webauthn icon indicating copy to clipboard operation
webauthn copied to clipboard

Published 20 hours ago verified publisher icon w3c

Minor cleanups from PR 1270 review

Open emlun opened this issue 5 years ago • 4 comments

Unresolved discussions from https://github.com/w3c/webauthn/pull/1270#pullrequestreview-283764559 :

  • https://github.com/w3c/webauthn/pull/1270#discussion_r320888115

    @equalsJeffH: I'm thinking we ought to formalize the term "re-authentication" ( "re-auth" for short -- see also issue #334) and use it instead of "repeated [=authentication=]"

  • https://github.com/w3c/webauthn/pull/1270#discussion_r320890039

    @equalsJeffH: for "authn on device for first time" -- #334 uses term "bootstrap" (goog folks r partial to that term) some folks use the term "introduction" for it... @emlun: I feel like that would require a proper definition of "bootstrap", and I'm not sure we'd use the term enough for it to be worth it. What do you think?

  • https://github.com/w3c/webauthn/pull/1270#discussion_r320890970

    @equalsJeffH: I wonder about this term "first-factor" and whether we ought to really be using "multi-factor" instead...

  • https://github.com/w3c/webauthn/pull/1270#discussion_r320897736

    @equalsJeffH: s/ time / time (i.e., "bootstrapping" the [=client device=]) / ...?

emlun avatar Sep 04 '19 19:09 emlun

this is a very minor nice-to-have issue, can be addressed in a milestone later than wd-03 or not at all.

equalsJeffH avatar Jul 01 '20 17:07 equalsJeffH

@emlun To look to see if this is still in play

nadalin avatar Sep 30 '20 19:09 nadalin

Okay, here goes... :slightly_smiling_face:

@equalsJeffH: I'm thinking we ought to formalize the term "re-authentication" ( "re-auth" for short -- see also issue #334) and use it instead of "repeated [=authentication=]"

I'm not sure it's worth introducing a formal term for this, I think it's clear enough without it.

@equalsJeffH: for "authn on device for first time" -- #334 uses term "bootstrap" (goog folks r partial to that term) some folks use the term "introduction" for it... @emlun: I feel like that would require a proper definition of "bootstrap", and I'm not sure we'd use the term enough for it to be worth it. What do you think?

Same here, I think "first time" is clear enough without needing to introduce a formal term.

@equalsJeffH: I wonder about this term "first-factor" and whether we ought to really be using "multi-factor" instead...

This one I think might still be relevant. "Multi-factor" would technically be more accurate, but on the other hand "first-factor" highlights that it can be used as the first step of an authentication procedure. I'm not sure if there's one that's clearly "better" than the other.

@equalsJeffH: s/ time / time (i.e., "bootstrapping" the [=client device=]) / ...?

This seems unnecessary to me as it doesn't really say anything new. Maybe if we were using "bootstrap" elsewhere in the spec, to tie them together, but we currently don't.

@equalsJeffH thoughs on that?

emlun avatar Oct 07 '20 13:10 emlun

thx for your thoughts @emlun, ISTM this is a nice-to-have and puntable to a later spec version, or not at all.

equalsJeffH avatar Oct 13 '20 23:10 equalsJeffH