From 291406954d31e03d95ff4e408748b5a3ba64e358 Mon Sep 17 00:00:00 2001
From: Emil Lundberg <emil@yubico.com>
Date: Tue, 19 Mar 2024 21:49:11 +0100
Subject: [PATCH 01/10] Reword to "Any get() operation can be aborted" to match
 create()

---
 index.bs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/index.bs b/index.bs
index 24a37dfd5..3a313c289 100644
--- a/index.bs
+++ b/index.bs
@@ -2253,7 +2253,7 @@ script SHOULD first check that {{PublicKeyCredential/isConditionalMediationAvail
 the possibility of causing a user-visible error to be returned if the user agent does not support
 {{CredentialMediationRequirement/conditional}} [=user mediation=].
 
-This
+Any
 {{CredentialsContainer/get()|navigator.credentials.get()}} operation can be aborted by leveraging the {{AbortController}};
 see [[dom#abortcontroller-api-integration]] for detailed instructions.
 

From 39340c298192e2e398e6f698355c87d647432c6d Mon Sep 17 00:00:00 2001
From: Emil Lundberg <emil@yubico.com>
Date: Tue, 19 Mar 2024 21:50:46 +0100
Subject: [PATCH 02/10] Rephrase recommendation to check conditionalCreate to
 be shorter

---
 index.bs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/index.bs b/index.bs
index 3a313c289..377d51610 100644
--- a/index.bs
+++ b/index.bs
@@ -1742,7 +1742,7 @@ options, sameOriginWithAncestors)</dfn> [=internal method=] [[!CREDENTIAL-MANAGE
 
 By setting <code>|options|.{{CredentialCreationOptions/mediation}}</code> to {{CredentialMediationRequirement/conditional}},
 [=[RPS]=] can indicate that they would like to register a credential without prominent modal UI if user has already consented to create a credential. The [=[RP]=] SHOULD first check that {{ClientCapability/conditionalCreate}} is present
-in the result of {{PublicKeyCredential/getClientCapabilities()}} in order to avoid the possibility of causing a user-visible error to be returned if the user agent does
+in the result of {{PublicKeyCredential/getClientCapabilities()}} in order to prevent a user-visible error if the user agent does
 not support {{CredentialMediationRequirement/conditional}} [=user mediation=] for {{CredentialsContainer/create()|navigator.credentials.create()}}.
 
 Any {{CredentialsContainer/create()|navigator.credentials.create()}} operation can be aborted by leveraging the {{AbortController}};

From 910d42f396327e37166350d23c8c51137e7bb196 Mon Sep 17 00:00:00 2001
From: Emil Lundberg <emil@yubico.com>
Date: Tue, 19 Mar 2024 22:00:37 +0100
Subject: [PATCH 03/10] Mention conditionalCreate in
 isConditionalMediationAvailable()

---
 index.bs | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/index.bs b/index.bs
index 377d51610..83ffd8384 100644
--- a/index.bs
+++ b/index.bs
@@ -1594,6 +1594,11 @@ that are returned to the caller when a new credential is created, or a new asser
         Note: If this method is not present, {{CredentialMediationRequirement/conditional}} [=user mediation=] is not available for
         {{CredentialsContainer/get()|navigator.credentials.get()}}.
 
+        Note: This method does _not_ indicate
+        whether or not {{CredentialMediationRequirement/conditional}} [=user mediation=] is available
+        in {{CredentialsContainer/create()|navigator.credentials.create()}}.
+        For that, see the {{ClientCapability/conditionalCreate}} capability in {{PublicKeyCredential/getClientCapabilities()}}.
+
     :   {{PublicKeyCredential/toJSON()}}
     ::  This operation returns {{RegistrationResponseJSON}} or {{AuthenticationResponseJSON}},
         which are [=JSON type=] representations mirroring {{PublicKeyCredential}}, suitable for submission to a

From 44783e942b8674d33340b6946d910d4f715a606a Mon Sep 17 00:00:00 2001
From: Emil Lundberg <emil@yubico.com>
Date: Tue, 19 Mar 2024 22:21:03 +0100
Subject: [PATCH 04/10] Rephrase recommendation to check conditional mediation
 capabilities

---
 index.bs | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/index.bs b/index.bs
index 83ffd8384..903025d7d 100644
--- a/index.bs
+++ b/index.bs
@@ -1746,9 +1746,10 @@ options, sameOriginWithAncestors)</dfn> [=internal method=] [[!CREDENTIAL-MANAGE
 [=public key credential source=], [=bound credential|bound=] to an [=authenticator=].
 
 By setting <code>|options|.{{CredentialCreationOptions/mediation}}</code> to {{CredentialMediationRequirement/conditional}},
-[=[RPS]=] can indicate that they would like to register a credential without prominent modal UI if user has already consented to create a credential. The [=[RP]=] SHOULD first check that {{ClientCapability/conditionalCreate}} is present
-in the result of {{PublicKeyCredential/getClientCapabilities()}} in order to prevent a user-visible error if the user agent does
-not support {{CredentialMediationRequirement/conditional}} [=user mediation=] for {{CredentialsContainer/create()|navigator.credentials.create()}}.
+[=[RPS]=] can indicate that they would like to register a credential without prominent modal UI if user has already consented to create a credential.
+The [=[RP]=] SHOULD first use {{PublicKeyCredential/getClientCapabilities()}}
+to check that the [=client=] supports the {{ClientCapability/conditionalCreate}} capability
+in order to prevent a user-visible error in case this feature is not available.
 
