Add authenticator attachment used during authentication to assertion payload

index.bs

@@ -1370,6 +1370,7 @@ that are returned to the caller when a new credential is created, or a new asser
     interface PublicKeyCredential : Credential {
         [SameObject] readonly attribute ArrayBuffer              rawId;
         [SameObject] readonly attribute AuthenticatorResponse    response;
+        [SameObject] readonly attribute DOMString?               authenticatorAttachment;
         AuthenticationExtensionsClientOutputs getClientExtensionResults();
     };
 </xmp>
@@ -1388,6 +1389,11 @@ that are returned to the caller when a new credential is created, or a new asser
         {{CredentialsContainer/create()}}, this attribute's value will be an {{AuthenticatorAttestationResponse}}, otherwise,
         the {{PublicKeyCredential}} was created in response to {{CredentialsContainer/get()}}, and this attribute's value
         will be an {{AuthenticatorAssertionResponse}}.
+
+    :   <dfn>authenticatorAttachment</dfn>
+    ::  The value SHOULD be a member of {{AuthenticatorAttachment}} used to communicate to the [=authenticator=], and Relying Parties SHOULD treat unknown values as if the value were null.
+        This attribute may be used by RPs in conjunction with {{isUserVerifyingPlatformAuthenticatorAvailable}} to prompt user to register a platform authenticator if it is available and the user is currently being authenticated 
+        with a cross-platform attachment. See [[#sctn-authenticator-attachment-modality]].
 
     :   {{PublicKeyCredential/getClientExtensionResults()}}
     ::  This operation returns the value of {{PublicKeyCredential/[[clientExtensionsResults]]}}, which is a [=map=] containing
@@ -1857,6 +1863,12 @@ a numbered step. If outdented, it (today) is rendered either as a bullet in the
                     :   {{PublicKeyCredential/[[identifier]]}}
                     ::  |id|
 
+                    :   {{PublicKeyCredential/authenticatorAttachment}}
+                    ::  The value of the authenticator attachment type used to communicate to the [=authenticator=]. 
+                        Values SHOULD be members of the {{AuthenticatorAttachment}} enum based on the transport returned 
+                        by authenticator following successful registration. If the user agent does not
+                        have any authenticator attachment information, set the value to null.
+
                     :   {{PublicKeyCredential/response}}
                     ::  A new {{AuthenticatorAttestationResponse}} object associated with |global| whose fields are:
 
@@ -2223,10 +2235,15 @@ When this method is invoked, the user agent MUST execute the following algorithm
                 1.  Let |pubKeyCred| be a new {{PublicKeyCredential}} object associated with |global| whose fields are:
 
                     :   {{PublicKeyCredential/[[identifier]]}}
-
                     ::  A new {{ArrayBuffer}}, created using |global|'s [=%ArrayBuffer%=], containing the bytes of
                         <code>|assertionCreationData|.[=credentialIdResult=]</code>.
 
+                    :   {{PublicKeyCredential/authenticatorAttachment}}
+                    ::  The value of the authenticator attachment type used to communicate to the [=authenticator=]. 
+                        Values SHOULD be members of the {{AuthenticatorAttachment}} enum based on the transport returned 
+                        by authenticator following successful authentication. If the user agent does not
+                        have any authenticator attachment information, set the value to null.
+
                     :   {{PublicKeyCredential/response}}
                     ::  A new {{AuthenticatorAssertionResponse}} object associated with |global| whose fields are: