Emil Lundberg

For RP logos I think it's much more likely that RPs will sett `rp.icon` to a dynamic `https:` URL rather than a static `data:` URL since you can't fit much...

> fetching URL from the remote source (https) happens at the time of registration once and then such fetched icon is stored in the authenticator That behaviour is not mandated...

@ptman If you create a new credential with the same `rp.id` and `user.id` it will overwrite the existing one in authenticator storage, but you'll get a new credential ID and...

Closing as superseded by #1779, let's continue any further discussion there.

Removed from OP: ``` - client - client device - client platform Device - computing device - user's computing device - see also 'client device' platform-specific // i.e., the term...

Ticked items: - external authenticator (to be defined in conjunction with roaming authnr) - first factor - as in "first-factor authenticator" aka one that is actually multi-factor because it is...

Added to OP: - user See #1162

> user presence and interaction is a really core part of how these devices work Yes and no. At least CTAP2 actually can perform `getAssertion` without user presence (also called...

Initial post prompted by [this comment](https://github.com/w3c/webauthn/issues/1565#issuecomment-875230640) in #1565.

Agreed. I don't expect to fully de-duplicate all of the above terms, but maybe at least reduce the frequency of some of the duplicates and keep them more contained around...