 Any {{CredentialsContainer/create()|navigator.credentials.create()}} operation can be aborted by leveraging the {{AbortController}};
 see [[dom#abortcontroller-api-integration]] for detailed instructions.
@@ -2253,10 +2254,11 @@ for="PublicKeyCredential" method>\[[CollectFromCredentialStore]](origin, options
 {{Credential/[[CollectFromCredentialStore]]()|Credential.[[CollectFromCredentialStore]]()}}, of returning an empty set.
 
 In general, the user agent SHOULD show some UI to the user to guide them in selecting and authorizing an authenticator with which
-to complete the operation. By setting <code>|options|.{{CredentialRequestOptions/mediation}}</code> to {{CredentialMediationRequirement/conditional}}, [=[RPS]=] can indicate that a prominent modal UI should <i>not</i> be shown <i>unless</i> credentials are discovered. [=[RP]=]
-script SHOULD first check that {{PublicKeyCredential/isConditionalMediationAvailable()}} returns [TRUE] in order to avoid
-the possibility of causing a user-visible error to be returned if the user agent does not support
-{{CredentialMediationRequirement/conditional}} [=user mediation=].
+to complete the operation. By setting <code>|options|.{{CredentialRequestOptions/mediation}}</code> to {{CredentialMediationRequirement/conditional}}, [=[RPS]=] can indicate that a prominent modal UI should <i>not</i> be shown <i>unless</i> credentials are discovered.
+The [=[RP]=] SHOULD first use {{PublicKeyCredential/isConditionalMediationAvailable()}}
+or {{PublicKeyCredential/getClientCapabilities()}}
+to check that the [=client=] supports the {{ClientCapability/conditionalMediation}} capability
+in order to prevent a user-visible error in case this feature is not available.
 
 Any
 {{CredentialsContainer/get()|navigator.credentials.get()}} operation can be aborted by leveraging the {{AbortController}};

From 38ba815eac118a88544a10398ed66d60f6688990 Mon Sep 17 00:00:00 2001
From: Emil Lundberg <emil@yubico.com>
Date: Tue, 19 Mar 2024 22:22:43 +0100
Subject: [PATCH 05/10] Link to create()/get() from conditionalCreate/Mediation
 capabilities

---
 index.bs | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/index.bs b/index.bs
index 903025d7d..cb87f0eb2 100644
--- a/index.bs
+++ b/index.bs
@@ -4005,9 +4005,13 @@ Note: The {{ClientCapability}} enumeration is deliberately not referenced, see [
     :   <dfn>conditionalCreate</dfn>
     ::  The [=WebAuthn Client=] is capable of a {{CredentialMediationRequirement/conditional}} credential creation operation.
 
+        See [[#sctn-createCredential]] for more details.
+
     :   <dfn>conditionalMediation</dfn>
     ::  The [=WebAuthn Client=] is capable of {{CredentialMediationRequirement/conditional}} mediation.
 
+        See [[#sctn-getAssertion]] for more details.
+
     :   <dfn>hybridTransport</dfn>
     ::  The [=WebAuthn Client=] supports usage of the {{AuthenticatorTransport/hybrid}} transport.
 

From 24912f7d616a6e88fc9c9f7b433e64b389727248 Mon Sep 17 00:00:00 2001
From: Emil Lundberg <emil@yubico.com>
Date: Tue, 19 Mar 2024 22:23:51 +0100
Subject: [PATCH 06/10] Phrase conditionalCreate/Mediation descriptions the
 same

---
 index.bs | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/index.bs b/index.bs
index cb87f0eb2..ebcbb569b 100644
--- a/index.bs
+++ b/index.bs
@@ -4003,12 +4003,14 @@ Note: The {{ClientCapability}} enumeration is deliberately not referenced, see [
 
 <div dfn-type="enum-value" dfn-for="ClientCapability">
     :   <dfn>conditionalCreate</dfn>
-    ::  The [=WebAuthn Client=] is capable of a {{CredentialMediationRequirement/conditional}} credential creation operation.
+    ::  The [=WebAuthn Client=] is capable of {{CredentialMediationRequirement/conditional}} mediation
+        in {{CredentialsContainer/create()|navigator.credentials.create()}}.
 
         See [[#sctn-createCredential]] for more details.
 
     :   <dfn>conditionalMediation</dfn>
-    ::  The [=WebAuthn Client=] is capable of {{CredentialMediationRequirement/conditional}} mediation.
+    ::  The [=WebAuthn Client=] is capable of {{CredentialMediationRequirement/conditional}} mediation
+        in {{CredentialsContainer/get()|navigator.credentials.get()}}.
 
