diff --git a/index.html b/index.html
index bcc9dc4..fe658e1 100644
--- a/index.html
+++ b/index.html
@@ -1058,9 +1058,10 @@
 			   comprising the first items of each top-level section. */
 			margin-top: 1.1rem;
 		}
-		#toc .secno {
+		#toc#toc .secno { /* Ugh, need more specificity to override base.css */
 			grid-column: 1;
 			width: auto;
+			margin-left: 0;
 		}
 		#toc .content {
 			grid-column: 2;
@@ -1211,9 +1212,8 @@
 		}
 	}
 </style>
-  <meta content="Bikeshed version 6bebf68aed1298eb5349b6cdea3fab1e79551a6f" name="generator">
+  <meta content="Bikeshed version dff342f4b23fb230b71436fb31b55f5f169715bd" name="generator">
   <link href="http://www.w3.org/TR/credential-management-1/" rel="canonical">
-  <meta content="6851e69d938259cb80b2eacb8b2d54c4df381be6" name="document-revision">
 <style>/* style-md-lists */
 
 /* This is a weird hack for me not yet following the commonmark spec
@@ -1414,64 +1414,64 @@
 .highlight:not(.idl) { background: hsl(24, 20%, 95%); }
 code.highlight { padding: .1em; border-radius: .3em; }
 pre.highlight, pre > code.highlight { display: block; padding: 1em; margin: .5em 0; overflow: auto; border-radius: 0; }
-.highlight .c { color: #708090 } /* Comment */
-.highlight .k { color: #990055 } /* Keyword */
-.highlight .l { color: #000000 } /* Literal */
-.highlight .n { color: #0077aa } /* Name */
-.highlight .o { color: #999999 } /* Operator */
-.highlight .p { color: #999999 } /* Punctuation */
-.highlight .cm { color: #708090 } /* Comment.Multiline */
-.highlight .cp { color: #708090 } /* Comment.Preproc */
-.highlight .c1 { color: #708090 } /* Comment.Single */
-.highlight .cs { color: #708090 } /* Comment.Special */
-.highlight .kc { color: #990055 } /* Keyword.Constant */
-.highlight .kd { color: #990055 } /* Keyword.Declaration */
-.highlight .kn { color: #990055 } /* Keyword.Namespace */
-.highlight .kp { color: #990055 } /* Keyword.Pseudo */
-.highlight .kr { color: #990055 } /* Keyword.Reserved */
-.highlight .kt { color: #990055 } /* Keyword.Type */
-.highlight .ld { color: #000000 } /* Literal.Date */
-.highlight .m { color: #000000 } /* Literal.Number */
-.highlight .s { color: #a67f59 } /* Literal.String */
-.highlight .na { color: #0077aa } /* Name.Attribute */
-.highlight .nc { color: #0077aa } /* Name.Class */
-.highlight .no { color: #0077aa } /* Name.Constant */
-.highlight .nd { color: #0077aa } /* Name.Decorator */
-.highlight .ni { color: #0077aa } /* Name.Entity */
-.highlight .ne { color: #0077aa } /* Name.Exception */
-.highlight .nf { color: #0077aa } /* Name.Function */
-.highlight .nl { color: #0077aa } /* Name.Label */
-.highlight .nn { color: #0077aa } /* Name.Namespace */
-.highlight .py { color: #0077aa } /* Name.Property */
-.highlight .nt { color: #669900 } /* Name.Tag */
-.highlight .nv { color: #222222 } /* Name.Variable */
-.highlight .ow { color: #999999 } /* Operator.Word */
-.highlight .mb { color: #000000 } /* Literal.Number.Bin */
-.highlight .mf { color: #000000 } /* Literal.Number.Float */
-.highlight .mh { color: #000000 } /* Literal.Number.Hex */
-.highlight .mi { color: #000000 } /* Literal.Number.Integer */
-.highlight .mo { color: #000000 } /* Literal.Number.Oct */
-.highlight .sb { color: #a67f59 } /* Literal.String.Backtick */
-.highlight .sc { color: #a67f59 } /* Literal.String.Char */
-.highlight .sd { color: #a67f59 } /* Literal.String.Doc */
-.highlight .s2 { color: #a67f59 } /* Literal.String.Double */
-.highlight .se { color: #a67f59 } /* Literal.String.Escape */
-.highlight .sh { color: #a67f59 } /* Literal.String.Heredoc */
-.highlight .si { color: #a67f59 } /* Literal.String.Interpol */
-.highlight .sx { color: #a67f59 } /* Literal.String.Other */
-.highlight .sr { color: #a67f59 } /* Literal.String.Regex */
-.highlight .s1 { color: #a67f59 } /* Literal.String.Single */
-.highlight .ss { color: #a67f59 } /* Literal.String.Symbol */
-.highlight .vc { color: #0077aa } /* Name.Variable.Class */
-.highlight .vg { color: #0077aa } /* Name.Variable.Global */
-.highlight .vi { color: #0077aa } /* Name.Variable.Instance */
-.highlight .il { color: #000000 } /* Literal.Number.Integer.Long */
+c-[a] { color: #990055 } /* Keyword.Declaration */
+c-[b] { color: #990055 } /* Keyword.Type */
+c-[c] { color: #708090 } /* Comment */
+c-[d] { color: #708090 } /* Comment.Multiline */
+c-[e] { color: #0077aa } /* Name.Attribute */
+c-[f] { color: #669900 } /* Name.Tag */
+c-[g] { color: #222222 } /* Name.Variable */
+c-[k] { color: #990055 } /* Keyword */
+c-[l] { color: #000000 } /* Literal */
+c-[m] { color: #000000 } /* Literal.Number */
+c-[n] { color: #0077aa } /* Name */
+c-[o] { color: #999999 } /* Operator */
+c-[p] { color: #999999 } /* Punctuation */
+c-[s] { color: #a67f59 } /* Literal.String */
+c-[t] { color: #a67f59 } /* Literal.String.Single */
+c-[u] { color: #a67f59 } /* Literal.String.Double */
+c-[cp] { color: #708090 } /* Comment.Preproc */
+c-[c1] { color: #708090 } /* Comment.Single */
+c-[cs] { color: #708090 } /* Comment.Special */
+c-[kc] { color: #990055 } /* Keyword.Constant */
+c-[kn] { color: #990055 } /* Keyword.Namespace */
+c-[kp] { color: #990055 } /* Keyword.Pseudo */
+c-[kr] { color: #990055 } /* Keyword.Reserved */
+c-[ld] { color: #000000 } /* Literal.Date */
+c-[nc] { color: #0077aa } /* Name.Class */
+c-[no] { color: #0077aa } /* Name.Constant */
+c-[nd] { color: #0077aa } /* Name.Decorator */
+c-[ni] { color: #0077aa } /* Name.Entity */
+c-[ne] { color: #0077aa } /* Name.Exception */
+c-[nf] { color: #0077aa } /* Name.Function */
+c-[nl] { color: #0077aa } /* Name.Label */
+c-[nn] { color: #0077aa } /* Name.Namespace */
+c-[py] { color: #0077aa } /* Name.Property */
+c-[ow] { color: #999999 } /* Operator.Word */
+c-[mb] { color: #000000 } /* Literal.Number.Bin */
+c-[mf] { color: #000000 } /* Literal.Number.Float */
+c-[mh] { color: #000000 } /* Literal.Number.Hex */
+c-[mi] { color: #000000 } /* Literal.Number.Integer */
+c-[mo] { color: #000000 } /* Literal.Number.Oct */
+c-[sb] { color: #a67f59 } /* Literal.String.Backtick */
+c-[sc] { color: #a67f59 } /* Literal.String.Char */
+c-[sd] { color: #a67f59 } /* Literal.String.Doc */
+c-[se] { color: #a67f59 } /* Literal.String.Escape */
+c-[sh] { color: #a67f59 } /* Literal.String.Heredoc */
+c-[si] { color: #a67f59 } /* Literal.String.Interpol */
+c-[sx] { color: #a67f59 } /* Literal.String.Other */
+c-[sr] { color: #a67f59 } /* Literal.String.Regex */
+c-[ss] { color: #a67f59 } /* Literal.String.Symbol */
+c-[vc] { color: #0077aa } /* Name.Variable.Class */
+c-[vg] { color: #0077aa } /* Name.Variable.Global */
+c-[vi] { color: #0077aa } /* Name.Variable.Instance */
+c-[il] { color: #000000 } /* Literal.Number.Integer.Long */
 </style>
  <body class="h-entry">
   <div class="head">
    <p data-fill-with="logo"><a class="logo" href="https://www.w3.org/"> <img alt="W3C" height="48" src="https://www.w3.org/StyleSheets/TR/2016/logos/W3C" width="72"> </a> </p>
    <h1>Credential Management Level 1</h1>
-   <h2 class="no-num no-toc no-ref heading settled" id="subtitle"><span class="content">Editor’s Draft, <time class="dt-updated" datetime="2018-06-19">19 June 2018</time></span></h2>
+   <h2 class="no-num no-toc no-ref heading settled" id="subtitle"><span class="content">Editor’s Draft, <time class="dt-updated" datetime="2018-09-28">28 September 2018</time></span></h2>
    <div data-fill-with="spec-metadata">
     <dl>
      <dt>This version:
@@ -1483,7 +1483,7 @@ <h2 class="no-num no-toc no-ref heading settled" id="subtitle"><span class="cont
      <dt>Version History:
      <dd><a href="https://github.com/w3c/webappsec-credential-management/commits/master/index.src.html">https://github.com/w3c/webappsec-credential-management/commits/master/index.src.html</a>
      <dt>Feedback:
-     <dd><span><a href="mailto:public-webappsec@w3.org?subject=%5Bcredential-management%5D%20YOUR%20TOPIC%20HERE">public-webappsec@w3.org</a> with subject line “<kbd>[credential-management] <i data-lt="">… message topic …</i></kbd>” (<a href="https://lists.w3.org/Archives/Public/public-webappsec/" rel="discussion">archives</a>)</span>
+     <dd><span><a href="mailto:public-webappsec@w3.org?subject=%5Bcredential-management%5D%20YOUR%20TOPIC%20HERE">public-webappsec@w3.org</a> with subject line “<kbd>[credential-management] <i data-lt>… message topic …</i></kbd>” (<a href="https://lists.w3.org/Archives/Public/public-webappsec/" rel="discussion">archives</a>)</span>
      <dt class="editor">Editor:
      <dd class="editor p-author h-card vcard" data-editor-id="56384"><a class="p-name fn u-email email" href="mailto:mkwst@google.com">Mike West</a> (<span class="p-org org">Google Inc.</span>)
      <dt>Participate:
@@ -1539,7 +1539,14 @@ <h2 class="no-num no-toc no-ref" id="contents">Table of Contents</h2>
       <li>
        <a href="#the-credential-interface"><span class="secno">2.2</span> <span class="content">The <code>Credential</code> Interface</span></a>
        <ol class="toc">
-        <li><a href="#credential-internal-methods"><span class="secno">2.2.1</span> <span class="content"><code>Credential</code> Internal Methods</span></a>
+        <li>
+         <a href="#credential-internal-methods"><span class="secno">2.2.1</span> <span class="content"><code>Credential</code> Internal Methods</span></a>
+         <ol class="toc">
+          <li><a href="#algorithm-collect-creds"><span class="secno">2.2.1.1</span> <span class="content"><code>[[CollectFromCredentialStore]]</code> internal method</span></a>
+          <li><a href="#algorithm-discover-creds"><span class="secno">2.2.1.2</span> <span class="content"><code>[[DiscoverFromExternalSource]]</code> internal method</span></a>
+          <li><a href="#algorithm-store-cred"><span class="secno">2.2.1.3</span> <span class="content"><code>[[Store]]</code> internal method</span></a>
+          <li><a href="#algorithm-create-cred"><span class="secno">2.2.1.4</span> <span class="content"><code>[[Create]]</code> internal method</span></a>
+         </ol>
         <li><a href="#credentialuserdata-mixin"><span class="secno">2.2.2</span> <span class="content"><code>CredentialUserData</code> Mixin</span></a>
        </ol>
       <li>
@@ -1577,8 +1584,8 @@ <h2 class="no-num no-toc no-ref" id="contents">Table of Contents</h2>
       <li>
        <a href="#passwordcredential-algorithms"><span class="secno">3.3</span> <span class="content">Algorithms</span></a>
        <ol class="toc">
-        <li><a href="#collectfromcredentialstore-passwordcredential"><span class="secno">3.3.1</span> <span class="content"> <code>PasswordCredential</code>'s <code>[[CollectFromCredentialStore]](options, sameOriginWithAncestors)</code> </span></a>
-        <li><a href="#create-passwordcredential"><span class="secno">3.3.2</span> <span class="content"> <code>PasswordCredential</code>'s <code>[[Create]](options, sameOriginWithAncestors)</code> </span></a>
+        <li><a href="#collectfromcredentialstore-passwordcredential"><span class="secno">3.3.1</span> <span class="content"> <code>PasswordCredential</code>'s <code>[[CollectFromCredentialStore]](origin, options, sameOriginWithAncestors)</code> </span></a>
+        <li><a href="#create-passwordcredential"><span class="secno">3.3.2</span> <span class="content"> <code>PasswordCredential</code>'s <code>[[Create]](origin, options, sameOriginWithAncestors)</code> </span></a>
         <li><a href="#store-passwordcredential"><span class="secno">3.3.3</span> <span class="content"> <code>PasswordCredential</code>'s <code>[[Store]](credential, sameOriginWithAncestors)</code> </span></a>
         <li><a href="#construct-passwordcredential-form"><span class="secno">3.3.4</span> <span class="content"> Create a <code>PasswordCredential</code> from an <code>HTMLFormElement</code> </span></a>
         <li><a href="#construct-passwordcredential-data"><span class="secno">3.3.5</span> <span class="content"> Create a <code>PasswordCredential</code> from <code>PasswordCredentialData</code> </span></a>
@@ -1596,8 +1603,8 @@ <h2 class="no-num no-toc no-ref" id="contents">Table of Contents</h2>
       <li>
        <a href="#federatedcredential-algorithms"><span class="secno">4.2</span> <span class="content">Algorithms</span></a>
        <ol class="toc">
-        <li><a href="#collectfromcredentialstore-federatedcredential"><span class="secno">4.2.1</span> <span class="content"> <code>FederatedCredential</code>'s <code>[[CollectFromCredentialStore]](options, sameOriginWithAncestors)</code> </span></a>
-        <li><a href="#create-federatedcredential"><span class="secno">4.2.2</span> <span class="content"> <code>FederatedCredential</code>'s <code>[[Create]](options, sameOriginWithAncestors)</code> </span></a>
