Substitute enum types in dictionaries with DOMStrings

index.bs

@@ -1783,7 +1783,7 @@ a numbered step. If outdented, it (today) is rendered either as a bullet in the
                         ::  |attestationObject|
 
                         :   {{AuthenticatorAttestationResponse/[[transports]]}}
-                        ::  A sequence of zero or more unique {{DOMString}}s, in lexicographical order, that the |authenticator| is believed to support. The values SHOULD be members of {{AuthenticatorTransport}}.
+                        ::  A sequence of zero or more unique {{DOMString}}s, in lexicographical order, that the |authenticator| is believed to support. The values SHOULD be members of {{AuthenticatorTransport}}, but [=client platforms=] MUST ignore unknown values.
 
                             If a user agent does not wish to divulge this information it MAY substitute an arbitrary sequence designed to preserve privacy. This sequence MUST still be valid, i.e. lexicographically sorted and free of duplicates. For example, it may use the empty sequence. Either way, in this case the user agent takes the risk that [=[RP]=] behavior may be suboptimal.
 
@@ -2299,7 +2299,7 @@ during registration.
     ::  This operation returns the value of {{AuthenticatorAttestationResponse/[[transports]]}}.
 
     :   <dfn>\[[transports]]</dfn>
-    ::  This [=internal slot=] contains a sequence of zero or more unique {{DOMString}}s in lexicographical order. These values are the transports that the [=authenticator=] is believed to support, or an empty sequence if the information is unavailable. The values SHOULD be members of {{AuthenticatorTransport}} but [=[RPS]=] MUST accept unknown values.
+    ::  This [=internal slot=] contains a sequence of zero or more unique {{DOMString}}s in lexicographical order. These values are the transports that the [=authenticator=] is believed to support, or an empty sequence if the information is unavailable. The values SHOULD be members of {{AuthenticatorTransport}} but [=[RPS]=] MUST ignore unknown values.
 </div>
 
 ### Web Authentication Assertion (interface <dfn interface>AuthenticatorAssertionResponse</dfn>) ### {#iface-authenticatorassertionresponse}
@@ -2339,7 +2339,7 @@ optionally evidence of [=user consent=] to a specific transaction.
 
 <xmp class="idl">
     dictionary PublicKeyCredentialParameters {
-        required PublicKeyCredentialType      type;
+        required DOMString                    type;
         required COSEAlgorithmIdentifier      alg;
     };
 </xmp>
@@ -2348,7 +2348,7 @@ optionally evidence of [=user consent=] to a specific transaction.
     This dictionary is used to supply additional parameters when creating a new credential.
 
     :   <dfn>type</dfn>
-    ::  This member specifies the type of credential to be created.
+    ::  This member specifies the type of credential to be created. The value SHOULD be a member of {{PublicKeyCredentialType}} but [=client platforms=] MUST ignore unknown values, ignoring any {{PublicKeyCredentialParameters}} with an unknown {{PublicKeyCredentialParameters/type}}.
 
     :   <dfn>alg</dfn>
     ::  This member specifies the cryptographic signature algorithm with which the newly generated credential will be used, and
@@ -2371,7 +2371,7 @@ optionally evidence of [=user consent=] to a specific transaction.
         unsigned long                                timeout;
         sequence<PublicKeyCredentialDescriptor>      excludeCredentials = [];
         AuthenticatorSelectionCriteria               authenticatorSelection;
-        AttestationConveyancePreference              attestation = "none";
+        DOMString                                    attestation = "none";
         AuthenticationExtensionsClientInputs         extensions;
     };
 </xmp>
@@ -2418,7 +2418,7 @@ optionally evidence of [=user consent=] to a specific transaction.
 
     :   <dfn>attestation</dfn>
     ::  This member is intended for use by [=[RPS]=] that wish to express their preference for [=attestation conveyance=].
-        The default is {{AttestationConveyancePreference/none}}.
+        The value SHOULD be a member of {{AttestationConveyancePreference}} but [=client platforms=] MUST ignore unknown values, treating an unknown value as if the member was unset. The default is {{AttestationConveyancePreference/none}}.
 
     :   <dfn>extensions</dfn>
     ::  This member contains additional parameters requesting additional processing by the client and authenticator. For
@@ -2544,17 +2544,17 @@ attributes.
 
