first pass at privacy considerations

w3c · Dec 11, 2023 · ecc19d4 · ecc19d4
1 parent b27eb4d
commit ecc19d4
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/index.bs b/index.bs
@@ -8563,6 +8563,11 @@ If a [=platform authenticator=] is included in a [=client device=] with a multi-
 authenticator=] and [=client device=] SHOULD work together to ensure that the existence of any [=platform credential=] is revealed
 only to the operating system user that created that [=platform credential=].
 
+### Disclosing Client Capabilities ### {#sctn-disclosing-client-capabilities}
+
+The {{getClientCapabilities}} method assists [=[WRPS]=] in crafting registration and authentication experiences which have a high chance of success with the client and/or user.
+
+By indicating support of a certain WebAuthn-capability, a relying party may also be able to infer other lower level platform features, such as the availability of Bluetooth. Client implementations MAY wish to limit capability disclosures based on client policy and/or user consent.
 
 ## Privacy considerations for [=[RPS]=] ## {#sctn-privacy-considerations-rp}