Adds optional transport hints to CredentialDescription

Resolves #6

index.bs

@@ -374,6 +374,8 @@ When this method is invoked, the user agent MUST execute the following algorithm
 9. For each authenticator currently available on this platform: asynchronously invoke the <a>authenticatorMakeCredential</a>
     operation on that authenticator with |rpIdHash|, <a>clientDataHash</a>, <a>accountInformation</a>, `normalizedParameters`,
     <a>excludeList</a> and |clientExtensions| as parameters. Add a corresponding entry to |issuedRequests|.
+     - For each credential C in <a>excludeList</a> that has a non-empty |transports| list, use only the specified transports
+        to test for the existence of C.
 
 10. While |issuedRequests| is not empty, perform the following actions depending upon the |adjustedTimeout| timer and responses
     from the authenticators:
@@ -439,6 +441,8 @@ When this method is invoked, the user agent MUST execute the following algorithm
     - If <a>allowList</a> is undefined or empty, let |credentialList| be an empty list. Otherwise, execute a platform-specific
         procedure to determine which, if any, credentials listed in <a>allowList</a> might be present on this authenticator, and
         set |credentialList| to this filtered list. If no such filtering is possible, set |credentialList| to an empty list.
+    - For each credential C within the |credentialList| that has a non-empty |transports| list, use only the specified transports
+        to get assertions using credential C.
     - If the above filtering process concludes that none of the credentials on <a>allowList</a> can possibly be on this
         authenticator, do not perform any of the following steps for this authenticator, and proceed to the next authenticator
         (if any).
@@ -775,6 +779,7 @@ by the caller to select a credential for use.
     dictionary CredentialDescription {
         required CredentialType type;
         required BufferSource   id;
+        sequence < Transport >  transports;
     };
 </pre>
 
@@ -788,6 +793,35 @@ the {{makeCredential()}} or {{getAssertion()}} method. It mirrors the fields of
 </div>
 
 
+### Credential Transport enumeration (enum <dfn enum>ExternalTransport</dfn>) ### {#transport}
+
+<pre class="idl">
+    enum Transport {
+        "internal",
+        "usb",
+        "nfc",
+        "ble"
+    };
+</pre>
+
+<div dfn-for="Transport">
+    This enumeration defines the valid transports over which a client might
+    look for an Authenticator that can provide an assertion for the respective
+    credential.  Note that these are a hint from the Relying Party to the
+    client as to its best belief of how an authenticator may be reached.
+    <ul>
+        <li><dfn>internal</dfn> - the respective authenticator may be reached
+            through internal platform mechanisms.
+        <li><dfn>usb</dfn> - the respective authenticator may be contacted over
+            USB.
+        <li><dfn>nfc</dfn> - the respective authenticator may be contacted over
+            Near Field Communication (NFC).
+        <li><dfn>ble</dfn> - the respective authenticator may be contacted over
+            Bluetooth Smart (Bluetooth Low Energy / BLE).
+    </ul>
+<div>
+
+
 ### Cryptographic Algorithm Identifier (type {{AlgorithmIdentifier}}) ### {#alg-identifier}
 
 A string or dictionary identifying a cryptographic algorithm and optionally a set of parameters for that algorithm. This type is