+        <li><a href="#collectfromcredentialstore-federatedcredential"><span class="secno">4.2.1</span> <span class="content"> <code>FederatedCredential</code>'s <code>[[CollectFromCredentialStore]](origin, options, sameOriginWithAncestors)</code> </span></a>
+        <li><a href="#create-federatedcredential"><span class="secno">4.2.2</span> <span class="content"> <code>FederatedCredential</code>'s <code>[[Create]](origin, options, sameOriginWithAncestors)</code> </span></a>
         <li><a href="#store-federatedcredential"><span class="secno">4.2.3</span> <span class="content"> <code>FederatedCredential</code>'s <code>[[Store]](credential, sameOriginWithAncestors)</code> </span></a>
         <li><a href="#construct-federatedcredential-data"><span class="secno">4.2.4</span> <span class="content"> Create a <code>FederatedCredential</code> from <code>FederatedCredentialInit</code> </span></a>
        </ol>
@@ -1691,14 +1698,14 @@ <h3 class="heading settled" data-level="1.1" id="use-cases"><span class="secno">
   hodgepodge of heuristics meant to detect and fill sign-in forms, password change forms, etc.</p>
     <p>A few problems with the status quo stand out as being particularly noteworthy:</p>
     <ul>
-     <li data-md="">
+     <li data-md>
       <p>User agents have an incredibly difficult time helping users with
   federated identity providers. While detecting a username/password
   form submission is fairly straightforward, detecting sign-in via a
   third-party is quite difficult to reliably do well. It would be nice
   if a website could help the user agent understand the intent behind the
   redirects associated with a typical federated sign-in action.</p>
-     <li data-md="">
+     <li data-md>
       <p>Likewise, user agents struggle to detect more esoteric sign-in
   mechanisms than simple username/password forms. Authors increasingly
   asynchronously sign users in via <code class="idl"><a data-link-type="idl" href="https://xhr.spec.whatwg.org/#xmlhttprequest" id="ref-for-xmlhttprequest①">XMLHttpRequest</a></code> or similar
@@ -1707,7 +1714,7 @@ <h3 class="heading settled" data-level="1.1" id="use-cases"><span class="secno">
   integrate into their password managers. It would be nice if a website
   could help the user agent make sense of the sign-in mechanism they
   choose to use.</p>
-     <li data-md="">
+     <li data-md>
       <p>Finally, changing passwords is less well-supported than it could be if
   the website explicitly informed the user agent that credentials had
   changed.</p>
@@ -1715,7 +1722,7 @@ <h3 class="heading settled" data-level="1.1" id="use-cases"><span class="secno">
    </section>
    <section>
     <h2 class="heading settled" data-level="2" id="core"><span class="secno">2. </span><span class="content">Core API</span><a class="self-link" href="#core"></a></h2>
-    <p>From a developer’s perspective, a <dfn class="dfn-paneled" data-dfn-type="dfn" data-export="" id="concept-credential">credential</dfn> is an
+    <p>From a developer’s perspective, a <dfn class="dfn-paneled" data-dfn-type="dfn" data-export id="concept-credential">credential</dfn> is an
   object which allows a developer to make an authentication decision for a particular action. This
   section defines a generic and extensible <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential">Credential</a></code> interface which serves as a base class
   for <a data-link-type="dfn" href="#concept-credential" id="ref-for-concept-credential②">credentials</a> defined in this and other documents, along with a set of APIs
@@ -1723,18 +1730,18 @@ <h2 class="heading settled" data-level="2" id="core"><span class="secno">2. </sp
   obtain them.</p>
     <p>Various types of <a data-link-type="dfn" href="#concept-credential" id="ref-for-concept-credential③">credentials</a> are represented to JavaScript as an interface which <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-inherit" id="ref-for-dfn-inherit">inherits</a>, either directly or indirectly, from the <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential①">Credential</a></code> interface. This
   document defines two such interfaces, <code class="idl"><a data-link-type="idl" href="#passwordcredential" id="ref-for-passwordcredential">PasswordCredential</a></code> and <code class="idl"><a data-link-type="idl" href="#federatedcredential" id="ref-for-federatedcredential">FederatedCredential</a></code>.</p>
-    <p>A <a data-link-type="dfn" href="#concept-credential" id="ref-for-concept-credential④">credential</a> is <dfn class="dfn-paneled" data-dfn-for="credential" data-dfn-type="dfn" data-export="" id="credential-effective">effective</dfn> for a particular <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/origin.html#concept-origin" id="ref-for-concept-origin">origin</a> if it
+    <p>A <a data-link-type="dfn" href="#concept-credential" id="ref-for-concept-credential④">credential</a> is <dfn class="dfn-paneled" data-dfn-for="credential" data-dfn-type="dfn" data-export id="credential-effective">effective</dfn> for a particular <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/origin.html#concept-origin" id="ref-for-concept-origin">origin</a> if it
   is accepted as authentication on that origin. Even if a credential is effective at a particular
   point in time, the UA can’t assume that the same credential will be effective at any future time,
   for a couple reasons:</p>
     <ol>
-     <li data-md="">
+     <li data-md>
       <p>A password credential may stop being effective if the account holder changes their password.</p>
-     <li data-md="">
+     <li data-md>
       <p>A credential made from a token received over SMS is likely to only be effective for a single
  use.</p>
     </ol>
-    <p>Single-use <a data-link-type="dfn" href="#concept-credential" id="ref-for-concept-credential⑤">credentials</a> are generated by a <dfn class="dfn-paneled" data-dfn-type="dfn" data-export="" id="credential-source">credential source</dfn>, which could be
+    <p>Single-use <a data-link-type="dfn" href="#concept-credential" id="ref-for-concept-credential⑤">credentials</a> are generated by a <dfn class="dfn-paneled" data-dfn-type="dfn" data-export id="credential-source">credential source</dfn>, which could be
   a private key, access to a federated account, the ability to receive SMS messages at a particular
   phone number, or something else. Credential sources are not exposed to Javascript or explicitly
   represented in this specification. To unify the model, we consider a password to be a credential
@@ -1746,80 +1753,80 @@ <h2 class="heading settled" data-level="2" id="core"><span class="secno">2. </sp
   past, the UA has a better chance of <a href="#user-mediated-selection">offering</a> effective credential
   sources to the user in the future.</p>
     <h3 class="heading settled" data-level="2.1" id="core-infrastructure"><span class="secno">2.1. </span><span class="content">Infrastructure</span><a class="self-link" href="#core-infrastructure"></a></h3>
-    <p>User agents MUST internally provide a <dfn class="dfn-paneled" data-dfn-type="dfn" data-export="" data-lt="credential store" id="concept-credential-store">credential
+    <p>User agents MUST internally provide a <dfn class="dfn-paneled" data-dfn-type="dfn" data-export data-lt="credential store" id="concept-credential-store">credential
   store</dfn>, which is a vendor-specific, opaque storage mechanism to record which <a data-link-type="dfn" href="#concept-credential" id="ref-for-concept-credential⑥">credentials</a> have been <a data-link-type="dfn" href="#credential-effective" id="ref-for-credential-effective">effective</a>. It offers the following capabilities for <a data-link-type="dfn" href="#concept-credential" id="ref-for-concept-credential⑦">credential</a> access and
   persistence:</p>
     <ol>
-     <li data-md="">
-      <p><dfn data-dfn-for="credential store" data-dfn-type="abstract-op" data-export="" id="abstract-opdef-credential-store-store-a-credential">Store a credential<a class="self-link" href="#abstract-opdef-credential-store-store-a-credential"></a></dfn> for later retrieval.
+     <li data-md>
+      <p><dfn data-dfn-for="credential store" data-dfn-type="abstract-op" data-export id="abstract-opdef-credential-store-store-a-credential">Store a credential<a class="self-link" href="#abstract-opdef-credential-store-store-a-credential"></a></dfn> for later retrieval.
   This accepts a <a data-link-type="dfn" href="#concept-credential" id="ref-for-concept-credential⑧">credential</a>, and inserts it into the <a data-link-type="dfn" href="#concept-credential-store" id="ref-for-concept-credential-store">credential store</a>.</p>
-     <li data-md="">
-      <p><dfn class="dfn-paneled" data-dfn-for="credential store" data-dfn-type="abstract-op" data-export="" id="abstract-opdef-credential-store-retrieve-a-list-of-credentials">Retrieve a list of credentials</dfn>. This
+     <li data-md>
+      <p><dfn class="dfn-paneled" data-dfn-for="credential store" data-dfn-type="abstract-op" data-export id="abstract-opdef-credential-store-retrieve-a-list-of-credentials">Retrieve a list of credentials</dfn>. This
   accepts an arbitrary filter, and returns a set of <a data-link-type="dfn" href="#concept-credential" id="ref-for-concept-credential⑨">credentials</a> that match the filter.</p>
-     <li data-md="">
-      <p><dfn data-dfn-for="credential store" data-dfn-type="abstract-op" data-export="" id="abstract-opdef-credential-store-modify-a-credential">Modify a credential<a class="self-link" href="#abstract-opdef-credential-store-modify-a-credential"></a></dfn>. This accepts a <a data-link-type="dfn" href="#concept-credential" id="ref-for-concept-credential①⓪">credential</a>, and overwrites the state of an existing <a data-link-type="dfn" href="#concept-credential" id="ref-for-concept-credential①①">credential</a> in the <a data-link-type="dfn" href="#concept-credential-store" id="ref-for-concept-credential-store①">credential store</a>.</p>
+     <li data-md>
+      <p><dfn data-dfn-for="credential store" data-dfn-type="abstract-op" data-export id="abstract-opdef-credential-store-modify-a-credential">Modify a credential<a class="self-link" href="#abstract-opdef-credential-store-modify-a-credential"></a></dfn>. This accepts a <a data-link-type="dfn" href="#concept-credential" id="ref-for-concept-credential①⓪">credential</a>, and overwrites the state of an existing <a data-link-type="dfn" href="#concept-credential" id="ref-for-concept-credential①①">credential</a> in the <a data-link-type="dfn" href="#concept-credential-store" id="ref-for-concept-credential-store①">credential store</a>.</p>
     </ol>
-    <p>Additionally, the <a data-link-type="dfn" href="#concept-credential-store" id="ref-for-concept-credential-store②">credential store</a> should maintain a <dfn class="dfn-paneled" data-dfn-for="origin" data-dfn-type="dfn" data-noexport="" id="origin-prevent-silent-access-flag"><code>prevent silent access</code> flag</dfn> for <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/origin.html#concept-origin" id="ref-for-concept-origin①">origins</a> (which is set to <code>true</code> unless otherwise specified).
-  An origin <dfn class="dfn-paneled" data-dfn-for="origin" data-dfn-type="dfn" data-noexport="" id="origin-requires-user-mediation">requires user mediation</dfn> if its flag is set to <code>true</code>.</p>
+    <p>Additionally, the <a data-link-type="dfn" href="#concept-credential-store" id="ref-for-concept-credential-store②">credential store</a> should maintain a <dfn class="dfn-paneled" data-dfn-for="origin" data-dfn-type="dfn" data-noexport id="origin-prevent-silent-access-flag"><code>prevent silent access</code> flag</dfn> for <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/origin.html#concept-origin" id="ref-for-concept-origin①">origins</a> (which is set to <code>true</code> unless otherwise specified).
+  An origin <dfn class="dfn-paneled" data-dfn-for="origin" data-dfn-type="dfn" data-noexport id="origin-requires-user-mediation">requires user mediation</dfn> if its flag is set to <code>true</code>.</p>
     <p class="note" role="note"><span>Note:</span> The importance of user mediation is discussed in more detail in <a href="#user-mediation">§5 User Mediation</a>.</p>
     <p class="note" role="note"><span>Note:</span> The <a data-link-type="dfn" href="#concept-credential-store" id="ref-for-concept-credential-store③">credential store</a> is an internal implementation detail of a user agent’s
   implementation of the API specified in this document, and is not exposed to the web directly.
