present,
+            as a default value for the <code>[$credential record/authenticatorDisplayName$]</code> of the new [=credential record=].
     </div>