Remove authenticatorDisplayName from L3

[timcappalli]

Discussed at TPAC as well as the 2024-10-23 call.

• Remove authenticatorDisplayName from credProps for Level 3
• Address the use case in Level 4 via Add AAGUID to credProps #2157

Relevant Issues and PRs:

• Add [credential record/authenticatorDisplayName] handling to RP operations #2163
• Add authenticatorDisplayName to credProps #1880
• Add authenticatorDisplayName to Step 27 and Step 23 of the registration and authentication ceremonies respectively #2156
• Disambiguate "this value" in authenticatorDisplayName description #2005

[emlun]

2024-10-30 WG call: We've been talking about keeping credential record/authenticatorDisplayName even after deleting credProps.authenticatorDisplayName, with the motivation that it's good practice to have some kind of "nickname" for credentials. On the call it was pointed out that this is a bit odd, as this is not necessary for the protocol to work, so it seems strange to specify it so explicitly - if anything, an informative note should suffice. @emlun to open a PR to drop credential record/authenticatorDisplayName to see what the WG thinks (the 2024-10-30 call had low attendance).

[zacknewman]

On the call it was pointed out that this is a bit odd, as this is not necessary for the protocol to work, so it seems strange to specify it so explicitly - if anything, an informative note should suffice.

To be fair, it's listed in the OPTIONAL items section; so I don't think it's "odd" at all. That same argument would suggest that the other OPTIONAL items should be removed too since they are also "not necessary for the protocol to work" in terms of storing the data. One would have to add another condition like "the data must already exist in some way" (e.g., attestationObject) or is necessary for the protocol to work.

If it's retained, then a decision would have to be made on whether it's dynamic or not. Currently in the authentication section it's allowed to change but only via the credProps extension which will no longer have it. Either that will have to be changed to reference some unnamed way for an RP to change it or it's a static value only set during registration.

[emlun]

Currently in the authentication section it's allowed to change but only via the credProps extension which will no longer have it.

Hm. That step was never intended to imply that it is the only allowed way to change a credential nickname. This suggests even more strongly to me that we should just delete credential record/authenticatorDisplayName altogether, and if anything just hint vaguely at the idea of allowing users to set a credential nickname.

[zacknewman]

I think that was more of an oversight as the registration ceremony only mentions credProps as a possible additional mechanism to set authenticatorDisplayName. The authentication section should have been written similarly. Regardless, I don't care enough about this; so if people want it removed, then so be it.