Document needs scoping and positioning the profile at the start

[sbweeden]

The document should suggest at the beginning that this is one profile (not the only way) to deploy FIDO2 for consumer use cases. It is perfectly valid for there to be alternatives to this proposal, or for deployers to make alternative choices to what this profile suggests. This should lead to comments and PRs on this document focusing on the reasoning behind the decisions made in this profile rather than attempts to change or soften the approach and choices made within it (e.g. whether or not to use attestation, etc).

[maxhata]

Understanding WebAuthn's complexity for deployment, the "profile" concept might be a reasonable approach.
If that is the case, we have to position it appropriately in the document.

Let's run a hypothetical exercise using attestation as an example.
How much do we talk about it in the positioning section?
One example is such a note that I proposed, #23

In terms of attestation, if we "recommend" not to specify, our target RPs will not be all the consumer facing RPs.
For many RPs who provide services for consumers, attestation is very important. Such RPs include not only banks but also many other types of RPs. So we have to target the audience appropriately and "consumer" will not be the right terminology.

[keikoit]

I agree both with you. Currently this document seems to imply that this is the only way to FIDO.
I understood this is one profile example, in the other hand we should consider/identify our position as FIDO alliance, such as should be support attestation or not.