 <xmp class="idl">
     dictionary AuthenticatorSelectionCriteria {
-        AuthenticatorAttachment      authenticatorAttachment;
+        DOMString                    authenticatorAttachment;
         boolean                      requireResidentKey = false;
         ResidentKeyRequirement       residentKey;
-        UserVerificationRequirement  userVerification = "preferred";
+        DOMString                    userVerification = "preferred";
     };
 </xmp>
 
 <div dfn-type="dict-member" dfn-for="AuthenticatorSelectionCriteria">
     :   <dfn>authenticatorAttachment</dfn>
     ::  If this member is [=present|present=], eligible authenticators are filtered to only authenticators attached with the
-        specified [[#enum-attachment]].
+        specified [[#enum-attachment]]. The value SHOULD be a member of {{AuthenticatorAttachment}} but [=client platforms=] MUST ignore unknown values, treating an unknown value as if the member was unset.
 
     :   <dfn>requireResidentKey</dfn>
     ::  Note: This member is retained for backwards compatibility with WebAuthn Level 1 but is deprecated in favour of {{residentKey}}.
@@ -2574,7 +2574,7 @@ attributes.
     :   <dfn>userVerification</dfn>
     ::  This member describes the [=[RP]=]'s requirements regarding [=user verification=] for the
         {{CredentialsContainer/create()}} operation. Eligible authenticators are filtered to only those capable of satisfying this
-        requirement.
+        requirement. The value SHOULD be a member of {{UserVerificationRequirement}} but [=client platforms=] MUST ignore unknown values, treating an unknown value as if the member was unset.
 </div>
 
 
@@ -2689,7 +2689,7 @@ an assertion. Its {{PublicKeyCredentialRequestOptions/challenge}} member MUST be
         unsigned long                        timeout;
         USVString                            rpId;
         sequence<PublicKeyCredentialDescriptor> allowCredentials = [];
-        UserVerificationRequirement          userVerification = "preferred";
+        DOMString                            userVerification = "preferred";
         AuthenticationExtensionsClientInputs extensions;
     };
 </xmp>
@@ -2715,8 +2715,7 @@ an assertion. Its {{PublicKeyCredentialRequestOptions/challenge}} member MUST be
 
     :   <dfn>userVerification</dfn>
     ::  This OPTIONAL member describes the [=[RP]=]'s requirements regarding [=user verification=] for the
-        {{CredentialsContainer/get()}} operation. Eligible authenticators are filtered to only those capable of satisfying this
-        requirement.
+        {{CredentialsContainer/get()}} operation. The value SHOULD be a member of {{UserVerificationRequirement}} but [=client platforms=] MUST ignore unknown values, treating an unknown value as if the member was unset. Eligible authenticators are filtered to only those capable of satisfying this requirement.
 
     :   <dfn>extensions</dfn>
     ::  This OPTIONAL member contains additional parameters requesting additional processing by the client and authenticator.
@@ -2815,7 +2814,7 @@ Note: The {{CollectedClientData}} may be extended in the future. Therefore it's
     };
 
     dictionary TokenBinding {
-        required TokenBindingStatus status;
+        required DOMString status;
         DOMString id;
     };
 
@@ -2846,7 +2845,7 @@ Note: The {{CollectedClientData}} may be extended in the future. Therefore it's
 
         <div dfn-type="dict-member" dfn-for="TokenBinding">
             :   <dfn>status</dfn>
-            ::  This member is one of the following:
+            ::  This member SHOULD be a member of {{TokenBindingStatus}} but [=client platforms=] MUST ignore unknown values, treating an unknown value as if the {{CollectedClientData/tokenBinding}} member was absent. When known, this member is one of the following:
 
                 <div dfn-type="enum-value" dfn-for="TokenBindingStatus">
                     :   <dfn>supported</dfn>
@@ -2896,7 +2895,7 @@ Note: The {{CollectedClientData}} may be extended in the future. Therefore it's
 
 <xmp class="idl">
     dictionary PublicKeyCredentialDescriptor {
-        required PublicKeyCredentialType      type;
+        required DOMString                    type;
         required BufferSource                 id;
         sequence<DOMString>                   transports;
     };
@@ -2908,7 +2907,7 @@ parameter to the {{CredentialsContainer/create()}} or {{CredentialsContainer/get
 
 <div dfn-type="dict-member" dfn-for="PublicKeyCredentialDescriptor">
     :   <dfn>type</dfn>
-    ::  This member contains the type of the [=public key credential=] the caller is referring to.
+    ::  This member contains the type of the [=public key credential=] the caller is referring to. The value SHOULD be a member of {{PublicKeyCredentialType}} but [=client platforms=] MUST ignore any {{PublicKeyCredentialDescriptor}} with an unknown {{PublicKeyCredentialDescriptor/type}}.
 
     :   <dfn>id</dfn>
     ::  This member contains the [=credential ID=] of the [=public key credential=] the caller is referring to.