diff --git a/index.bs b/index.bs
index eed9338d9..544fe8db3 100644
--- a/index.bs
+++ b/index.bs
@@ -717,7 +717,8 @@ When this method is invoked, the user agent MUST execute the following algorithm
1. Invoke the [=authenticatorMakeCredential=] operation on |authenticator| with
|clientDataHash|,
|options|.{{MakePublicKeyCredentialOptions/rp}}
, |options|.{{MakePublicKeyCredentialOptions/user}}
,
- |options|.{{MakePublicKeyCredentialOptions/authenticatorSelection}}.{{AuthenticatorSelectionCriteria/rk}}
,
+ |options|.{{MakePublicKeyCredentialOptions/authenticatorSelection}}.{{AuthenticatorSelectionCriteria/requireResidentKey}}
,
+ |options|.{{MakePublicKeyCredentialOptions/authenticatorSelection}}.{{AuthenticatorSelectionCriteria/requireUserVerification}}
,
|credTypesAndPubKeyAlgs|,
|excludeCredentialDescriptorList|,
and |authenticatorExtensions| as parameters.
@@ -1797,14 +1798,16 @@ This operation must be invoked in an authenticator session which has no other op
input parameters:
-: |rpId|
-:: The caller's [=RP ID=], as determined by the user agent and the client.
: |hash|
:: The [=hash of the serialized client data=], provided by the client.
: |rpEntity|
:: The [=[RP]=]'s {{PublicKeyCredentialRpEntity}}.
: |userEntity|
:: The user account's {{PublicKeyCredentialUserEntity}}, containing the [=user handle=] given by the [=[RP]=].
+: |requireResidentKey|
+:: |options|.{{MakePublicKeyCredentialOptions/authenticatorSelection}}.{{requireResidentKey}}.
+: |requireUserVerification|
+:: |options|.{{MakePublicKeyCredentialOptions/authenticatorSelection}}.{{requireUserVerification}}.
: |credTypesAndPubKeyAlgs|
:: A sequence of pairs of {{PublicKeyCredentialType}} and public key algorithms ({{COSEAlgorithmIdentifier}}) requested by the
[=[RP]=]. This sequence is ordered from most preferred to least preferred. The platform makes a best-effort to create the most
@@ -1813,10 +1816,6 @@ input parameters:
:: An optional list of {{PublicKeyCredentialDescriptor}} objects provided by the [=[RP]=] with the intention that, if any of
these are known to the authenticator, it should not create a new credential. |excludeCredentialDescriptorList| contains a
list of known credentials.
-: |requireResidentKey|
-:: |options|.{{MakePublicKeyCredentialOptions/authenticatorSelection}}.{{requireResidentKey}}.
-: |requireUserVerification|
-:: |options|.{{MakePublicKeyCredentialOptions/authenticatorSelection}}.{{requireUserVerification}}
: |extensions|
:: A [=map=] from [=extension identifiers=] to their [=authenticator extension inputs=], created by the client based on the
extensions requested by the [=[RP]=], if any.