Describe how to determine authenticator attachment from transports

w3c · Oct 1, 2021 · d562282 · d562282
1 parent e751287
commit d562282
Showing 1 changed file with 34 additions and 0 deletions.
diff --git a/index.bs b/index.bs
@@ -2429,6 +2429,40 @@ To remove the need to parse CBOR at all in many cases, {{AuthenticatorAttestatio
 
 Note: {{AuthenticatorAttestationResponse/getPublicKey()}} and {{AuthenticatorAttestationResponse/getAuthenticatorData()}} were only added in level two of this spec. [=[RPS]=] SHOULD use feature detection before using these functions by testing the value of `'getPublicKey' in AuthenticatorAttestationResponse.prototype`. [=[RPS]=] that require this function to exist may not interoperate with older user-agents.
 
+
+#### Determining Authenticator Attachment Options from Credential Transports #### {#sctn-attachments-from-transports}
+
+[INFORMATIVE]
+
+After creating a [=credential=], the [=[RP]=] may wish to know the [=authenticator attachment modality=] of the credential's [=managing authenticator=].
+This can be done by inspecting the result of calling {{getTransports()}}.
+
+If the result of {{getTransports()}}
+
+<dl class="switch">
+    : is [=list/empty=],
+    :: the [=authenticator attachment modality|attachment modality=] of the credential and its [=managing authenticator=] is unknown.
+
+    : [=list/contains=] only {{AuthenticatorTransport/internal}},
+    :: the credential is a [=platform credential=].
+
+    : is not [=list/empty=] and does not [=list/contain=] {{AuthenticatorTransport/internal}},
+    :: the credential is a [=roaming credential=].
+
+    : [=list/contains=] both {{AuthenticatorTransport/internal}} and other values,
+    :: the credential can be used as a [=platform credential=] under some circumstances and a [=roaming credential=] under some circumstances.
+        Both attachment options may or may not be available at the same time.
+
+        For example, a credential [=created on=] a mobile phone may be available as a [=platform credential=]
+        when the [=client device=] is that mobile phone,
+        and as a [=roaming credential=] when the [=client device=] is a laptop computer that can reach the mobile phone via Bluetooth.
+</dl>
+
+Note that an [=authenticator's=] [=authenticator attachment modality|attachment modality=] could change over time.
+For example, a mobile phone might at one time only support [=platform attachment=]
+but later receive updates to support [=cross-platform attachment=] as well.
+
+
 ### Web Authentication Assertion (interface <dfn interface>AuthenticatorAssertionResponse</dfn>) ### {#iface-authenticatorassertionresponse}
 
 The {{AuthenticatorAssertionResponse}} interface represents an [=authenticator=]'s response to a client's request for