Clarify distinction between PublicKeyCredentialUserEntity name and displayName

index.bs

@@ -2784,7 +2784,7 @@ Note: Invoking this method from a [=browsing context=] where the [=Web Authentic
 <div link-for-hint="WebAuthentication/isPasskeyPlatformAuthenticatorAvailable">
 
 [=[WRPS]=] use this method to determine whether they can create a new [=passkey=] using a [=user-verifying platform authenticator=] or a {{AuthenticatorTransport/hybrid}} authenticator.
-Upon invocation, the [=client=] employs a [=client platform=]-specific procedure to discover available [=user-verifying platform authenticators=] and the 
+Upon invocation, the [=client=] employs a [=client platform=]-specific procedure to discover available [=user-verifying platform authenticators=] and the
 availability of {{AuthenticatorTransport/hybrid}} transport.
 If one or both are discovered, the promise is resolved with the value of [TRUE].
 If neither is discovered, the promise is resolved with the value of [FALSE].
@@ -3183,10 +3183,14 @@ associated with or [=scoped=] to, respectively.
                 on {{PublicKeyCredentialEntity/name}}'s value prior to displaying the value to the user or
                 including the value as a parameter of the [=authenticatorMakeCredential=] operation.
 
-          - When inherited by {{PublicKeyCredentialUserEntity}}, it is a [=human palatability|human-palatable=] identifier for a
-            [=user account=]. It is intended only for display, i.e., aiding the user in determining the difference between user
-            accounts with similar {{PublicKeyCredentialUserEntity/displayName}}s. For example, "alexm", "alex.mueller@example.com"
-            or "+14255551234".
+          - When inherited by {{PublicKeyCredentialUserEntity}}, it is a
+            [=human palatability|human-palatable=] identifier for a [=user account=]. This
+            identifier is the primary value displayed to users by [=Clients=] to help users
+            understand with which [=user account=] a credential is associated.
+
+            Examples of suitable values for this identifier include, "alexm", "+14255551234",
+            "alex.mueller@example.com", "alex.mueller@example.com (prod-env)",
+            or "alex.mueller@example.com (ОАО Примертех)".
 
               - The [=[RP]=] MAY let the user choose this value. The [=[RP]=] SHOULD perform enforcement,
                 as prescribed in Section 3.4.3 of [[!RFC8265]] for the UsernameCasePreserved Profile of the PRECIS
@@ -3254,8 +3258,12 @@ credential.
         with more than one [=user account=] at the [=[RP]=].
 
     :   <dfn>displayName</dfn>
-    ::  A [=human palatability|human-palatable=] name for the [=user account=], intended only for display. For example, "Alex Müller" or "田中倫". The
-        [=[RP]=] SHOULD let the user choose this, and SHOULD NOT restrict the choice more than necessary.
+    ::  A [=human palatability|human-palatable=] name for the [=user account=], intended only for
+        display. The [=[RP]=] SHOULD let the user choose this, and SHOULD NOT restrict the choice
+        more than necessary. If no suitable or [=human palatability|human-palatable=] name is
+        available, the [=[RP]=] SHOULD set this value to an empty string.
+
+        Examples of suitable values for this identifier include, "Alex Müller", "Alex Müller (ACME Co.)" or "田中倫".
 
         - [=[RPS]=] SHOULD perform enforcement, as prescribed in Section 2.3 of
             [[!RFC8266]] for the Nickname Profile of the PRECIS FreeformClass [[!RFC8264]],