Merge pull request #2141 from w3c/2064-tc-bebs-steps

Add BE/BS steps to authData generation
w3c · Sep 11, 2024 · 2e75793 · 2e75793
2 parents a871f79 + caf217a
commit 2e75793
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/index.bs b/index.bs
@@ -4758,6 +4758,14 @@ the requested [=public key credential|credential=] is [=scoped=] to exactly matc
     possibly combined in a single [=authorization gesture=],
     then the authenticator will set both the [=UP=] [=flag=] and the [=authData/flags/UV=] [=flag=].
 
+- The [=BE=] [=flag=] SHALL be set if and only if the credential is a [=multi-device credential=]. 
+    This value MUST NOT change after a [=registration ceremony=] as defined in [[#sctn-credential-backup]].
+
+- The [=BS=] [=flag=] SHALL be set if and only if the credential is a [=multi-device credential=] and is currently [=backed up=].
+
+    If the backup status of a credential is uncertain or the authenticator suspects a problem with the backed up credential,
+        the [=BS=] [=flag=] SHOULD NOT be set.
+
 - For [=attestation signatures=], the authenticator MUST set the [=AT=] [=flag=] and include the <code>[=attestedCredentialData=]</code>.
     For [=assertion signatures=], the [=AT=] [=flag=] MUST NOT be set and the <code>[=attestedCredentialData=]</code> MUST NOT be included.