From 7687a40fe85e7c69e1509cadae170c3a9e8baa3d Mon Sep 17 00:00:00 2001 From: Nina Satragno Date: Wed, 14 Aug 2024 16:26:01 -0400 Subject: [PATCH] Apply suggestions from code review Co-authored-by: Tim Cappalli --- index.bs | 23 +++++++++++------------ 1 file changed, 11 insertions(+), 12 deletions(-) diff --git a/index.bs b/index.bs index 652a6e534..0e61497b8 100644 --- a/index.bs +++ b/index.bs @@ -3068,11 +3068,11 @@ value and terminate the operation. }; -[=[WRPS]=] may use these signal methods to signal [=authenticators=] -the state of [=public key credentials=], so that incorrect or revoked +[=[WRPS]=] may use these signal methods to inform [=authenticators=] +of the state of [=public key credentials=], so that incorrect or revoked credentials may be updated, removed, or hidden. [=Clients=] provide this functionality opportunistically, since an authenticator may not support updating -its [=credentials map=] or it may not be attached at the time the request is +its [=credentials map=] or may not be attached at the time the request is made. Furthermore, in order to avoid revealing information about a user's credentials without [=user consent=], [=signal methods=] do not indicate whether the operation succeeded. A successfully resolved promise only means that the @@ -3090,10 +3090,10 @@ In cases where an [=authenticator=] does not have the capability to process an infrastructure such as [[!FIDO-CTAP]]'s `authenticatorCredentialManagement` command to achieve an equivalent effect. -Note: [=Signal methods=] intentionally do not wait for the [=authenticators=] to -finish executing the [=signal method/authenticator actions=] to protect users +Note: [=Signal methods=] intentionally avoid waiting for [=authenticators=] to +complete executing the [=signal method/authenticator actions=]. This measure protects users from [=[WRPS]=] gaining information about availability of their credentials -without [=user consent=] from the timing of the request. +without [=user consent=] based on the timing of the request. #### Asynchronous RP ID validation algorithm #### {#sctn-signal-methods-async-rp-id-validation} @@ -3120,9 +3120,8 @@ and returns a promise that rejects if the validation fails. The steps are: #### {{PublicKeyCredential/signalUnknownCredential(options)}} #### {#sctn-signalUnknownCredential} -Signals that a [=credential id=] was not recognized by the [=[WRP]=], e.g. -because it was deleted by the user. Unlike -{{PublicKeyCredential/signalAllAcceptedCredentials(options)}}, this +The {{PublicKeyCredential/signalUnknownCredential(options)|signalUnknownCredential}} method signals that a [=credential id=] was not recognized by the [=[WRP]=], +e.g. because it was deleted by the user. Unlike {{PublicKeyCredential/signalAllAcceptedCredentials(options)}}, this method does not require passing the entire list of accepted [=credential IDs=] and the [=userHandle=], avoiding a privacy leak to an unauthenticated caller (see [[#sctn-credential-id-privacy-leak]]). @@ -3264,15 +3263,15 @@ ID=] were accidentally omitted, the [=relying party=] should immediately include it in {{PublicKeyCredential/signalAllAcceptedCredentials(options)}} as soon as possible to "unhide" it, if supported by the [=authenticator=]. -Note: [=Authenticators=] should prefer hiding [=public key credentials=] instead +Note: [=Authenticators=] should prefer hiding [=public key credentials=] for a period of time instead of permanently removing them whenever possible to aid recovery if a [=[WRP]=] accidentally omits valid [=credential IDs=] from {{AllAcceptedCredentialsOptions/allAcceptedCredentialIds}}. #### {{PublicKeyCredential/signalCurrentUserDetails(options)}} #### {#sctn-signalCurrentUserDetails} -Signals the user's current {{PublicKeyCredentialEntity/name}} and -{{PublicKeyCredentialUserEntity/displayName}}. +The {{PublicKeyCredential/signalCurrentUserDetails(options)|signalCurrentUserDetails}} method signals the user's +current {{PublicKeyCredentialEntity/name}} and {{PublicKeyCredentialUserEntity/displayName}}. Upon invocation of {{PublicKeyCredential/signalCurrentUserDetails(options)}}, the [=client=] executes these steps: