From 3f01aba8ebf7046bfb3c1a7b48cbb4be2b87fc20 Mon Sep 17 00:00:00 2001 From: Mohamed Amir Yosef Date: Fri, 10 Oct 2025 13:55:26 +0200 Subject: [PATCH 1/4] Make user mediation implicit and always required --- index.html | 29 ++++++++++++++++++++--------- 1 file changed, 20 insertions(+), 9 deletions(-) diff --git a/index.html b/index.html index c0107f09..4c06b8e0 100644 --- a/index.html +++ b/index.html @@ -863,16 +863,27 @@

[=digital credential=].

- [=User mediation=] is always - {{CredentialMediationRequirement/"required"}}. [=Request a - credential|Requesting a DigitalCredential credential=] does not support - {{CredentialMediationRequirement/"conditional"}}, - {{CredentialMediationRequirement/"optional"}}, or - {{CredentialMediationRequirement/"silent"}} [=user mediation=]. If - {{CredentialsContainer/get()}} is called with anything other than - {{CredentialMediationRequirement/"required"}}, a {{TypeError}} will be - thrown. + The {{DigitalCredential}} interface mandates [=user mediation=] for all + operations to ensure user control and consent.

+

+ For {{CredentialsContainer/get()}} and {{CredentialsContainer/create()}} + calls involving a {{DigitalCredential}}: +

+ 
     [Exposed=Window, SecureContext]
     interface DigitalCredential : Credential {

From 84757821461e247e0ad6f3047e94c864b7c77267 Mon Sep 17 00:00:00 2001
From: Mohamed Amir Yosef 
Date: Mon, 3 Nov 2025 20:44:38 +0100
Subject: [PATCH 2/4] Remove non-algorithmic sentences and avoid calling out
 the TypeError

---
 index.html | 21 ++++++---------------
 1 file changed, 6 insertions(+), 15 deletions(-)

diff --git a/index.html b/index.html
index 4c06b8e0..c9ce6019 100644
--- a/index.html
+++ b/index.html
@@ -867,23 +867,14 @@ 

       operations to ensure user control and consent.
     

     

-      For {{CredentialsContainer/get()}} and {{CredentialsContainer/create()}}
-      calls involving a {{DigitalCredential}}:
-    

-    
    
-      
  • [=User mediation=] is always performed as if the `mediation` option
-      was set to {{CredentialMediationRequirement/"required"}}.
-      
    • 
-      
  • The `mediation` member of the {{CredentialRequestOptions}} and
-      {{CredentialCreationOptions}} dictionaries is ignored.
-      
    • 
-      
  • To simplify the developer experience, [=user agents=] MUST NOT throw
-      a {{TypeError}} if the `mediation` member is absent or has a value other
-      than {{CredentialMediationRequirement/"required"}}. This makes
+      To simplify the developer experience, for {{CredentialsContainer/get()}}
+      and {{CredentialsContainer/create()}} calls involving a
+      {{DigitalCredential}}, [=user agents=] MUST NOT throw an error if the
+      `mediation` member is absent or has a value other than
+      {{CredentialMediationRequirement/"required"}}. This makes
       {{CredentialMediationRequirement/"required"}} mediation an implicit and
       non-overridable behavior of the API.
-      
    • 
-    

+    

     
     [Exposed=Window, SecureContext]
     interface DigitalCredential : Credential {

From 549fba4c1c721a849972bc6275b3d8aaadd6fb15 Mon Sep 17 00:00:00 2001
From: Mohamed Amir Yosef 
Date: Thu, 6 Nov 2025 20:08:09 +0100
Subject: [PATCH 3/4] Split mediation text into two paragraphs: one deals with
 get() other deals with create().

---
 index.html | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/index.html b/index.html
index c9ce6019..fd5dd23d 100644
--- a/index.html
+++ b/index.html
@@ -867,11 +867,14 @@ 

       operations to ensure user control and consent.
     

     

-      To simplify the developer experience, for {{CredentialsContainer/get()}}
-      and {{CredentialsContainer/create()}} calls involving a
+      To simplify the developer experience of {{CredentialsContainer/get()}}
+      calls involving a {{DigitalCredential}}, [=user agents=] MUST NOT throw
+      an error if the {{CredentialRequestOptions/mediation}} member is absent
+      or has a value other than {{CredentialMediationRequirement/"required"}}.
+      Similarly, {{CredentialsContainer/create()}} calls involving a
       {{DigitalCredential}}, [=user agents=] MUST NOT throw an error if the
-      `mediation` member is absent or has a value other than
-      {{CredentialMediationRequirement/"required"}}. This makes
+      {{CredentialCreationOptions/mediation}} member is absent or has a value
+      other than {{CredentialMediationRequirement/"required"}}. This makes
       {{CredentialMediationRequirement/"required"}} mediation an implicit and
       non-overridable behavior of the API.
     


From 4ad6a1740c217837a5430f1eadebd07475d4a9eb Mon Sep 17 00:00:00 2001
From: Mohamed Amir Yosef 
Date: Thu, 6 Nov 2025 20:37:35 +0100
Subject: [PATCH 4/4] Update index.html

Co-authored-by: Ted Thibodeau Jr 
---
 index.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/index.html b/index.html
index fd5dd23d..3e705211 100644
--- a/index.html
+++ b/index.html
@@ -871,7 +871,7 @@ 

       calls involving a {{DigitalCredential}}, [=user agents=] MUST NOT throw
       an error if the {{CredentialRequestOptions/mediation}} member is absent
       or has a value other than {{CredentialMediationRequirement/"required"}}.
-      Similarly, {{CredentialsContainer/create()}} calls involving a
+      Similarly, in {{CredentialsContainer/create()}} calls involving a
       {{DigitalCredential}}, [=user agents=] MUST NOT throw an error if the
       {{CredentialCreationOptions/mediation}} member is absent or has a value
       other than {{CredentialMediationRequirement/"required"}}. This makes