   More capabilities may be specified by other documents in support of specific <a data-link-type="dfn" href="#concept-credential" id="ref-for-concept-credential①②">credential</a> types.</p>
     <p>This document depends on the Infra Standard for a number of foundational concepts used in its
   algorithms and prose <a data-link-type="biblio" href="#biblio-infra">[INFRA]</a>.</p>
-    <p>An <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#environment-settings-object" id="ref-for-environment-settings-object">environment settings object</a> (<var>settings</var>) is <dfn class="dfn-paneled" data-dfn-type="dfn" data-lt="same-origin with its ancestors" data-noexport="" id="same-origin-with-its-ancestors">same-origin with its
+    <p>An <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#environment-settings-object" id="ref-for-environment-settings-object">environment settings object</a> (<var>settings</var>) is <dfn class="dfn-paneled" data-dfn-type="dfn" data-lt="same-origin with its ancestors" data-noexport id="same-origin-with-its-ancestors">same-origin with its
   ancestors</dfn> if the following algorithm returns <code>true</code>:</p>
     <ol>
-     <li data-md="">
+     <li data-md>
       <p>If <var>settings</var> has no <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#responsible-browsing-context" id="ref-for-responsible-browsing-context">responsible browsing context</a>,
   return <code>false</code>.</p>
-     <li data-md="">
+     <li data-md>
       <p>Let <var>origin</var> be <var>settings</var>’ <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#concept-settings-object-origin" id="ref-for-concept-settings-object-origin">origin</a>.</p>
-     <li data-md="">
+     <li data-md>
       <p>Let <var>current</var> be <var>settings</var>’ <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#responsible-browsing-context" id="ref-for-responsible-browsing-context①">responsible browsing context</a>.</p>
-     <li data-md="">
+     <li data-md>
       <p>While <var>current</var> has a <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/browsers.html#parent-browsing-context" id="ref-for-parent-browsing-context">parent browsing context</a>:</p>
       <ol>
-       <li data-md="">
+       <li data-md>
         <p>Set <var>current</var> to <var>current</var>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/browsers.html#parent-browsing-context" id="ref-for-parent-browsing-context①">parent browsing context</a>.</p>
-       <li data-md="">
+       <li data-md>
         <p>If <var>current</var>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/browsers.html#active-document" id="ref-for-active-document">active document</a>'s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/origin.html#concept-origin" id="ref-for-concept-origin②">origin</a> is not <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/origin.html#same-origin" id="ref-for-same-origin">same origin</a> with <var>origin</var>,
   return <code>false</code>.</p>
       </ol>
-     <li data-md="">
+     <li data-md>
       <p>Return <code>true</code>.</p>
     </ol>
     <h3 class="heading settled" data-level="2.2" id="the-credential-interface"><span class="secno">2.2. </span><span class="content">The <code>Credential</code> Interface</span><a class="self-link" href="#the-credential-interface"></a></h3>
-<pre class="idl highlight def">[<a class="nv idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#Exposed" id="ref-for-Exposed">Exposed</a>=<span class="n">Window</span>, <a class="nv idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#SecureContext" id="ref-for-SecureContext">SecureContext</a>]
-<span class="kt">interface</span> <dfn class="nv dfn-paneled idl-code" data-dfn-type="interface" data-export="" id="credential"><code>Credential</code></dfn> {
-  <span class="kt">readonly</span> <span class="kt">attribute</span> <a class="n idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-USVString" id="ref-for-idl-USVString"><span class="kt">USVString</span></a> <a class="nv idl-code" data-link-type="attribute" data-readonly="" data-type="USVString" href="#dom-credential-id" id="ref-for-dom-credential-id">id</a>;
-  <span class="kt">readonly</span> <span class="kt">attribute</span> <a class="n idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-DOMString" id="ref-for-idl-DOMString"><span class="kt">DOMString</span></a> <a class="nv idl-code" data-link-type="attribute" data-readonly="" data-type="DOMString" href="#dom-credential-type" id="ref-for-dom-credential-type">type</a>;
+<pre class="idl highlight def">[<a class="idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#Exposed" id="ref-for-Exposed"><c- g>Exposed</c-></a>=<c- n>Window</c->, <a class="idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#SecureContext" id="ref-for-SecureContext"><c- g>SecureContext</c-></a>]
+<c- b>interface</c-> <dfn class="dfn-paneled idl-code" data-dfn-type="interface" data-export id="credential"><code><c- g>Credential</c-></code></dfn> {
+  <c- b>readonly</c-> <c- b>attribute</c-> <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-USVString" id="ref-for-idl-USVString"><c- b>USVString</c-></a> <a class="idl-code" data-link-type="attribute" data-readonly data-type="USVString" href="#dom-credential-id" id="ref-for-dom-credential-id"><c- g>id</c-></a>;
+  <c- b>readonly</c-> <c- b>attribute</c-> <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-DOMString" id="ref-for-idl-DOMString"><c- b>DOMString</c-></a> <a class="idl-code" data-link-type="attribute" data-readonly data-type="DOMString" href="#dom-credential-type" id="ref-for-dom-credential-type"><c- g>type</c-></a>;
 };
 </pre>
     <div>
      <dl>
-      <dt data-md=""><dfn class="dfn-paneled idl-code" data-dfn-for="Credential" data-dfn-type="attribute" data-export="" id="dom-credential-id"><code>id</code></dfn>, <span> of type <a data-link-type="idl-name" href="https://heycam.github.io/webidl/#idl-USVString" id="ref-for-idl-USVString①">USVString</a>, readonly</span>
-      <dd data-md="">
+      <dt data-md><dfn class="dfn-paneled idl-code" data-dfn-for="Credential" data-dfn-type="attribute" data-export id="dom-credential-id"><code>id</code></dfn>, <span> of type <a data-link-type="idl-name" href="https://heycam.github.io/webidl/#idl-USVString" id="ref-for-idl-USVString①">USVString</a>, readonly</span>
+      <dd data-md>
        <p>The credential’s identifier. The requirements for the identifier are distinct for each type
   of <a data-link-type="dfn" href="#concept-credential" id="ref-for-concept-credential①③">credential</a>. It might represent a username for username/password tuples, for example.</p>
-      <dt data-md=""><dfn class="dfn-paneled idl-code" data-dfn-for="Credential" data-dfn-type="attribute" data-export="" id="dom-credential-type"><code>type</code></dfn>, <span> of type <a data-link-type="idl-name" href="https://heycam.github.io/webidl/#idl-DOMString" id="ref-for-idl-DOMString①">DOMString</a>, readonly</span>
-      <dd data-md="">
-       <p>This attribute’s getter returns the value of the object’s <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-interface-object" id="ref-for-dfn-interface-object">interface object</a>'s <code class="idl"><a data-link-type="idl" href="#dom-credential-type-slot" id="ref-for-dom-credential-type-slot">[[type]]</a></code> slot, which specifies the kind of credential represented by this object.</p>
-      <dt data-md=""><dfn class="dfn-paneled idl-code" data-dfn-for="Credential" data-dfn-type="attribute" data-export="" id="dom-credential-type-slot"><code>[[type]]</code></dfn>
-      <dd data-md="">
+      <dt data-md><dfn class="dfn-paneled idl-code" data-dfn-for="Credential" data-dfn-type="attribute" data-export id="dom-credential-type"><code>type</code></dfn>, <span> of type <a data-link-type="idl-name" href="https://heycam.github.io/webidl/#idl-DOMString" id="ref-for-idl-DOMString①">DOMString</a>, readonly</span>
+      <dd data-md>
+       <p>This attribute’s getter returns the value of the object’s <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-interface-object" id="ref-for-dfn-interface-object">interface object</a>'s <code class="idl"><a data-link-type="idl" href="#dom-credential-type-slot" id="ref-for-dom-credential-type-slot">[[type]]</a></code> slot, which specifies the <a data-link-type="dfn" href="#credential-credential-type" id="ref-for-credential-credential-type">credential type</a> represented by this object.</p>
+      <dt data-md><dfn class="dfn-paneled idl-code" data-dfn-for="Credential" data-dfn-type="attribute" data-export id="dom-credential-type-slot"><code>[[type]]</code></dfn>
+      <dd data-md>
        <p>The <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential②">Credential</a></code> <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-interface-object" id="ref-for-dfn-interface-object①">interface object</a> has an internal slot named <code>[[type]]</code>, which
-  unsurprisingly contains a string representing the type of the credential. The slot’s value
+  unsurprisingly contains a string representing the <dfn class="dfn-paneled" data-dfn-for="Credential" data-dfn-type="dfn" data-noexport id="credential-credential-type">credential type</dfn>. The slot’s value
   is the empty string unless otherwise specified.</p>
        <p class="note" role="note"><span>Note:</span> The <code class="idl"><a data-link-type="idl" href="#dom-credential-type-slot" id="ref-for-dom-credential-type-slot①">[[type]]</a></code> slot’s value will be the same for all credentials implementing a
   particular interface, which means that developers can rely on <code>obj.type</code> returning a string
   that unambigiously represents the specific kind of <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential③">Credential</a></code> they’re dealing with.</p>
-      <dt data-md=""><dfn class="dfn-paneled idl-code" data-dfn-for="Credential" data-dfn-type="attribute" data-export="" id="dom-credential-discovery-slot"><code>[[discovery]]</code></dfn>
-      <dd data-md="">
+      <dt data-md><dfn class="dfn-paneled idl-code" data-dfn-for="Credential" data-dfn-type="attribute" data-export id="dom-credential-discovery-slot"><code>[[discovery]]</code></dfn>
+      <dd data-md>
        <p>The <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential④">Credential</a></code> <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-interface-object" id="ref-for-dfn-interface-object②">interface object</a> has an internal slot named <code>[[discovery]]</code>,
   representing the mechanism by which the user agent can collect credentials of
   a given type. Its value is either
-  "<dfn class="dfn-paneled idl-code" data-dfn-for="Credential/[[discovery]]" data-dfn-type="enum-value" data-export="" id="dom-credential-discovery-credential-store"><code>credential store</code></dfn>" or
-  "<dfn class="idl-code" data-dfn-for="Credential/[[discovery]]" data-dfn-type="enum-value" data-export="" id="dom-credential-discovery-remote"><code>remote</code><a class="self-link" href="#dom-credential-discovery-remote"></a></dfn>". The former value means that
+  "<dfn class="dfn-paneled idl-code" data-dfn-for="Credential/[[discovery]]" data-dfn-type="enum-value" data-export id="dom-credential-discovery-credential-store"><code>credential store</code></dfn>" or
+  "<dfn class="idl-code" data-dfn-for="Credential/[[discovery]]" data-dfn-type="enum-value" data-export id="dom-credential-discovery-remote"><code>remote</code><a class="self-link" href="#dom-credential-discovery-remote"></a></dfn>". The former value means that
   all available credential information is stored in the user agent’s <a data-link-type="dfn" href="#concept-credential-store" id="ref-for-concept-credential-store④">credential store</a>,
   while the latter means that the user agent can discover credentials outside of those
   explicitly represented in the <a data-link-type="dfn" href="#concept-credential-store" id="ref-for-concept-credential-store⑤">credential store</a> via interaction with some external device
@@ -1828,97 +1835,111 @@ <h3 class="heading settled" data-level="2.2" id="the-credential-interface"><span
     </div>
     <p class="issue" id="issue-47fed4d0"><a class="self-link" href="#issue-47fed4d0"></a> Talk to Tobie/Dominic about the <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-interface-object" id="ref-for-dfn-interface-object③">interface object</a> bits, here and in <a href="#algorithm-request">§2.5.1 Request a Credential</a>, etc. I’m not sure I’ve gotten the terminology right. <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-interface-prototype-object" id="ref-for-dfn-interface-prototype-object">interface prototype
   object</a>, maybe?</p>
-    <p>Some <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential⑤">Credential</a></code> objects are <dfn class="dfn-paneled" data-dfn-for="Credential" data-dfn-type="dfn" data-noexport="" id="credential-origin-bound">origin bound</dfn>: these contain an
-  internal slot named <dfn class="dfn-paneled idl-code" data-dfn-for="Credential" data-dfn-type="attribute" data-export="" id="dom-credential-origin-slot"><code>[[origin]]</code></dfn>, which stores the <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/origin.html#concept-origin" id="ref-for-concept-origin③">origin</a> for which the <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential⑥">Credential</a></code> may be <a data-link-type="dfn" href="#credential-effective" id="ref-for-credential-effective①">effective</a>.</p>
+    <p>Some <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential⑤">Credential</a></code> objects are <dfn class="dfn-paneled" data-dfn-for="Credential" data-dfn-type="dfn" data-noexport id="credential-origin-bound">origin bound</dfn>: these contain an
+  internal slot named <dfn class="dfn-paneled idl-code" data-dfn-for="Credential" data-dfn-type="attribute" data-export id="dom-credential-origin-slot"><code>[[origin]]</code></dfn>, which stores the <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/origin.html#concept-origin" id="ref-for-concept-origin③">origin</a> for which the <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential⑥">Credential</a></code> may be <a data-link-type="dfn" href="#credential-effective" id="ref-for-credential-effective①">effective</a>.</p>
     <h4 class="heading settled" data-level="2.2.1" id="credential-internal-methods"><span class="secno">2.2.1. </span><span class="content"><code>Credential</code> Internal Methods</span><a class="self-link" href="#credential-internal-methods"></a></h4>
-    <p>Each <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-interface-object" id="ref-for-dfn-interface-object④">interface object</a> created for interfaces which <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-inherit" id="ref-for-dfn-inherit①">inherit</a> from <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential⑦">Credential</a></code> defines several internal methods that allow retrieval and storage of <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential⑧">Credential</a></code> objects:</p>
-    <section class="algorithm" data-algorithm="&apos;collect credentials&apos; internal method">
-      <dfn class="dfn-paneled idl-code" data-dfn-for="Credential" data-dfn-type="method" data-export="" id="dom-credential-collectfromcredentialstore-slot"><code>[[CollectFromCredentialStore]](options, sameOriginWithAncestors)</code></dfn> is called with a <code class="idl"><a data-link-type="idl" href="#dictdef-credentialrequestoptions" id="ref-for-dictdef-credentialrequestoptions">CredentialRequestOptions</a></code> and a boolean which is true iff the caller’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#environment-settings-object" id="ref-for-environment-settings-object①">environment settings object</a> is <a data-link-type="dfn" href="#same-origin-with-its-ancestors" id="ref-for-same-origin-with-its-ancestors">same-origin with its ancestors</a>. The algorithm returns a
-    set of <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential⑨">Credential</a></code> objects from the user agent’s <a data-link-type="dfn" href="#concept-credential-store" id="ref-for-concept-credential-store⑥">credential store</a> that match the options
-    provided. If no matching <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential①⓪">Credential</a></code> objects are available, the returned set will be empty. 
-     <ol class="algorithm">
-      <li data-md="">
-       <p>Return an empty set.</p>
-     </ol>
-    </section>
-    <section class="algorithm" data-algorithm="&apos;discover credentials&apos; internal method">
-      <dfn class="dfn-paneled idl-code" data-dfn-for="Credential" data-dfn-type="method" data-export="" id="dom-credential-discoverfromexternalsource-slot"><code>[[DiscoverFromExternalSource]](options, sameOriginWithAncestors)</code></dfn> is called with a <code class="idl"><a data-link-type="idl" href="#dictdef-credentialrequestoptions" id="ref-for-dictdef-credentialrequestoptions①">CredentialRequestOptions</a></code> object, and a boolean which is true iff the
-    caller’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#environment-settings-object" id="ref-for-environment-settings-object②">environment settings object</a> is <a data-link-type="dfn" href="#same-origin-with-its-ancestors" id="ref-for-same-origin-with-its-ancestors①">same-origin with its ancestors</a>. It returns a <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential①①">Credential</a></code> if one can be returned given the options provided, <code>null</code> if no credential is
-    available, or an error if discovery fails (for example, incorrect options could produce a <code class="idl"><a data-link-type="idl" href="https://heycam.github.io/webidl/#exceptiondef-typeerror" id="ref-for-exceptiondef-typeerror">TypeError</a></code>). If this kind of <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential①②">Credential</a></code> is only <a data-link-type="dfn" href="#credential-effective" id="ref-for-credential-effective②">effective</a> for a single use or a
-    limited time, this method is responsible for generating new <a data-link-type="dfn" href="#concept-credential" id="ref-for-concept-credential①④">credentials</a> using a <a data-link-type="dfn" href="#credential-source" id="ref-for-credential-source">credential source</a>. 
-     <ol class="algorithm">
-      <li data-md="">
-       <p>Return <code>null</code>.</p>
-     </ol>
-    </section>
-    <section class="algorithm" data-algorithm="&apos;store a credential&apos; internal method">
-      <dfn class="dfn-paneled idl-code" data-dfn-for="Credential" data-dfn-type="method" data-export="" id="dom-credential-store-slot"><code>[[Store]](credential, sameOriginWithAncestors)</code></dfn> is
-    called with a <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential①③">Credential</a></code>, and a boolean which is true iff the caller’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#environment-settings-object" id="ref-for-environment-settings-object③">environment
-    settings object</a> is <a data-link-type="dfn" href="#same-origin-with-its-ancestors" id="ref-for-same-origin-with-its-ancestors②">same-origin with its ancestors</a>. The algorithm returns once <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential①④">Credential</a></code> is persisted to the <a data-link-type="dfn" href="#concept-credential-store" id="ref-for-concept-credential-store⑦">credential store</a>: 
-     <ol class="algorithm">
-      <li data-md="">
-       <p>Return <code>undefined</code>.</p>
-     </ol>
-    </section>
-    <section class="algorithm" data-algorithm="&apos;create a credential&apos; internal method">
-      <dfn class="dfn-paneled idl-code" data-dfn-for="Credential" data-dfn-type="method" data-export="" id="dom-credential-create-slot"><code>[[Create]](options, sameOriginWithAncestors)</code></dfn> is
-    called with a <code class="idl"><a data-link-type="idl" href="#dictdef-credentialcreationoptions" id="ref-for-dictdef-credentialcreationoptions">CredentialCreationOptions</a></code>, and a boolean which is true iff the caller’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#environment-settings-object" id="ref-for-environment-settings-object④">environment settings object</a> is <a data-link-type="dfn" href="#same-origin-with-its-ancestors" id="ref-for-same-origin-with-its-ancestors③">same-origin with its ancestors</a>. The algorithm returns
-    either a <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential①⑤">Credential</a></code>, if one can be created, <code>null</code> if no credential was created, or an
-    error if creation fails due to exceptional situations (for example, incorrect options could
-    produce a <code class="idl"><a data-link-type="idl" href="https://heycam.github.io/webidl/#exceptiondef-typeerror" id="ref-for-exceptiondef-typeerror①">TypeError</a></code>): 
-     <ol class="algorithm">
-      <li data-md="">
-       <p>Return <code>null</code>.</p>
-     </ol>
-    </section>
-    <p>Unless otherwise specified, the <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-interface-object" id="ref-for-dfn-interface-object⑤">interface objects</a> for <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-interface" id="ref-for-dfn-interface">interfaces</a> which <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-inherit" id="ref-for-dfn-inherit②">inherit</a> from <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential①⑥">Credential</a></code> will alias <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential①⑦">Credential</a></code>'s implementation of these three internal methods. Since that
-  implementation isn’t particularly useful, derived interfaces MUST override one or the other.</p>
+    <p>The <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential⑦">Credential</a></code> <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-interface-object" id="ref-for-dfn-interface-object④">interface object</a> features several <a data-link-type="dfn" href="https://tc39.github.io/ecma262/#sec-ordinary-object-internal-methods-and-internal-slots" id="ref-for-sec-ordinary-object-internal-methods-and-internal-slots">internal methods</a> facilitating
+  retrieval and storage of <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential⑧">Credential</a></code> objects, with default "no-op" implementations
+  as specified in this section, below.</p>
+    <p>Unless otherwise specified, each <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-interface-object" id="ref-for-dfn-interface-object⑤">interface object</a> created for interfaces which <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-inherit" id="ref-for-dfn-inherit①">inherit</a> from <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential⑨">Credential</a></code> MUST provide implementations for at least one of these internal methods, overriding <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential①⓪">Credential</a></code>'s default implementations, as appropriate for the <a data-link-type="dfn" href="#concept-credential" id="ref-for-concept-credential①④">credential</a> type. E.g., <a href="#passwordcredential-interface">§3.2 The PasswordCredential Interface</a>, <a href="#federatedcredential-interface">§4.1 The FederatedCredential Interface</a>, and <a data-link-type="biblio" href="#biblio-webauthn">[WEBAUTHN]</a>.</p>
+    <h5 class="heading settled algorithm" data-algorithm="[[CollectFromCredentialStore]] internal method" data-level="2.2.1.1" id="algorithm-collect-creds"><span class="secno">2.2.1.1. </span><span class="content"><code>[[CollectFromCredentialStore]]</code> internal method</span><a class="self-link" href="#algorithm-collect-creds"></a></h5>
+     <dfn class="dfn-paneled idl-code" data-dfn-for="Credential" data-dfn-type="method" data-export id="dom-credential-collectfromcredentialstore-slot"><code>[[CollectFromCredentialStore]](origin, options, sameOriginWithAncestors)</code></dfn> is called with an <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#concept-settings-object-origin" id="ref-for-concept-settings-object-origin①">origin</a>, a <code class="idl"><a data-link-type="idl" href="#dictdef-credentialrequestoptions" id="ref-for-dictdef-credentialrequestoptions">CredentialRequestOptions</a></code>, and a boolean which
+    is true iff the caller’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#environment-settings-object" id="ref-for-environment-settings-object①">environment settings object</a> is <a data-link-type="dfn" href="#same-origin-with-its-ancestors" id="ref-for-same-origin-with-its-ancestors">same-origin with its ancestors</a>.
+    The algorithm returns a set of <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential①①">Credential</a></code> objects from the user agent’s <a data-link-type="dfn" href="#concept-credential-store" id="ref-for-concept-credential-store⑥">credential store</a> that
+    match the options provided. If no matching <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential①②">Credential</a></code> objects are available, the
+    returned set will be empty. 
+    <p><code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential①③">Credential</a></code>'s default implementation of <code class="idl"><a data-link-type="idl" href="#dom-credential-collectfromcredentialstore-slot" id="ref-for-dom-credential-collectfromcredentialstore-slot">[[CollectFromCredentialStore]](origin, options, sameOriginWithAncestors)</a></code>:</p>
+    <ol class="algorithm">
+     <li data-md>
+      <p>Return an empty set.</p>
+    </ol>
+    <h5 class="heading settled algorithm" data-algorithm="[[DiscoverFromExternalSource]] internal method" data-level="2.2.1.2" id="algorithm-discover-creds"><span class="secno">2.2.1.2. </span><span class="content"><code>[[DiscoverFromExternalSource]]</code> internal method</span><a class="self-link" href="#algorithm-discover-creds"></a></h5>
+     <dfn class="dfn-paneled idl-code" data-dfn-for="Credential" data-dfn-type="method" data-export id="dom-credential-discoverfromexternalsource-slot"><code>[[DiscoverFromExternalSource]](origin, options, sameOriginWithAncestors)</code></dfn> is called <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/infrastructure.html#in-parallel" id="ref-for-in-parallel">in parallel</a> with an <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#concept-settings-object-origin" id="ref-for-concept-settings-object-origin②">origin</a>, a <code class="idl"><a data-link-type="idl" href="#dictdef-credentialrequestoptions" id="ref-for-dictdef-credentialrequestoptions①">CredentialRequestOptions</a></code> object,
+    and a boolean which is true iff the caller’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#environment-settings-object" id="ref-for-environment-settings-object②">environment settings object</a> is <a data-link-type="dfn" href="#same-origin-with-its-ancestors" id="ref-for-same-origin-with-its-ancestors①">same-origin with its ancestors</a>.
+    It returns a <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential①④">Credential</a></code> if one can be
+    returned given the options provided, <code>null</code> if no credential is available, or an error if
+    discovery fails (for example, incorrect options could produce a <code class="idl"><a data-link-type="idl" href="https://heycam.github.io/webidl/#exceptiondef-typeerror" id="ref-for-exceptiondef-typeerror">TypeError</a></code>). If this
+    kind of <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential①⑤">Credential</a></code> is only <a data-link-type="dfn" href="#credential-effective" id="ref-for-credential-effective②">effective</a> for a single use or a limited time, this
+    method is responsible for generating new <a data-link-type="dfn" href="#concept-credential" id="ref-for-concept-credential①⑤">credentials</a> using a <a data-link-type="dfn" href="#credential-source" id="ref-for-credential-source">credential source</a>. 
+    <p><code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential①⑥">Credential</a></code>'s default implementation of <code class="idl"><a data-link-type="idl" href="#dom-credential-discoverfromexternalsource-slot" id="ref-for-dom-credential-discoverfromexternalsource-slot">[[DiscoverFromExternalSource]](origin, options, sameOriginWithAncestors)</a></code>:</p>
+    <ol class="algorithm">
+     <li data-md>
+      <p>Return <code>null</code>.</p>
+    </ol>
+    <h5 class="heading settled algorithm" data-algorithm="[[Store]] internal method" data-level="2.2.1.3" id="algorithm-store-cred"><span class="secno">2.2.1.3. </span><span class="content"><code>[[Store]]</code> internal method</span><a class="self-link" href="#algorithm-store-cred"></a></h5>
+     <dfn class="dfn-paneled idl-code" data-dfn-for="Credential" data-dfn-type="method" data-export id="dom-credential-store-slot"><code>[[Store]](credential, sameOriginWithAncestors)</code></dfn> is called <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/infrastructure.html#in-parallel" id="ref-for-in-parallel①">in parallel</a> with a <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential①⑦">Credential</a></code>, and a boolean which is true iff the caller’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#environment-settings-object" id="ref-for-environment-settings-object③">environment settings object</a> is <a data-link-type="dfn" href="#same-origin-with-its-ancestors" id="ref-for-same-origin-with-its-ancestors②">same-origin with its ancestors</a>.
+    The algorithm returns once <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential①⑧">Credential</a></code> is persisted to the <a data-link-type="dfn" href="#concept-credential-store" id="ref-for-concept-credential-store⑦">credential store</a>. 
+    <p><code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential①⑨">Credential</a></code>'s default implementation of <code class="idl"><a data-link-type="idl" href="#dom-credential-store-slot" id="ref-for-dom-credential-store-slot">[[Store]](credential, sameOriginWithAncestors)</a></code>:</p>
+    <ol class="algorithm">
+     <li data-md>
+      <p>Return <code>undefined</code>.</p>
+    </ol>
+    <h5 class="heading settled algorithm" data-algorithm="[[Create]] internal method" data-level="2.2.1.4" id="algorithm-create-cred"><span class="secno">2.2.1.4. </span><span class="content"><code>[[Create]]</code> internal method</span><a class="self-link" href="#algorithm-create-cred"></a></h5>
+     <dfn class="dfn-paneled idl-code" data-dfn-for="Credential" data-dfn-type="method" data-export id="dom-credential-create-slot"><code>[[Create]](origin, options, sameOriginWithAncestors)</code></dfn> is called <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/infrastructure.html#in-parallel" id="ref-for-in-parallel②">in parallel</a> with an <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#concept-settings-object-origin" id="ref-for-concept-settings-object-origin③">origin</a>, a <code class="idl"><a data-link-type="idl" href="#dictdef-credentialcreationoptions" id="ref-for-dictdef-credentialcreationoptions">CredentialCreationOptions</a></code>,
+    and a boolean which is true iff the caller’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#environment-settings-object" id="ref-for-environment-settings-object④">environment settings object</a> is <a data-link-type="dfn" href="#same-origin-with-its-ancestors" id="ref-for-same-origin-with-its-ancestors③">same-origin with its ancestors</a>.
+    The algorithm either: 
+    <ul>
+     <li data-md>
+      <p>creates a <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential②⓪">Credential</a></code>, or</p>
+     <li data-md>
+      <p>does not create a credential and returns <code>null</code>, or</p>
+     <li data-md>
+      <p>returns an error if creation fails due to exceptional situations
+  (for example, incorrect options could produce a <code class="idl"><a data-link-type="idl" href="https://heycam.github.io/webidl/#exceptiondef-typeerror" id="ref-for-exceptiondef-typeerror①">TypeError</a></code>).</p>
+    </ul>
+    <p>When creating a <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential②①">Credential</a></code>, it will return an algorithm that takes a <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#concept-settings-object-global" id="ref-for-concept-settings-object-global">global object</a> and returns an <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-interface-object" id="ref-for-dfn-interface-object⑥">interface object</a> inheriting from <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential②②">Credential</a></code>. This algorithm MUST be invoked from a <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#concept-task" id="ref-for-concept-task">task</a>.</p>
+    <p class="note" role="note"><span>Note:</span> This algorithm’s steps are defined on a per-<a data-link-type="dfn" href="#credential-credential-type" id="ref-for-credential-credential-type①">credential type</a> basis.</p>
+    <p><code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential②③">Credential</a></code>'s default implementation of <code class="idl"><a data-link-type="idl" href="#dom-credential-create-slot" id="ref-for-dom-credential-create-slot">[[Create]](origin, options, sameOriginWithAncestors)</a></code>:</p>
+    <ol class="algorithm">
+     <li data-md>
+      <p>Return <code>null</code>.</p>
+    </ol>
     <h4 class="heading settled" data-level="2.2.2" id="credentialuserdata-mixin"><span class="secno">2.2.2. </span><span class="content"><code>CredentialUserData</code> Mixin</span><a class="self-link" href="#credentialuserdata-mixin"></a></h4>
-    <p>Some <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential①⑧">Credential</a></code> objects contain data which aims to give users a human-readable disambiguation
+    <p>Some <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential②④">Credential</a></code> objects contain data which aims to give users a human-readable disambiguation
   mechanism in the <a data-link-type="dfn" href="#credential-chooser" id="ref-for-credential-chooser">credential chooser</a> by providing a friendly name and icon:</p>
-<pre class="idl highlight def">[<a class="nv idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#SecureContext" id="ref-for-SecureContext①">SecureContext</a>]
-<span class="kt">interface</span> <span class="kt">mixin</span> <dfn class="nv dfn-paneled idl-code" data-dfn-type="interface" data-export="" id="credentialuserdata"><code>CredentialUserData</code></dfn> {
-  <span class="kt">readonly</span> <span class="kt">attribute</span> <a class="n idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-USVString" id="ref-for-idl-USVString②"><span class="kt">USVString</span></a> <a class="nv idl-code" data-link-type="attribute" data-readonly="" data-type="USVString" href="#dom-credentialuserdata-name" id="ref-for-dom-credentialuserdata-name">name</a>;
-  <span class="kt">readonly</span> <span class="kt">attribute</span> <a class="n idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-USVString" id="ref-for-idl-USVString③"><span class="kt">USVString</span></a> <a class="nv idl-code" data-link-type="attribute" data-readonly="" data-type="USVString" href="#dom-credentialuserdata-iconurl" id="ref-for-dom-credentialuserdata-iconurl">iconURL</a>;
+<pre class="idl highlight def">[<a class="idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#SecureContext" id="ref-for-SecureContext①"><c- g>SecureContext</c-></a>]
+<c- b>interface</c-> <c- b>mixin</c-> <dfn class="dfn-paneled idl-code" data-dfn-type="interface" data-export id="credentialuserdata"><code><c- g>CredentialUserData</c-></code></dfn> {
+  <c- b>readonly</c-> <c- b>attribute</c-> <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-USVString" id="ref-for-idl-USVString②"><c- b>USVString</c-></a> <a class="idl-code" data-link-type="attribute" data-readonly data-type="USVString" href="#dom-credentialuserdata-name" id="ref-for-dom-credentialuserdata-name"><c- g>name</c-></a>;
+  <c- b>readonly</c-> <c- b>attribute</c-> <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-USVString" id="ref-for-idl-USVString③"><c- b>USVString</c-></a> <a class="idl-code" data-link-type="attribute" data-readonly data-type="USVString" href="#dom-credentialuserdata-iconurl" id="ref-for-dom-credentialuserdata-iconurl"><c- g>iconURL</c-></a>;
 };
 </pre>
     <div>
      <dl>
-      <dt data-md=""><dfn class="dfn-paneled idl-code" data-dfn-for="CredentialUserData" data-dfn-type="attribute" data-export="" id="dom-credentialuserdata-name"><code>name</code></dfn>, <span> of type <a data-link-type="idl-name" href="https://heycam.github.io/webidl/#idl-USVString" id="ref-for-idl-USVString④">USVString</a>, readonly</span>
-      <dd data-md="">
+      <dt data-md><dfn class="dfn-paneled idl-code" data-dfn-for="CredentialUserData" data-dfn-type="attribute" data-export id="dom-credentialuserdata-name"><code>name</code></dfn>, <span> of type <a data-link-type="idl-name" href="https://heycam.github.io/webidl/#idl-USVString" id="ref-for-idl-USVString④">USVString</a>, readonly</span>
+      <dd data-md>
        <p>A name associated with the credential, intended as a human-understandable public name for
   display in a <a data-link-type="dfn" href="#credential-chooser" id="ref-for-credential-chooser①">credential chooser</a>.</p>
-      <dt data-md=""><dfn class="dfn-paneled idl-code" data-dfn-for="CredentialUserData" data-dfn-type="attribute" data-export="" id="dom-credentialuserdata-iconurl"><code>iconURL</code></dfn>, <span> of type <a data-link-type="idl-name" href="https://heycam.github.io/webidl/#idl-USVString" id="ref-for-idl-USVString⑤">USVString</a>, readonly</span>
-      <dd data-md="">
+      <dt data-md><dfn class="dfn-paneled idl-code" data-dfn-for="CredentialUserData" data-dfn-type="attribute" data-export id="dom-credentialuserdata-iconurl"><code>iconURL</code></dfn>, <span> of type <a data-link-type="idl-name" href="https://heycam.github.io/webidl/#idl-USVString" id="ref-for-idl-USVString⑤">USVString</a>, readonly</span>
+      <dd data-md>
        <p>A URL pointing to an image for the credential, intended for display in a <a data-link-type="dfn" href="#credential-chooser" id="ref-for-credential-chooser②">credential chooser</a>. This URL MUST be an <a data-link-type="dfn" href="https://w3c.github.io/webappsec-mixed-content/#a-priori-authenticated-url" id="ref-for-a-priori-authenticated-url"><i lang="la">a priori</i> authenticated
   URL</a>.</p>
      </dl>
     </div>
     <h3 class="heading settled" data-level="2.3" id="framework-credential-management"><span class="secno">2.3. </span><span class="content"><code>navigator.credentials</code></span><a class="self-link" href="#framework-credential-management"></a></h3>
-    <p>Developers retrieve <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential①⑨">Credential</a></code>s and interact with the user agent’s <a data-link-type="dfn" href="#concept-credential-store" id="ref-for-concept-credential-store⑧">credential store</a> via
+    <p>Developers retrieve <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential②⑤">Credential</a></code>s and interact with the user agent’s <a data-link-type="dfn" href="#concept-credential-store" id="ref-for-concept-credential-store⑧">credential store</a> via
   methods exposed on the <code class="idl"><a data-link-type="idl" href="#credentialscontainer" id="ref-for-credentialscontainer①">CredentialsContainer</a></code> interface, which hangs off the <code class="idl"><a data-link-type="idl" href="https://html.spec.whatwg.org/multipage/system-state.html#navigator" id="ref-for-navigator">Navigator</a></code> object as <a class="idl-code" data-link-type="attribute" href="#dom-navigator-credentials" id="ref-for-dom-navigator-credentials"><code>navigator.credentials</code></a>.</p>
-<pre class="idl highlight def"><span class="kt">partial</span> <span class="kt">interface</span> <a class="nv idl-code" data-link-type="interface" href="https://html.spec.whatwg.org/multipage/system-state.html#navigator" id="ref-for-navigator①">Navigator</a> {
-  [<a class="nv idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#SecureContext" id="ref-for-SecureContext②">SecureContext</a>, <a class="nv idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#SameObject" id="ref-for-SameObject">SameObject</a>] <span class="kt">readonly</span> <span class="kt">attribute</span> <a class="n" data-link-type="idl-name" href="#credentialscontainer" id="ref-for-credentialscontainer②">CredentialsContainer</a> <a class="nv idl-code" data-link-type="attribute" data-readonly="" data-type="CredentialsContainer" href="#dom-navigator-credentials" id="ref-for-dom-navigator-credentials①">credentials</a>;
+<pre class="idl highlight def"><c- b>partial</c-> <c- b>interface</c-> <a class="idl-code" data-link-type="interface" href="https://html.spec.whatwg.org/multipage/system-state.html#navigator" id="ref-for-navigator①"><c- g>Navigator</c-></a> {
+  [<a class="idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#SecureContext" id="ref-for-SecureContext②"><c- g>SecureContext</c-></a>, <a class="idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#SameObject" id="ref-for-SameObject"><c- g>SameObject</c-></a>] <c- b>readonly</c-> <c- b>attribute</c-> <a class="n" data-link-type="idl-name" href="#credentialscontainer" id="ref-for-credentialscontainer②"><c- n>CredentialsContainer</c-></a> <a class="idl-code" data-link-type="attribute" data-readonly data-type="CredentialsContainer" href="#dom-navigator-credentials" id="ref-for-dom-navigator-credentials①"><c- g>credentials</c-></a>;
 };
 </pre>
-    <p>The <dfn class="dfn-paneled idl-code" data-dfn-for="Navigator" data-dfn-type="attribute" data-export="" id="dom-navigator-credentials"><code>credentials</code></dfn> attribute MUST return the <code class="idl"><a data-link-type="idl" href="#credentialscontainer" id="ref-for-credentialscontainer③">CredentialsContainer</a></code> associated with the <a data-link-type="dfn" href="https://dom.spec.whatwg.org/#context-object" id="ref-for-context-object">context object</a>.</p>
+    <p>The <dfn class="dfn-paneled idl-code" data-dfn-for="Navigator" data-dfn-type="attribute" data-export id="dom-navigator-credentials"><code>credentials</code></dfn> attribute MUST return the <code class="idl"><a data-link-type="idl" href="#credentialscontainer" id="ref-for-credentialscontainer③">CredentialsContainer</a></code> associated with the <a data-link-type="dfn" href="https://dom.spec.whatwg.org/#context-object" id="ref-for-context-object">context object</a>.</p>
     <p class="note" role="note"><span>Note:</span> As discussed in <a href="#insecure-sites">§6.3 Insecure Sites</a>, the credential management API is exposed only in <a data-link-type="dfn" href="https://w3c.github.io/webappsec-secure-contexts/#secure-contexts" id="ref-for-secure-contexts">Secure Contexts</a>.</p>
-<pre class="idl highlight def">[<a class="nv idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#Exposed" id="ref-for-Exposed①">Exposed</a>=<span class="n">Window</span>, <a class="nv idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#SecureContext" id="ref-for-SecureContext③">SecureContext</a>]
-<span class="kt">interface</span> <dfn class="nv dfn-paneled idl-code" data-dfn-type="interface" data-export="" id="credentialscontainer"><code>CredentialsContainer</code></dfn> {
-  <span class="kt">Promise</span>&lt;<a class="n" data-link-type="idl-name" href="#credential" id="ref-for-credential②⓪">Credential</a>?> <a class="nv idl-code" data-link-type="method" href="#dom-credentialscontainer-get" id="ref-for-dom-credentialscontainer-get">get</a>(<span class="kt">optional</span> <a class="n" data-link-type="idl-name" href="#dictdef-credentialrequestoptions" id="ref-for-dictdef-credentialrequestoptions②">CredentialRequestOptions</a> <a class="nv idl-code" data-link-type="argument" href="#dom-credentialscontainer-get-options-options" id="ref-for-dom-credentialscontainer-get-options-options">options</a>);
-  <span class="kt">Promise</span>&lt;<a class="n" data-link-type="idl-name" href="#credential" id="ref-for-credential②①">Credential</a>> <a class="nv idl-code" data-link-type="method" href="#dom-credentialscontainer-store" id="ref-for-dom-credentialscontainer-store①">store</a>(<a class="n" data-link-type="idl-name" href="#credential" id="ref-for-credential②②">Credential</a> <a class="nv idl-code" data-link-type="argument" href="#dom-credentialscontainer-store-credential-credential" id="ref-for-dom-credentialscontainer-store-credential-credential">credential</a>);
-  <span class="kt">Promise</span>&lt;<a class="n" data-link-type="idl-name" href="#credential" id="ref-for-credential②③">Credential</a>?> <a class="nv idl-code" data-link-type="method" href="#dom-credentialscontainer-create" id="ref-for-dom-credentialscontainer-create">create</a>(<span class="kt">optional</span> <a class="n" data-link-type="idl-name" href="#dictdef-credentialcreationoptions" id="ref-for-dictdef-credentialcreationoptions①">CredentialCreationOptions</a> <a class="nv idl-code" data-link-type="argument" href="#dom-credentialscontainer-create-options-options" id="ref-for-dom-credentialscontainer-create-options-options">options</a>);
-  <span class="kt">Promise</span>&lt;<span class="kt">void</span>> <a class="nv idl-code" data-link-type="method" href="#dom-credentialscontainer-preventsilentaccess" id="ref-for-dom-credentialscontainer-preventsilentaccess">preventSilentAccess</a>();
+<pre class="idl highlight def">[<a class="idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#Exposed" id="ref-for-Exposed①"><c- g>Exposed</c-></a>=<c- n>Window</c->, <a class="idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#SecureContext" id="ref-for-SecureContext③"><c- g>SecureContext</c-></a>]
+<c- b>interface</c-> <dfn class="dfn-paneled idl-code" data-dfn-type="interface" data-export id="credentialscontainer"><code><c- g>CredentialsContainer</c-></code></dfn> {
+  <c- b>Promise</c->&lt;<a class="n" data-link-type="idl-name" href="#credential" id="ref-for-credential②⑥"><c- n>Credential</c-></a>?> <a class="idl-code" data-link-type="method" href="#dom-credentialscontainer-get" id="ref-for-dom-credentialscontainer-get"><c- g>get</c-></a>(<c- b>optional</c-> <a class="n" data-link-type="idl-name" href="#dictdef-credentialrequestoptions" id="ref-for-dictdef-credentialrequestoptions②"><c- n>CredentialRequestOptions</c-></a> <a class="idl-code" data-link-type="argument" href="#dom-credentialscontainer-get-options-options" id="ref-for-dom-credentialscontainer-get-options-options"><c- g>options</c-></a>);
+  <c- b>Promise</c->&lt;<a class="n" data-link-type="idl-name" href="#credential" id="ref-for-credential②⑦"><c- n>Credential</c-></a>> <a class="idl-code" data-link-type="method" href="#dom-credentialscontainer-store" id="ref-for-dom-credentialscontainer-store①"><c- g>store</c-></a>(<a class="n" data-link-type="idl-name" href="#credential" id="ref-for-credential②⑧"><c- n>Credential</c-></a> <a class="idl-code" data-link-type="argument" href="#dom-credentialscontainer-store-credential-credential" id="ref-for-dom-credentialscontainer-store-credential-credential"><c- g>credential</c-></a>);
+  <c- b>Promise</c->&lt;<a class="n" data-link-type="idl-name" href="#credential" id="ref-for-credential②⑨"><c- n>Credential</c-></a>?> <a class="idl-code" data-link-type="method" href="#dom-credentialscontainer-create" id="ref-for-dom-credentialscontainer-create"><c- g>create</c-></a>(<c- b>optional</c-> <a class="n" data-link-type="idl-name" href="#dictdef-credentialcreationoptions" id="ref-for-dictdef-credentialcreationoptions①"><c- n>CredentialCreationOptions</c-></a> <a class="idl-code" data-link-type="argument" href="#dom-credentialscontainer-create-options-options" id="ref-for-dom-credentialscontainer-create-options-options"><c- g>options</c-></a>);
+  <c- b>Promise</c->&lt;<c- b>void</c->> <a class="idl-code" data-link-type="method" href="#dom-credentialscontainer-preventsilentaccess" id="ref-for-dom-credentialscontainer-preventsilentaccess"><c- g>preventSilentAccess</c-></a>();
 };
 
-<span class="kt">dictionary</span> <dfn class="nv dfn-paneled idl-code" data-dfn-type="dictionary" data-export="" id="dictdef-credentialdata"><code>CredentialData</code></dfn> {
-  <span class="kt">required</span> <a class="n idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-USVString" id="ref-for-idl-USVString⑥"><span class="kt">USVString</span></a> <dfn class="nv dfn-paneled idl-code" data-dfn-for="CredentialData" data-dfn-type="dict-member" data-export="" data-type="USVString " id="dom-credentialdata-id"><code>id</code></dfn>;
+<c- b>dictionary</c-> <dfn class="dfn-paneled idl-code" data-dfn-type="dictionary" data-export id="dictdef-credentialdata"><code><c- g>CredentialData</c-></code></dfn> {
+  <c- b>required</c-> <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-USVString" id="ref-for-idl-USVString⑥"><c- b>USVString</c-></a> <dfn class="dfn-paneled idl-code" data-dfn-for="CredentialData" data-dfn-type="dict-member" data-export data-type="USVString " id="dom-credentialdata-id"><code><c- g>id</c-></code></dfn>;
 };
 </pre>
     <div>
      <dl>
-      <dt data-md=""><dfn class="dfn-paneled idl-code" data-dfn-for="CredentialsContainer" data-dfn-type="method" data-export="" data-lt="get(options)|get()" id="dom-credentialscontainer-get"><code>get(options)</code></dfn>
-      <dd data-md="">
+      <dt data-md><dfn class="dfn-paneled idl-code" data-dfn-for="CredentialsContainer" data-dfn-type="method" data-export data-lt="get(options)|get()" id="dom-credentialscontainer-get"><code>get(options)</code></dfn>
+      <dd data-md>
        <p>When <code class="idl"><a data-link-type="idl" href="#dom-credentialscontainer-get" id="ref-for-dom-credentialscontainer-get①">get()</a></code> is called, the user agent MUST return the result of
   executing <a data-link-type="abstract-op" href="#abstract-opdef-request-a-credential" id="ref-for-abstract-opdef-request-a-credential">Request a <code>Credential</code></a> on <code class="idl"><a data-link-type="idl" href="#dom-credentialscontainer-get-options-options" id="ref-for-dom-credentialscontainer-get-options-options①">options</a></code>.</p>
        <table class="argumentdef data">
@@ -1932,14 +1953,14 @@ <h3 class="heading settled" data-level="2.3" id="framework-credential-management
           <th>Description 
         <tbody>
          <tr>
-          <td><dfn class="dfn-paneled idl-code" data-dfn-for="CredentialsContainer/get(options)" data-dfn-type="argument" data-export="" id="dom-credentialscontainer-get-options-options"><code>options</code></dfn> 
+          <td><dfn class="dfn-paneled idl-code" data-dfn-for="CredentialsContainer/get(options)" data-dfn-type="argument" data-export id="dom-credentialscontainer-get-options-options"><code>options</code></dfn> 
           <td> CredentialRequestOptions 
           <td> <span class="no">✘</span>
           <td> <span class="yes">✔</span>
           <td>The set of properties governing the scope of the request. 
        </table>
-      <dt data-md=""><dfn class="dfn-paneled idl-code" data-dfn-for="CredentialsContainer" data-dfn-type="method" data-export="" data-lt="store(credential)|store()" id="dom-credentialscontainer-store"><code>store(credential)</code></dfn>
-      <dd data-md="">
+      <dt data-md><dfn class="dfn-paneled idl-code" data-dfn-for="CredentialsContainer" data-dfn-type="method" data-export data-lt="store(credential)|store()" id="dom-credentialscontainer-store"><code>store(credential)</code></dfn>
+      <dd data-md>
        <p>When <code class="idl"><a data-link-type="idl" href="#dom-credentialscontainer-store" id="ref-for-dom-credentialscontainer-store②">store()</a></code> is called, the user agent MUST return the result of
   executing <a data-link-type="abstract-op" href="#abstract-opdef-store-a-credential" id="ref-for-abstract-opdef-store-a-credential">Store a <code>Credential</code></a> on <code class="idl"><a data-link-type="idl" href="#dom-credentialscontainer-store-credential-credential" id="ref-for-dom-credentialscontainer-store-credential-credential①">credential</a></code>.</p>
        <table class="argumentdef data">
@@ -1953,14 +1974,14 @@ <h3 class="heading settled" data-level="2.3" id="framework-credential-management
           <th>Description 
         <tbody>
          <tr>
-          <td><dfn class="dfn-paneled idl-code" data-dfn-for="CredentialsContainer/store(credential)" data-dfn-type="argument" data-export="" id="dom-credentialscontainer-store-credential-credential"><code>credential</code></dfn> 
+          <td><dfn class="dfn-paneled idl-code" data-dfn-for="CredentialsContainer/store(credential)" data-dfn-type="argument" data-export id="dom-credentialscontainer-store-credential-credential"><code>credential</code></dfn> 
           <td> Credential 
           <td> <span class="no">✘</span>
           <td> <span class="no">✘</span>
           <td>The credential to be stored. 
        </table>
-      <dt data-md=""><dfn class="dfn-paneled idl-code" data-dfn-for="CredentialsContainer" data-dfn-type="method" data-export="" data-lt="create(options)|create()" id="dom-credentialscontainer-create"><code>create(options)</code></dfn>
-      <dd data-md="">
+      <dt data-md><dfn class="dfn-paneled idl-code" data-dfn-for="CredentialsContainer" data-dfn-type="method" data-export data-lt="create(options)|create()" id="dom-credentialscontainer-create"><code>create(options)</code></dfn>
+      <dd data-md>
        <p>When <code class="idl"><a data-link-type="idl" href="#dom-credentialscontainer-create" id="ref-for-dom-credentialscontainer-create①">create()</a></code> is called, the user agent MUST return the result of
   executing <a data-link-type="abstract-op" href="#abstract-opdef-create-a-credential" id="ref-for-abstract-opdef-create-a-credential">Create a <code>Credential</code></a> on <code class="idl"><a data-link-type="idl" href="#dom-credentialscontainer-create-options-options" id="ref-for-dom-credentialscontainer-create-options-options①">options</a></code>.</p>
        <table class="argumentdef data">
@@ -1974,14 +1995,14 @@ <h3 class="heading settled" data-level="2.3" id="framework-credential-management
           <th>Description 
         <tbody>
          <tr>
-          <td><dfn class="dfn-paneled idl-code" data-dfn-for="CredentialsContainer/create(options)" data-dfn-type="argument" data-export="" id="dom-credentialscontainer-create-options-options"><code>options</code></dfn> 
+          <td><dfn class="dfn-paneled idl-code" data-dfn-for="CredentialsContainer/create(options)" data-dfn-type="argument" data-export id="dom-credentialscontainer-create-options-options"><code>options</code></dfn> 
           <td> CredentialCreationOptions 
           <td> <span class="no">✘</span>
           <td> <span class="yes">✔</span>
           <td>The options used to create a <code>Credential</code>. 
        </table>
-      <dt data-md=""><dfn class="dfn-paneled idl-code" data-dfn-for="CredentialsContainer" data-dfn-type="method" data-export="" id="dom-credentialscontainer-preventsilentaccess"><code>preventSilentAccess()</code></dfn>
-      <dd data-md="">
+      <dt data-md><dfn class="dfn-paneled idl-code" data-dfn-for="CredentialsContainer" data-dfn-type="method" data-export id="dom-credentialscontainer-preventsilentaccess"><code>preventSilentAccess()</code></dfn>
+      <dd data-md>
        <p>When <code class="idl"><a data-link-type="idl" href="#dom-credentialscontainer-preventsilentaccess" id="ref-for-dom-credentialscontainer-preventsilentaccess①">preventSilentAccess()</a></code> is called, the user agent MUST return
   the result of executing <a data-link-type="abstract-op" href="#abstract-opdef-prevent-silent-access" id="ref-for-abstract-opdef-prevent-silent-access">Prevent Silent Access</a> on the <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#current-settings-object" id="ref-for-current-settings-object">current settings
   object</a>.</p>
@@ -1997,25 +2018,25 @@ <h3 class="heading settled" data-level="2.3" id="framework-credential-management
     new <code class="idl"><a data-link-type="idl" href="#credentialscontainer" id="ref-for-credentialscontainer④">CredentialsContainer</a></code> object, using <var>navigator</var>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#concept-relevant-realm" id="ref-for-concept-relevant-realm">relevant Realm</a>, and associate it
     with <var>navigator</var>. </div>
     <h4 class="heading settled" data-level="2.3.1" id="credentialrequestoptions-dictionary"><span class="secno">2.3.1. </span><span class="content">The <code>CredentialRequestOptions</code> Dictionary</span><a class="self-link" href="#credentialrequestoptions-dictionary"></a></h4>
-    <p>In order to retrieve a <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential②④">Credential</a></code> via <code class="idl"><a data-link-type="idl" href="#dom-credentialscontainer-get" id="ref-for-dom-credentialscontainer-get③">get()</a></code>, the caller specifies a
+    <p>In order to retrieve a <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential③⓪">Credential</a></code> via <code class="idl"><a data-link-type="idl" href="#dom-credentialscontainer-get" id="ref-for-dom-credentialscontainer-get③">get()</a></code>, the caller specifies a
   few parameters in a <code class="idl"><a data-link-type="idl" href="#dictdef-credentialrequestoptions" id="ref-for-dictdef-credentialrequestoptions③">CredentialRequestOptions</a></code> object.</p>
     <p class="note" role="note"><span>Note:</span> The <code class="idl"><a data-link-type="idl" href="#dictdef-credentialrequestoptions" id="ref-for-dictdef-credentialrequestoptions④">CredentialRequestOptions</a></code> dictionary is an extension point. If and when new types of
   credentials are introduced that require options, their dictionary types will be added to the
   dictionary so they can be passed into the request. See <a href="#implementation-extension">§7.2 Extension Points</a>.</p>
-<pre class="idl highlight def"><span class="kt">dictionary</span> <dfn class="nv dfn-paneled idl-code" data-dfn-type="dictionary" data-export="" id="dictdef-credentialrequestoptions"><code>CredentialRequestOptions</code></dfn> {
-  <a class="n" data-link-type="idl-name" href="#enumdef-credentialmediationrequirement" id="ref-for-enumdef-credentialmediationrequirement">CredentialMediationRequirement</a> <a class="nv idl-code" data-default="&quot;optional&quot;" data-link-type="dict-member" data-type="CredentialMediationRequirement " href="#dom-credentialrequestoptions-mediation" id="ref-for-dom-credentialrequestoptions-mediation">mediation</a> = "optional";
-  <a class="n" data-link-type="idl-name" href="https://dom.spec.whatwg.org/#abortsignal" id="ref-for-abortsignal">AbortSignal</a> <a class="nv idl-code" data-link-type="dict-member" data-type="AbortSignal " href="#dom-credentialrequestoptions-signal" id="ref-for-dom-credentialrequestoptions-signal">signal</a>;
+<pre class="idl highlight def"><c- b>dictionary</c-> <dfn class="dfn-paneled idl-code" data-dfn-type="dictionary" data-export id="dictdef-credentialrequestoptions"><code><c- g>CredentialRequestOptions</c-></code></dfn> {
+  <a class="n" data-link-type="idl-name" href="#enumdef-credentialmediationrequirement" id="ref-for-enumdef-credentialmediationrequirement"><c- n>CredentialMediationRequirement</c-></a> <a class="idl-code" data-default="&quot;optional&quot;" data-link-type="dict-member" data-type="CredentialMediationRequirement " href="#dom-credentialrequestoptions-mediation" id="ref-for-dom-credentialrequestoptions-mediation"><c- g>mediation</c-></a> = "optional";
+  <a class="n" data-link-type="idl-name" href="https://dom.spec.whatwg.org/#abortsignal" id="ref-for-abortsignal"><c- n>AbortSignal</c-></a> <a class="idl-code" data-link-type="dict-member" data-type="AbortSignal " href="#dom-credentialrequestoptions-signal" id="ref-for-dom-credentialrequestoptions-signal"><c- g>signal</c-></a>;
 };
 </pre>
     <div>
      <dl>
-      <dt data-md=""><dfn class="dfn-paneled idl-code" data-dfn-for="CredentialRequestOptions" data-dfn-type="dict-member" data-export="" id="dom-credentialrequestoptions-mediation"><code>mediation</code></dfn>, <span> of type <a data-link-type="idl-name" href="#enumdef-credentialmediationrequirement" id="ref-for-enumdef-credentialmediationrequirement①">CredentialMediationRequirement</a>, defaulting to <code>"optional"</code></span>
-      <dd data-md="">
+      <dt data-md><dfn class="dfn-paneled idl-code" data-dfn-for="CredentialRequestOptions" data-dfn-type="dict-member" data-export id="dom-credentialrequestoptions-mediation"><code>mediation</code></dfn>, <span> of type <a data-link-type="idl-name" href="#enumdef-credentialmediationrequirement" id="ref-for-enumdef-credentialmediationrequirement①">CredentialMediationRequirement</a>, defaulting to <code>"optional"</code></span>
+      <dd data-md>
        <p>This property specifies the mediation requirements for a given credential request. The
   meaning of each enum value is described below in <code class="idl"><a data-link-type="idl" href="#enumdef-credentialmediationrequirement" id="ref-for-enumdef-credentialmediationrequirement②">CredentialMediationRequirement</a></code>.
