Ensure the order of parameters are consistent throughout the spec

index.bs

@@ -444,15 +444,15 @@ When this method is invoked, the user agent MUST execute the following algorithm
 8. Initialize |issuedRequests| and |currentlyAvailableAuthenticators| to empty lists.
 
 9. For each authenticator currently available on this platform, add the authenticator to |currentlyAvailableAuthenticators|
-    unless the {{ScopedCredentialOptions/attachment}} member of {{options}} or the {{ScopedCredentialOptions/verificationGesture}} 
-    member of {{options}} is set to true. In that case, let |attachment|
+    unless the {{ScopedCredentialOptions/attachment}} member of {{options}} is present or the 
+    {{ScopedCredentialOptions/verificationGesture}} member of {{options}} is set to true. In that case, let |attachment|
     be {{ScopedCredentialOptions/attachment}} and |verificationGesture| be {{ScopedCredentialOptions/verificationGesture}}. 
     Add the authenticator to |currentlyAvailableAuthenticators| if its attachment modality matches |attachment| and its 
     user verification modality is set to true.
 
 10. For each authenticator in |currentlyAvailableAuthenticators|: asynchronously invoke the <a>authenticatorMakeCredential</a>
     operation on that authenticator with |rpId|, <a>clientDataHash</a>, {{accountInformation}}, |normalizedParameters|,
-    {{ScopedCredentialOptions/excludeList}}, {{ScopedCredentialOptions/verificationGesture}}, and |clientExtensions| as 
+     {{ScopedCredentialOptions/excludeList}}, {{ScopedCredentialOptions/verificationGesture}}, and |clientExtensions| as 
     parameters. Add a corresponding entry to |issuedRequests|.
     - For each credential |C| in the {{ScopedCredentialOptions/excludeList}} member of {{options}} that has a non-empty
         |transports| list, optionally use only the specified transports to test for the existence of |C|.
@@ -544,7 +544,7 @@ When this method is invoked, the user agent MUST execute the following algorithm
         be on this authenticator, do not perform any of the following steps for this authenticator, and proceed to the next
         authenticator (if any).
     - Asynchronously invoke the <a>authenticatorGetAssertion</a> operation on this authenticator with |rpId|,
-        <a>clientDataHash</a>, |verificationGesture|, |credentialList|, and |clientExtensions| as parameters.
+        <a>clientDataHash</a>, |credentialList|,  |verificationGesture| and |clientExtensions| as parameters.
     - Add an entry to |issuedRequests|, corresponding to this request.
 
 9. While |issuedRequests| is not empty, perform the following actions depending upon the |adjustedTimeout| timer and responses
@@ -1126,11 +1126,11 @@ input parameters:
 - The <a>clientDataHash</a>, which is the hash of the serialized {{ClientData}} and is provided by the client.
 - The {{Account}} information provided by the [RP].
 - The {{ScopedCredentialType}} and cryptographic parameters requested by the [RP], with the cryptographic algorithms normalized
-    as per the procedure in [[WebCryptoAPI#algorithm-normalization-normalize-an-algorithm]].
+    as per the procedure in [[WebCryptoAPI#algorithm-normalization-normalize-an-algorithm]]
 - A list of {{ScopedCredential}} objects provided by the [RP] with the intention that, if any of these are known to the
-    authenticator, it should not create a new credential.
+    authenticator, it should not create a new credential. 
 - A boolean called {{ScopedCredentialOptions/verificationGesture}} provided by the [RP] with the intention that, if the parameter 
-    is set to true, the authenticator SHOULD perform a user verification process during the operation. 
+    is set to true, the authenticator SHOULD perform a user verification process during the operation.
 - Extension data created by the client based on the extensions requested by the [RP].
 
 When this operation is invoked, the authenticator must perform the following procedure:
@@ -1170,9 +1170,9 @@ input parameters:
 
 - The caller's RP ID, as determined by the user agent and the client.
 - The <a>clientDataHash</a>, which is the hash of the serialized {{ClientData}} and is provided by the client.
+- A list of credentials acceptable to the [RP] (possibly filtered by the client).
 - A boolean called {{AssertionOptions/verificationGesture}} provided by the [RP] with the intention that, if the parameter 
     is set to true, the authenticator SHOULD perform a user verification process during the operation.
-- A list of credentials acceptable to the [RP] (possibly filtered by the client).
 - Extension data created by the client based on the extensions requested by the [RP].
 
 When this method is invoked, the authenticator must perform the following procedure:
@@ -1187,8 +1187,7 @@ When this method is invoked, the authenticator must perform the following proced
     for obtaining this consent may be shown by the authenticator if it has its own output capability, or by the user agent
     otherwise.
 - If the {{AssertionOptions/verificationGesture}} parameter is set to true, prompt the user for performing an 
-    <a>authorization gesture</a> to verify the user. If this prompt is shown with sufficient explanation that the success of 
-    this verification gesture will generate a new credential, the previous prompt for user consent may not be needed. 
+    <a>authorization gesture</a> to verify the user. 
 - Process all the supported extensions requested by the client, and generate an <a>authenticatorData</a> structure without
     attestation data as specified in [[#sec-authenticator-data]]. Concatenate this <a>authenticatorData</a> with the
     <a>clientDataHash</a> received from the client to generate an assertion signature using the private key of the selected