Distiguish get and create

w3c · Jul 1, 2024 · 480c51f · 480c51f
1 parent 3d119ce
commit 480c51f
Showing 1 changed file with 23 additions and 6 deletions.
diff --git a/index.bs b/index.bs
@@ -320,7 +320,8 @@ spec:css-syntax-3;
         <small>(in alphabetical order)</small></th>
         <th><dfn for="credential type registry">Options Member Identifier</dfn></th>
         <th><dfn for="credential type registry">Appropriate Interface Object</dfn></th>
-        <th><dfn for="credential type registry">Corresponding Permissions Policy</dfn></th>
+        <th><dfn for="credential type registry">Get Permissions Policy</dfn></th>
+        <th><dfn for="credential type registry">Create Permissions Policy</dfn></th>
         <th>Specification</th>
         <th>Requestor Contact</th>
       </tr>
@@ -330,6 +331,7 @@ spec:css-syntax-3;
         <td>digital</td>
         <td>{{DigitalCredential}}</td>
         <td>digital-credentials-get</td>
+        <td>null</td>
         <td>[[DIGITAL-CREDENTIALS]]</td>
         <td><a href="https://wicg.io/">WICG</a></td>
     </tr>
@@ -338,6 +340,7 @@ spec:css-syntax-3;
         <td>federated</td>
         <td>{{FederatedCredential}}</td>
         <td>null</td>
+        <td>null</td>
         <td>This specification: [[#federated]]</td>
         <td><a href="https://www.w3.org/2011/webappsec/">W3C</a></td>
     </tr>
@@ -346,6 +349,7 @@ spec:css-syntax-3;
         <td>identity</td>
         <td>{{IdentityCredential}}</td>
         <td>[=identity-credentials-get=]</td>
+        <td>null</td>
         <td>[[FEDCM]]</td>
         <td><a href="https://www.w3.org/community/fed-id/">W3C</a></td>
     </tr>
@@ -362,6 +366,7 @@ spec:css-syntax-3;
         <td>password</td>
         <td>{{PasswordCredential}}</td>
         <td>null</td>
+        <td>null</td>
         <td>This specification: [[#passwords]]</td>
         <td><a href="https://www.w3.org/2011/webappsec/">W3C</a></td>
     </tr>
@@ -370,6 +375,7 @@ spec:css-syntax-3;
         <td>publicKey</td>
         <td>{{PublicKeyCredential}}</td>
         <td>[=publickey-credentials-get-feature|publickey-credentials-get=]</td>
+        <td>[=publickey-credentials-create-feature|publickey-credentials-create=]</td>
         <td>[[WEBAUTHN]]</td>
         <td><a href="https://www.w3.org/blog/webauthn/">W3C</a></td>
     </tr>
@@ -391,8 +397,11 @@ spec:css-syntax-3;
   * Each registry entry must state the [=credential type registry/Appropriate Interface Object=] [=identifier=] for the
     [=credential type registry/credential type=].
 
-  * Each registry entry may state the [=credential type registry/Corresponding Permissions Policy=] [=permission=] for the
-    [=credential type registry/credential type=].
+  * Each registry entry may state the [=credential type registry/Get Permissions Policy=] [=permission=] used when executing <a abstract-op>Request a `Credential`</a>
+    for a [=credential type registry/credential type=].
+
+  * Each registry entry may state the [=credential type registry/Create Permissions Policy=] [=permission=] used when executing <a abstract-op>Create a `Credential`</a>
+    for a [=credential type registry/credential type=].
 
   * Each registry entry must include a link that references a publicly available specification
     defining the [=credential type registry/credential type=] and the [=dictionary member=] [=identifier=].
@@ -995,7 +1004,7 @@ spec:css-syntax-3;
     1.  Let |sameOriginWithAncestors| be `true` if |settings| is [=same-origin with its
         ancestors=], and `false` otherwise.
 
-    1. For each |permission| in |options|' [=credential type registry/Corresponding Permissions Policy=]:
+    1. For each |permission| in |options|' [=credential type registry/Get Permissions Policy=]:
 
         1. If |permission| is null, continue.
 
@@ -1169,12 +1178,20 @@ spec:css-syntax-3;
 
     1.  Let |global| be |settings|' [=environment settings object/global object=].
 
-    1.  If |settings|'s [=relevant global object=]'s [=associated Document=] is not [=Document/fully active=],
-        then return [=a promise rejected with=] "{{NotAllowedError}}" {{DOMException}}.
+    1.  Let |document| be the [=relevant global object=]'s [=associated Document=].
+
+    1.  If |document| is not [=Document/fully active=], then return
+        [=a promise rejected with=] "{{NotAllowedError}}" {{DOMException}}.
 
     1.  Let |sameOriginWithAncestors| be `true` if the [=current settings object=] is [=same-origin
         with its ancestors=], and `false` otherwise.
 
+    1. Let |permission| be |options| [=credential type registry/Create Permissions Policy=]:
+
+    1. If |permission| is not null, and |document| is **not** [=allowed to use=]
+       the |permission| [=policy-controlled feature=], return [=a promise rejected with=]
+       a "{{NotAllowedError}}" {{DOMException}}.
+
     1.  If |options|[{{CredentialCreationOptions/publicKey}}] [=map/exists=] and
         if |settings|' [=relevant global object=]'s [=associated Document=] is **not**
         [=allowed to use=] the [=publickey-credentials-create-feature|publickey-credentials-create=]