DRAFT: Backup eligibility parameter during registration

index.bs

@@ -2769,6 +2769,7 @@ attributes.
  DOMString residentKey;
  boolean requireResidentKey = false;
  DOMString userVerification = "preferred";
+ DOMString backupEligible = "any";
  };
 </xmp>
 
@@ -2798,6 +2799,12 @@ attributes.
  The value SHOULD be a member of {{UserVerificationRequirement}} but [=client platforms=] MUST ignore unknown values, treating an unknown value as if the [=map/exist|member does not exist=].
 
  See {{UserVerificationRequirement}} for the description of {{AuthenticatorSelectionCriteria/userVerification}}'s values and semantics.
+
+ : <dfn>backupEligible</dfn>
+ :: Specifies the extent to which the [=[RP]=] desires to create a [=backup eligible=] [=credential=].
+ The value SHOULD be a member of {{BackupEligibilityRequirement}} but [=client platforms=] MUST ignore unknown values, treating an unknown value as if the [=map/exist|member does not exist=].
+
+ See {{BackupEligibilityRequirement}} for the description of {{AuthenticatorSelectionCriteria/backupEligible}}'s values and semantics.
 </div>
 
 
@@ -3414,6 +3421,63 @@ Note: The {{UserVerificationRequirement}} enumeration is deliberately not refere
 </div>
 
 
+### Backup Eligibility Requirement Enumeration (enum <dfn enum>BackupEligibilityRequirement</dfn>) ### {#enum-backupEligibilityRequirement}
+
+<xmp class="idl">
+ enum BackupEligibilityRequirement {
+ "forbidden",
+ "discouraged",
+ "any",
+ "preferred",
+ "required"
+ };
+</xmp>
+
+A [=[WRP]=] may desire for [=credentials=] to be [=backup eligible=] or not,
+and may use this type to express its preference during [=registration=].
+
+Note: The {{BackupEligibilityRequirement}} enumeration is deliberately not referenced, see [[#sct-domstring-backwards-compatibility]].
+
+<div dfn-type="enum-value" dfn-for="BackupEligibilityRequirement">
+ : <dfn>forbidden</dfn>
+ :: The [=[RP]=] wants to create a [=single-device credential=] and intends to reject the registration
+ if a [=multi-device credential=] is created.
+
+ The [=client=] SHOULD guide the user to create a [=single-device credential=] if possible.
+ The [=client=] MAY allow the user to create a [=multi-device credential=] anyway,
+ but SHOULD warn the user that it is unlikely to be accepted by the [=[RP]=].
+
+ : <dfn>discouraged</dfn>
+ :: The [=[RP]=] prefers to create a [=single-device credential=] but intends to accept the registration
+ even if a [=multi-device credential=] is created.
+
+ The [=client=] SHOULD guide the user to create a [=single-device credential=] if possible.
+ The [=client=] MAY allow the user to create a [=multi-device credential=] anyway,
+ and MAY warn the user that it might not be accepted by the [=[RP]=].
+
+ : <dfn>any</dfn>
+ :: The [=[RP]=] has no preference and intends to accept either a [=single-device credential=] or a [=multi-device credential=].
+
+ The [=client=] and [=authenticator=] MAY create either a [=single-device credential=] or a [=multi-device credential=].
+
+ : <dfn>preferred</dfn>
+ :: The [=[RP]=] prefers to create a [=multi-device credential=] but intends to accept the registration
+ even if a [=single-device credential=] is created.
+
+ The [=client=] SHOULD guide the user to create a [=multi-device credential=] if possible.
+ The [=client=] MAY allow the user to create a [=single-device credential=] anyway,
+ and MAY warn the user that it might not be accepted by the [=[RP]=].
+
+ : <dfn>required</dfn>
+ :: The [=[RP]=] wants to create a [=multi-device credential=] and intends to reject the registration
+ if a [=single-device credential=] is created.
+
+ The [=client=] SHOULD guide the user to create a [=multi-device credential=] if possible.
+ The [=client=] MAY allow the user to create a [=single-device credential=] anyway,
+ but SHOULD warn the user that it is unlikely to be accepted by the [=[RP]=].
+</div>
+
+
 ## Permissions Policy integration ## {#sctn-permissions-policy}
 
 This specification defines one [=policy-controlled feature=] identified by