   Processing details are defined in <a href="#algorithm-request">§2.5.1 Request a Credential</a>.</p>
-      <dt data-md=""><dfn class="dfn-paneled idl-code" data-dfn-for="CredentialRequestOptions" data-dfn-type="dict-member" data-export="" id="dom-credentialrequestoptions-signal"><code>signal</code></dfn>, <span> of type <a data-link-type="idl-name" href="https://dom.spec.whatwg.org/#abortsignal" id="ref-for-abortsignal①">AbortSignal</a></span>
-      <dd data-md="">
+      <dt data-md><dfn class="dfn-paneled idl-code" data-dfn-for="CredentialRequestOptions" data-dfn-type="dict-member" data-export id="dom-credentialrequestoptions-signal"><code>signal</code></dfn>, <span> of type <a data-link-type="idl-name" href="https://dom.spec.whatwg.org/#abortsignal" id="ref-for-abortsignal①">AbortSignal</a></span>
+      <dd data-md>
        <p>This property lets the developer abort an ongoing <code class="idl"><a data-link-type="idl" href="#dom-credentialscontainer-get" id="ref-for-dom-credentialscontainer-get④">get()</a></code> operation.
   An aborted operation may complete normally (generally if the abort was received after the
   operation finished) or reject with an "<code class="idl"><a data-link-type="idl" href="https://heycam.github.io/webidl/#aborterror" id="ref-for-aborterror">AbortError</a></code>" <code class="idl"><a data-link-type="idl" href="https://heycam.github.io/webidl/#idl-DOMException" id="ref-for-idl-DOMException">DOMException</a></code>."</p>
@@ -2029,22 +2050,22 @@ <h4 class="heading settled" data-level="2.3.1" id="credentialrequestoptions-dict
      <p><code>unmediated</code> should be considered deprecated; new code should instead rely on <code class="idl"><a data-link-type="idl" href="#dom-credentialrequestoptions-mediation" id="ref-for-dom-credentialrequestoptions-mediation③">mediation</a></code>.</p>
     </div>
     <div class="algorithm" data-algorithm="relevant credential interfaces">
-      The <dfn class="dfn-paneled" data-dfn-for="CredentialRequestOptions" data-dfn-type="dfn" data-noexport="" id="credentialrequestoptions-relevant-credential-interface-objects">relevant credential interface objects</dfn> for a given <code class="idl"><a data-link-type="idl" href="#dictdef-credentialrequestoptions" id="ref-for-dictdef-credentialrequestoptions⑤">CredentialRequestOptions</a></code> (<var>options</var>) is a set of <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-interface-object" id="ref-for-dfn-interface-object⑥">interface objects</a>, collected as follows: 
+      The <dfn class="dfn-paneled" data-dfn-for="CredentialRequestOptions" data-dfn-type="dfn" data-noexport id="credentialrequestoptions-relevant-credential-interface-objects">relevant credential interface objects</dfn> for a given <code class="idl"><a data-link-type="idl" href="#dictdef-credentialrequestoptions" id="ref-for-dictdef-credentialrequestoptions⑤">CredentialRequestOptions</a></code> (<var>options</var>) is a set of <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-interface-object" id="ref-for-dfn-interface-object⑦">interface objects</a>, collected as follows: 
      <ol class="algorithm">
-      <li data-md="">
+      <li data-md>
        <p>Let <var>settings</var> be the <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#current-settings-object" id="ref-for-current-settings-object①">current settings object</a></p>
-      <li data-md="">
-       <p>Let <var>interface objects</var> be the set of <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-interface-object" id="ref-for-dfn-interface-object⑦">interface objects</a> on <var>settings</var>’ <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#concept-settings-object-global" id="ref-for-concept-settings-object-global">global object</a>.</p>
-      <li data-md="">
+      <li data-md>
+       <p>Let <var>interface objects</var> be the set of <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-interface-object" id="ref-for-dfn-interface-object⑧">interface objects</a> on <var>settings</var>’ <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#concept-settings-object-global" id="ref-for-concept-settings-object-global①">global object</a>.</p>
+      <li data-md>
        <p>Let <var>relevant interface objects</var> be an empty set.</p>
-      <li data-md="">
+      <li data-md>
        <p>For each <var>object</var> in <var>interface objects</var>:</p>
        <ol>
-        <li data-md="">
-         <p>If <var>object</var>’s <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-inherited-interfaces" id="ref-for-dfn-inherited-interfaces">inherited interfaces</a> do not <a data-link-type="dfn" href="https://infra.spec.whatwg.org/#list-contain" id="ref-for-list-contain">contain</a> <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential②⑤">Credential</a></code>, <a data-link-type="dfn" href="https://infra.spec.whatwg.org/#iteration-continue" id="ref-for-iteration-continue">continue</a>.</p>
-        <li data-md="">
+        <li data-md>
+         <p>If <var>object</var>’s <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-inherited-interfaces" id="ref-for-dfn-inherited-interfaces">inherited interfaces</a> do not <a data-link-type="dfn" href="https://infra.spec.whatwg.org/#list-contain" id="ref-for-list-contain">contain</a> <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential③①">Credential</a></code>, <a data-link-type="dfn" href="https://infra.spec.whatwg.org/#iteration-continue" id="ref-for-iteration-continue">continue</a>.</p>
+        <li data-md>
          <p>Let <var>key</var> be <var>object</var>’s <code class="idl"><a data-link-type="idl" href="#dom-credential-type-slot" id="ref-for-dom-credential-type-slot②">[[type]]</a></code> slot’s value.</p>
-        <li data-md="">
+        <li data-md>
          <p>If <var>options</var>[<var>key</var>] <a data-link-type="dfn" href="https://infra.spec.whatwg.org/#map-exists" id="ref-for-map-exists">exists</a>, <a data-link-type="dfn" href="https://infra.spec.whatwg.org/#set-append" id="ref-for-set-append">append</a> <var>object</var> to <var>relevant interface objects</var>.</p>
        </ol>
      </ol>
@@ -2053,17 +2074,17 @@ <h4 class="heading settled" data-level="2.3.1" id="credentialrequestoptions-dict
     argue about whether this is too much of a <code>COMEFROM</code> interface.</p>
     </div>
     <div class="algorithm" data-algorithm="can collect locally">
-      A given <code class="idl"><a data-link-type="idl" href="#dictdef-credentialrequestoptions" id="ref-for-dictdef-credentialrequestoptions⑥">CredentialRequestOptions</a></code> <var>options</var> is <dfn class="dfn-paneled" data-dfn-for="CredentialRequestOptions" data-dfn-type="dfn" data-noexport="" id="credentialrequestoptions-matchable-a-priori">matchable <i lang="la">a priori</i></dfn> if the following
+      A given <code class="idl"><a data-link-type="idl" href="#dictdef-credentialrequestoptions" id="ref-for-dictdef-credentialrequestoptions⑥">CredentialRequestOptions</a></code> <var>options</var> is <dfn class="dfn-paneled" data-dfn-for="CredentialRequestOptions" data-dfn-type="dfn" data-noexport id="credentialrequestoptions-matchable-a-priori">matchable <i lang="la">a priori</i></dfn> if the following
     steps return <code>true</code>: 
      <ol class="algorithm">
-      <li data-md="">
+      <li data-md>
        <p>For each <var>interface</var> in <var>options</var>’ <a data-link-type="dfn" href="#credentialrequestoptions-relevant-credential-interface-objects" id="ref-for-credentialrequestoptions-relevant-credential-interface-objects">relevant credential interface objects</a>:</p>
        <ol>
-        <li data-md="">
+        <li data-md>
          <p>If <var>interface</var>’s <code class="idl"><a data-link-type="idl" href="#dom-credential-discovery-slot" id="ref-for-dom-credential-discovery-slot">[[discovery]]</a></code> slot’s value is not
   "<code class="idl"><a data-link-type="idl" href="#dom-credential-discovery-credential-store" id="ref-for-dom-credential-discovery-credential-store">credential store</a></code>", return <code>false</code>.</p>
        </ol>
-      <li data-md="">
+      <li data-md>
        <p>Return <code>true</code>.</p>
      </ol>
      <p class="note" role="note"><span>Note:</span> When executing <code class="idl"><a data-link-type="idl" href="#dom-credentialscontainer-get" id="ref-for-dom-credentialscontainer-get⑤">get(options)</a></code>, we only return credentials without <a data-link-type="dfn" href="#user-mediated" id="ref-for-user-mediated">user mediation</a> if
@@ -2076,16 +2097,16 @@ <h4 class="heading settled" data-level="2.3.2" id="mediation-requirements"><span
     <p>When making a request via <code class="idl"><a data-link-type="idl" href="#dom-credentialscontainer-get" id="ref-for-dom-credentialscontainer-get⑥">get(options)</a></code>, developers can set a case-by-case requirement for <a data-link-type="dfn" href="#user-mediated" id="ref-for-user-mediated②">user mediation</a> by choosing the appropriate <code class="idl"><a data-link-type="idl" href="#enumdef-credentialmediationrequirement" id="ref-for-enumdef-credentialmediationrequirement③">CredentialMediationRequirement</a></code> enum value.</p>
     <p class="note" role="note"><span>Note:</span> The <a href="#user-mediation">§5 User Mediation</a> section gives more detail on the concept in general, and its
   implications on how the user agent deals with individual requests for a given origin).</p>
-<pre class="idl highlight def"><span class="kt">enum</span> <dfn class="nv dfn-paneled idl-code" data-dfn-type="enum" data-export="" id="enumdef-credentialmediationrequirement"><code>CredentialMediationRequirement</code></dfn> {
-  <a class="s idl-code" data-link-type="enum-value" href="#dom-credentialmediationrequirement-silent" id="ref-for-dom-credentialmediationrequirement-silent①">"silent"</a>,
-  <a class="s idl-code" data-link-type="enum-value" href="#dom-credentialmediationrequirement-optional" id="ref-for-dom-credentialmediationrequirement-optional①">"optional"</a>,
-  <a class="s idl-code" data-link-type="enum-value" href="#dom-credentialmediationrequirement-required" id="ref-for-dom-credentialmediationrequirement-required">"required"</a>
+<pre class="idl highlight def"><c- b>enum</c-> <dfn class="dfn-paneled idl-code" data-dfn-type="enum" data-export id="enumdef-credentialmediationrequirement"><code><c- g>CredentialMediationRequirement</c-></code></dfn> {
+  <a class="idl-code" data-link-type="enum-value" href="#dom-credentialmediationrequirement-silent" id="ref-for-dom-credentialmediationrequirement-silent①"><c- s>"silent"</c-></a>,
+  <a class="idl-code" data-link-type="enum-value" href="#dom-credentialmediationrequirement-optional" id="ref-for-dom-credentialmediationrequirement-optional①"><c- s>"optional"</c-></a>,
+  <a class="idl-code" data-link-type="enum-value" href="#dom-credentialmediationrequirement-required" id="ref-for-dom-credentialmediationrequirement-required"><c- s>"required"</c-></a>
 };
 </pre>
     <div>
      <dl>
-      <dt data-md=""><dfn class="dfn-paneled idl-code" data-dfn-for="CredentialMediationRequirement" data-dfn-type="enum-value" data-export="" id="dom-credentialmediationrequirement-silent"><code>silent</code></dfn>
-      <dd data-md="">
+      <dt data-md><dfn class="dfn-paneled idl-code" data-dfn-for="CredentialMediationRequirement" data-dfn-type="enum-value" data-export id="dom-credentialmediationrequirement-silent"><code>silent</code></dfn>
+      <dd data-md>
        <p>User mediation is suppressed for the given operation. If the operation can be performed
   without user involvement, wonderful. If user involvement is necessary, then the operation
   will return <code>null</code> rather than involving the user.</p>
@@ -2093,8 +2114,8 @@ <h4 class="heading settled" data-level="2.3.2" id="mediation-requirements"><span
   scenarios</a>, where a developer may wish to silently obtain
   credentials if a user should be automatically signed in, but to delay bothering the user
   with a sign-in prompt until they actively choose to sign-in.</p>
-      <dt data-md=""><dfn class="dfn-paneled idl-code" data-dfn-for="CredentialMediationRequirement" data-dfn-type="enum-value" data-export="" id="dom-credentialmediationrequirement-optional"><code>optional</code></dfn>
-      <dd data-md="">
+      <dt data-md><dfn class="dfn-paneled idl-code" data-dfn-for="CredentialMediationRequirement" data-dfn-type="enum-value" data-export id="dom-credentialmediationrequirement-optional"><code>optional</code></dfn>
+      <dd data-md>
        <p>If credentials can be handed over for a given operation without user mediation, they will
   be. If <a data-link-type="dfn" href="#origin-requires-user-mediation" id="ref-for-origin-requires-user-mediation">user mediation is required</a>, then the user agent will
   involve the user in the decision.</p>
@@ -2102,8 +2123,8 @@ <h4 class="heading settled" data-level="2.3.2" id="mediation-requirements"><span
   developer has reasonable confidence that a user expects to start a sign-in operation. If
   a user has just clicked "sign-in" for example, then they won’t be surprised or confused to
   see a <a data-link-type="dfn" href="#credential-chooser" id="ref-for-credential-chooser③">credential chooser</a> if necessary.</p>
-      <dt data-md=""><dfn class="dfn-paneled idl-code" data-dfn-for="CredentialMediationRequirement" data-dfn-type="enum-value" data-export="" id="dom-credentialmediationrequirement-required"><code>required</code></dfn>
-      <dd data-md="">
+      <dt data-md><dfn class="dfn-paneled idl-code" data-dfn-for="CredentialMediationRequirement" data-dfn-type="enum-value" data-export id="dom-credentialmediationrequirement-required"><code>required</code></dfn>
+      <dd data-md>
        <p>The user agent will not hand over credentials without <a data-link-type="dfn" href="#user-mediated" id="ref-for-user-mediated③">user mediation</a>, even if the <a data-link-type="dfn" href="#origin-prevent-silent-access-flag" id="ref-for-origin-prevent-silent-access-flag①">prevent silent access flag</a> is unset for an origin.</p>
        <p class="note" role="note"><span>Note:</span> This requirement is intended to support <a href="#example-mediation-require">reauthentication</a> or <a href="#example-mediation-switch">user-switching</a> scenarios. Further, the requirement is tied
   to a specific operation, and does not affect the <a data-link-type="dfn" href="#origin-prevent-silent-access-flag" id="ref-for-origin-prevent-silent-access-flag②">prevent silent access flag</a> for the
@@ -2118,7 +2139,7 @@ <h5 class="heading settled" data-level="2.3.2.1" id="mediation-examples"><span c
     dropping the requirements for user mediation (as described in <a href="#user-mediation-requirement">§5.2 Requiring User Mediation</a>)
     are signed in, and users who haven’t opted-into such behavior won’t be bothered with a confusing <a data-link-type="dfn" href="#credential-chooser" id="ref-for-credential-chooser④">credential chooser</a> popping up without context: 
 <pre>window.addEventListener('load', async () => {
-  const credentials = await navigatior.<a class="idl-code" data-link-type="attribute" href="#dom-navigator-credentials" id="ref-for-dom-navigator-credentials②">credentials</a>.<a class="idl-code" data-link-type="method" href="#dom-credentialscontainer-get" id="ref-for-dom-credentialscontainer-get⑨">get</a>({
+  const credentials = await navigator.<a class="idl-code" data-link-type="attribute" href="#dom-navigator-credentials" id="ref-for-dom-navigator-credentials②">credentials</a>.<a class="idl-code" data-link-type="method" href="#dom-credentialscontainer-get" id="ref-for-dom-credentialscontainer-get⑨">get</a>({
     ...,
     <a class="idl-code" data-link-type="dict-member" href="#dom-credentialrequestoptions-mediation" id="ref-for-dom-credentialrequestoptions-mediation⑤">mediation</a>: '<a class="idl-code" data-link-type="enum-value" href="#dom-credentialmediationrequirement-silent" id="ref-for-dom-credentialmediationrequirement-silent③">silent</a>'
   });
@@ -2133,7 +2154,7 @@ <h5 class="heading settled" data-level="2.3.2.1" id="mediation-examples"><span c
     experience. If they have <a href="#user-mediation-requirement">opted-into</a> signing in without <a data-link-type="dfn" href="#user-mediated" id="ref-for-user-mediated④">user mediation</a>, and the user agent can unambigiously choose a credential, great! If
     not, a <a data-link-type="dfn" href="#credential-chooser" id="ref-for-credential-chooser⑤">credential chooser</a> will be presented. 
