Add [credential record/authenticatorDisplayName] handling to RP opera…

…tions

index.bs

@@ -1187,7 +1187,7 @@ BCP 14 [[!RFC2119]] [[!RFC8174]] when, and only when, they appear in all capital
             The [=credProps|Credential Properties Extension=] defines the [=credential property=]
             {{CredentialPropertiesOutput/authenticatorDisplayName}}
             which, when available, MAY be offered as a default for this value.
-            The [=[RP]=] MAY also derive a default value from the authenticator's [=attestation statement=], if any.
+            The [=[RP]=] MAY alternatively derive a default value from the authenticator's [=attestation statement=], if any.
     </dl>
 
     [=WebAuthn extensions=] MAY define additional [=struct/items=] needed to process the extension.
@@ -6076,6 +6076,14 @@ a numbered step. If outdented, it (today) is rendered as a bullet in the midst o
 
             :   [$credential record/attestationClientDataJSON$]
             ::  <code>|response|.{{AuthenticatorResponse/clientDataJSON}}</code>.
+
+            :   [$credential record/authenticatorDisplayName$]
+            ::  A [=human-palatable=] description of the [=public key credential source=].
+                This SHOULD be chosen by the user.
+
+                If <code>|clientExtensionResults|.{{AuthenticationExtensionsClientOutputs/credProps}}.{{CredentialPropertiesOutput/authenticatorDisplayName}}</code> is present,
+                then its value MAY be offered as a default for this value.
+                The [=[RP]=] MAY alternatively derive a default value from the authenticator's [=attestation statement=], if any.
         </dl>
     </li>
 
@@ -6260,6 +6268,11 @@ a numbered step. If outdented, it (today) is rendered as a bullet in the midst o
                 update it to the value of the [=authData/flags/UV=] bit in the [=flags=] in |authData|.
                 This change SHOULD require authorization by an additional [=authentication factor=] equivalent to WebAuthn [=user verification=];
                 if not authorized, skip this step.
+            1. If <code>|credentialRecord|.[$credential record/authenticatorDisplayName$]</code> is used,
+                and <code>|clientExtensionResults|.{{AuthenticationExtensionsClientOutputs/credProps}}.{{CredentialPropertiesOutput/authenticatorDisplayName}}</code>
+                is present and not equal to <code>|credentialRecord|.[$credential record/authenticatorDisplayName$]</code>,
+                then OPTIONALLY offer the user to update <code>|credentialRecord|.[$credential record/authenticatorDisplayName$]</code>
+                to the value of <code>|clientExtensionResults|.{{AuthenticationExtensionsClientOutputs/credProps}}.{{CredentialPropertiesOutput/authenticatorDisplayName}}</code>.
 
         If the [=[RP]=] performs additional security checks beyond these WebAuthn [=authentication ceremony=] steps,
         the above state updates SHOULD be deferred to after those additional checks are completed successfully.