         See [[#sctn-getAssertion]] for more details.
 

From c6dbab419c12dc4d17c2b5597995bbbd5162d32f Mon Sep 17 00:00:00 2001
From: Emil Lundberg <emil@yubico.com>
Date: Tue, 19 Mar 2024 22:24:11 +0100
Subject: [PATCH 07/10] Point out that isCMA() is equivalent to
 conditionalMediation

---
 index.bs | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/index.bs b/index.bs
index ebcbb569b..d5e414de9 100644
--- a/index.bs
+++ b/index.bs
@@ -1591,6 +1591,8 @@ that are returned to the caller when a new credential is created, or a new asser
 
         This method has no arguments and returns a promise to a Boolean value.
 
+        The {{ClientCapability/conditionalMediation}} capability is equivalent to this promise resolving to [TRUE].
+
         Note: If this method is not present, {{CredentialMediationRequirement/conditional}} [=user mediation=] is not available for
         {{CredentialsContainer/get()|navigator.credentials.get()}}.
 
@@ -4012,6 +4014,8 @@ Note: The {{ClientCapability}} enumeration is deliberately not referenced, see [
     ::  The [=WebAuthn Client=] is capable of {{CredentialMediationRequirement/conditional}} mediation
         in {{CredentialsContainer/get()|navigator.credentials.get()}}.
 
+        This capability is equivalent to {{PublicKeyCredential/isConditionalMediationAvailable()}} returning [TRUE].
+
         See [[#sctn-getAssertion]] for more details.
 
     :   <dfn>hybridTransport</dfn>

From 1df325885582da74f580a4276fc171a707fc655d Mon Sep 17 00:00:00 2001
From: Emil Lundberg <emil@yubico.com>
Date: Tue, 19 Mar 2024 22:24:40 +0100
Subject: [PATCH 08/10] Link to getClientCapabilities() from enum
 ClientCapability

---
 index.bs | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/index.bs b/index.bs
index d5e414de9..b807bb3b4 100644
--- a/index.bs
+++ b/index.bs
@@ -4001,6 +4001,9 @@ Note: The {{UserVerificationRequirement}} enumeration is deliberately not refere
 
 This enumeration defines a limited set of client capabilities which a [=[WRP]=] may evaluate to offer certain workflows and experiences to users.
 
+[=[RPS]=] may use the {{PublicKeyCredential/getClientCapabilities()}} method of {{PublicKeyCredential}}
+to obtain a description of available capabilities.
+
 Note: The {{ClientCapability}} enumeration is deliberately not referenced, see [[#sct-domstring-backwards-compatibility]].
 
 <div dfn-type="enum-value" dfn-for="ClientCapability">

From 0ba20ab410ba23a28c62790dced73299c49d7ca8 Mon Sep 17 00:00:00 2001
From: Emil Lundberg <emil@yubico.com>
Date: Mon, 1 Jul 2024 16:26:46 +0200
Subject: [PATCH 09/10] Fix review comment

Co-authored-by: Matthew Miller <mmiller@duosecurity.com>
---
 index.bs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/index.bs b/index.bs
index 39c286b20..4309c3237 100644
--- a/index.bs
+++ b/index.bs
@@ -1745,7 +1745,7 @@ options, sameOriginWithAncestors)</dfn> [=internal method=] [[!CREDENTIAL-MANAGE
 [=public key credential source=], [=bound credential|bound=] to an [=authenticator=].
 
 By setting <code>|options|.{{CredentialCreationOptions/mediation}}</code> to {{CredentialMediationRequirement/conditional}},
-[=[RPS]=] can indicate that they would like to register a credential without prominent modal UI if user has already consented to create a credential.
+[=[RPS]=] can indicate that they would like to register a credential without prominent modal UI if the user has already consented to create a credential.
 The [=[RP]=] SHOULD first use {{PublicKeyCredential/getClientCapabilities()}}
 to check that the [=client=] supports the {{ClientCapability/conditionalCreate}} capability
 in order to prevent a user-visible error in case this feature is not available.

From bf60b7a0b330eccbc83adb0986d01088870b2208 Mon Sep 17 00:00:00 2001
From: Emil Lundberg <emil@yubico.com>
Date: Wed, 17 Jul 2024 13:06:14 +0200
Subject: [PATCH 10/10] Fix review comment

---
 index.bs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/index.bs b/index.bs
index 4309c3237..7f445ba5a 100644
--- a/index.bs
+++ b/index.bs
@@ -4027,7 +4027,7 @@ Note: The {{ClientCapability}} enumeration is deliberately not referenced, see [
     :   <dfn>conditionalGet</dfn>
     ::  The [=WebAuthn Client=] is capable of {{CredentialMediationRequirement/conditional}} mediation for [=authentication ceremonies=].
 
-        This capability is equivalent to {{PublicKeyCredential/isConditionalMediationAvailable()}} returning [TRUE].
+        This capability is equivalent to {{PublicKeyCredential/isConditionalMediationAvailable()}} resolving to [TRUE].
 
         See [[#sctn-getAssertion]] for more details.