Token Binding ID: JWK -> opaque (#164)

Fixes #163

index.bs

@@ -689,7 +689,7 @@ string-valued keys. Values may be any type that has a valid encoding in JSON. It
         required DOMString           origin;
         required DOMString           rpId;
         required AlgorithmIdentifier hashAlg;
-        JsonWebKey                   tokenBinding;
+        DOMString                    tokenBinding;
         WebAuthnExtensions           extensions;
     };
 </pre>
@@ -706,9 +706,9 @@ string-valued keys. Values may be any type that has a valid encoding in JSON. It
     [[#authenticator-signature]]). Use "S256" for SHA-256, "S384" for SHA384, "S512" for SHA512, and "SM3" for SM3 (see
     [[#iana-considerations]]). This algorithm is chosen by the client at its sole discretion.
 
-    The <dfn>tokenBinding</dfn> member contains a JsonWebKey object as defined by [[WebCryptoAPI#JsonWebKey-dictionary]]
-    describing the public key that this client uses for the Token Binding protocol when communicating with the [RP]. This can be
-    omitted if no Token Binding has been negotiated between the client and the [RP].
+    The <dfn>tokenBinding</dfn> member contains the base64url encoding of the Token Binding ID that this client uses for the
+    Token Binding protocol when communicating with the [RP]. This can be omitted if no Token Binding has been negotiated between
+    the client and the [RP].
 
     The optional <dfn>extensions</dfn> member contains additional parameters generated by processing the extensions passed in
     by the [RP]. WebAuthn extensions are detailed in Section [[#extensions]].