 <pre>document.querySelector('#sign-in').addEventListener('click', async () => {
-  const credentials = await navigatior.<a class="idl-code" data-link-type="attribute" href="#dom-navigator-credentials" id="ref-for-dom-navigator-credentials③">credentials</a>.<a class="idl-code" data-link-type="method" href="#dom-credentialscontainer-get" id="ref-for-dom-credentialscontainer-get①⓪">get</a>({
+  const credentials = await navigator.<a class="idl-code" data-link-type="attribute" href="#dom-navigator-credentials" id="ref-for-dom-navigator-credentials③">credentials</a>.<a class="idl-code" data-link-type="method" href="#dom-credentialscontainer-get" id="ref-for-dom-credentialscontainer-get①⓪">get</a>({
     ...,
     <a class="idl-code" data-link-type="dict-member" href="#dom-credentialrequestoptions-mediation" id="ref-for-dom-credentialrequestoptions-mediation⑥">mediation</a>: '<a class="idl-code" data-link-type="enum-value" href="#dom-credentialmediationrequirement-optional" id="ref-for-dom-credentialmediationrequirement-optional②">optional</a>'
   });
@@ -2154,7 +2175,7 @@ <h5 class="heading settled" data-level="2.3.2.1" id="mediation-examples"><span c
     the user to authenticate themselves in some way, perhaps by entering a master password, scanning
     a fingerprint, etc. before a credential is handed to the website.</p>
 <pre>document.querySelector('#important-form').addEventListener('submit', async () => {
-  const credentials = await navigatior.<a class="idl-code" data-link-type="attribute" href="#dom-navigator-credentials" id="ref-for-dom-navigator-credentials④">credentials</a>.<a class="idl-code" data-link-type="method" href="#dom-credentialscontainer-get" id="ref-for-dom-credentialscontainer-get①②">get</a>({
+  const credentials = await navigator.<a class="idl-code" data-link-type="attribute" href="#dom-navigator-credentials" id="ref-for-dom-navigator-credentials④">credentials</a>.<a class="idl-code" data-link-type="method" href="#dom-credentialscontainer-get" id="ref-for-dom-credentialscontainer-get①②">get</a>({
     ...,
     <a class="idl-code" data-link-type="dict-member" href="#dom-credentialrequestoptions-mediation" id="ref-for-dom-credentialrequestoptions-mediation⑨">mediation</a>: '<a class="idl-code" data-link-type="enum-value" href="#dom-credentialmediationrequirement-required" id="ref-for-dom-credentialmediationrequirement-required②">required</a>'
   });
@@ -2173,7 +2194,7 @@ <h5 class="heading settled" data-level="2.3.2.1" id="mediation-examples"><span c
     "<code class="idl"><a data-link-type="idl" href="#dom-credentialmediationrequirement-required" id="ref-for-dom-credentialmediationrequirement-required③">required</a></code>" in order to ensure that that credentials aren’t
     returned automatically in response to clicking on an "Add account" button: 
 <pre>document.querySelector('#switch-button').addEventListener('click', e => {
-  var c = await navigatior.<a class="idl-code" data-link-type="attribute" href="#dom-navigator-credentials" id="ref-for-dom-navigator-credentials⑤">credentials</a>.<a class="idl-code" data-link-type="method" href="#dom-credentialscontainer-get" id="ref-for-dom-credentialscontainer-get①④">get</a>({
+  var c = await navigator.<a class="idl-code" data-link-type="attribute" href="#dom-navigator-credentials" id="ref-for-dom-navigator-credentials⑤">credentials</a>.<a class="idl-code" data-link-type="method" href="#dom-credentialscontainer-get" id="ref-for-dom-credentialscontainer-get①④">get</a>({
     ...,
     <a class="idl-code" data-link-type="dict-member" href="#dom-credentialrequestoptions-mediation" id="ref-for-dom-credentialrequestoptions-mediation①①">mediation</a>: '<a class="idl-code" data-link-type="enum-value" href="#dom-credentialmediationrequirement-required" id="ref-for-dom-credentialmediationrequirement-required④">required</a>'
   });
@@ -2184,210 +2205,226 @@ <h5 class="heading settled" data-level="2.3.2.1" id="mediation-examples"><span c
 </pre>
     </div>
     <h3 class="heading settled" data-level="2.4" id="credentialcreationoptions-dictionary"><span class="secno">2.4. </span><span class="content">The <code>CredentialCreationOptions</code> Dictionary</span><a class="self-link" href="#credentialcreationoptions-dictionary"></a></h3>
-    <p>In order to create a <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential②⑥">Credential</a></code> via <code class="idl"><a data-link-type="idl" href="#dom-credentialscontainer-create" id="ref-for-dom-credentialscontainer-create③">create()</a></code>, the caller specifies a
+    <p>In order to create a <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential③②">Credential</a></code> via <code class="idl"><a data-link-type="idl" href="#dom-credentialscontainer-create" id="ref-for-dom-credentialscontainer-create③">create()</a></code>, the caller specifies a
   few parameters in a <code class="idl"><a data-link-type="idl" href="#dictdef-credentialcreationoptions" id="ref-for-dictdef-credentialcreationoptions②">CredentialCreationOptions</a></code> object.</p>
     <p class="note" role="note"><span>Note:</span> The <code class="idl"><a data-link-type="idl" href="#dictdef-credentialcreationoptions" id="ref-for-dictdef-credentialcreationoptions③">CredentialCreationOptions</a></code> dictionary is an extension point. If and when new types of
   credentials are introduced, they will add to the dictionary so they can be passed into the
   creation method. See <a href="#implementation-extension">§7.2 Extension Points</a>, and the extensions introduced in this document: <a href="#passwordcredential-interface">§3.2 The PasswordCredential Interface</a> and <a href="#federatedcredential-interface">§4.1 The FederatedCredential Interface</a>.</p>
-<pre class="idl highlight def"><span class="kt">dictionary</span> <dfn class="nv dfn-paneled idl-code" data-dfn-type="dictionary" data-export="" id="dictdef-credentialcreationoptions"><code>CredentialCreationOptions</code></dfn> {
-  <a class="n" data-link-type="idl-name" href="https://dom.spec.whatwg.org/#abortsignal" id="ref-for-abortsignal②">AbortSignal</a> <a class="nv idl-code" data-link-type="dict-member" data-type="AbortSignal " href="#dom-credentialcreationoptions-signal" id="ref-for-dom-credentialcreationoptions-signal">signal</a>;
+<pre class="idl highlight def"><c- b>dictionary</c-> <dfn class="dfn-paneled idl-code" data-dfn-type="dictionary" data-export id="dictdef-credentialcreationoptions"><code><c- g>CredentialCreationOptions</c-></code></dfn> {
+  <a class="n" data-link-type="idl-name" href="https://dom.spec.whatwg.org/#abortsignal" id="ref-for-abortsignal②"><c- n>AbortSignal</c-></a> <a class="idl-code" data-link-type="dict-member" data-type="AbortSignal " href="#dom-credentialcreationoptions-signal" id="ref-for-dom-credentialcreationoptions-signal"><c- g>signal</c-></a>;
 };
 </pre>
     <div>
      <dl>
-      <dt data-md=""><dfn class="dfn-paneled idl-code" data-dfn-for="CredentialCreationOptions" data-dfn-type="dict-member" data-export="" id="dom-credentialcreationoptions-signal"><code>signal</code></dfn>, <span> of type <a data-link-type="idl-name" href="https://dom.spec.whatwg.org/#abortsignal" id="ref-for-abortsignal③">AbortSignal</a></span>
-      <dd data-md="">
+      <dt data-md><dfn class="dfn-paneled idl-code" data-dfn-for="CredentialCreationOptions" data-dfn-type="dict-member" data-export id="dom-credentialcreationoptions-signal"><code>signal</code></dfn>, <span> of type <a data-link-type="idl-name" href="https://dom.spec.whatwg.org/#abortsignal" id="ref-for-abortsignal③">AbortSignal</a></span>
+      <dd data-md>
        <p>This property lets the developer abort an ongoing <code class="idl"><a data-link-type="idl" href="#dom-credentialscontainer-create" id="ref-for-dom-credentialscontainer-create④">create()</a></code> operation. An aborted operation may complete normally (generally if the abort was received
   after the operation finished) or reject with an "<code class="idl"><a data-link-type="idl" href="https://heycam.github.io/webidl/#aborterror" id="ref-for-aborterror①">AbortError</a></code>" <code class="idl"><a data-link-type="idl" href="https://heycam.github.io/webidl/#idl-DOMException" id="ref-for-idl-DOMException①">DOMException</a></code>."</p>
      </dl>
     </div>
     <h3 class="heading settled" data-level="2.5" id="algorithms"><span class="secno">2.5. </span><span class="content">Algorithms</span><a class="self-link" href="#algorithms"></a></h3>
     <h4 class="heading settled algorithm" data-algorithm="Request a Credential" data-level="2.5.1" id="algorithm-request"><span class="secno">2.5.1. </span><span class="content">Request a <code>Credential</code></span><a class="self-link" href="#algorithm-request"></a></h4>
-    <p>The <dfn class="dfn-paneled" data-dfn-type="abstract-op" data-export="" id="abstract-opdef-request-a-credential">Request a <code>Credential</code></dfn> algorithm accepts a <code class="idl"><a data-link-type="idl" href="#dictdef-credentialrequestoptions" id="ref-for-dictdef-credentialrequestoptions⑧">CredentialRequestOptions</a></code> (<var>options</var>), and returns a <code class="idl"><a data-link-type="idl" href="https://heycam.github.io/webidl/#idl-promise" id="ref-for-idl-promise">Promise</a></code> that resolves with a <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential②⑦">Credential</a></code> if one can be
+    <p>The <dfn class="dfn-paneled" data-dfn-type="abstract-op" data-export id="abstract-opdef-request-a-credential">Request a <code>Credential</code></dfn> algorithm accepts a <code class="idl"><a data-link-type="idl" href="#dictdef-credentialrequestoptions" id="ref-for-dictdef-credentialrequestoptions⑧">CredentialRequestOptions</a></code> (<var>options</var>), and returns a <code class="idl"><a data-link-type="idl" href="https://heycam.github.io/webidl/#idl-promise" id="ref-for-idl-promise">Promise</a></code> that resolves with a <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential③③">Credential</a></code> if one can be
   unambigiously obtained, or with <code>null</code> if not.</p>
     <ol class="algorithm">
-     <li data-md="">
+     <li data-md>
       <p>Let <var>settings</var> be the <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#current-settings-object" id="ref-for-current-settings-object②">current settings object</a></p>
-     <li data-md="">
+     <li data-md>
       <p class="assertion">Assert: <var>settings</var> is a <a data-link-type="dfn" href="https://w3c.github.io/webappsec-secure-contexts/#secure-contexts" id="ref-for-secure-contexts①">secure context</a>.</p>
-     <li data-md="">
+     <li data-md>
       <p>If <code><var>options</var>.<code class="idl"><a data-link-type="idl" href="#dom-credentialrequestoptions-signal" id="ref-for-dom-credentialrequestoptions-signal①">signal</a></code></code>’s <a data-link-type="dfn" href="https://dom.spec.whatwg.org/#abortsignal-aborted-flag" id="ref-for-abortsignal-aborted-flag">aborted flag</a> is set, then return <a data-link-type="dfn" href="https://www.w3.org/2001/tag/doc/promises-guide/#a-promise-rejected-with" id="ref-for-a-promise-rejected-with">a promise rejected with</a> an "<code class="idl"><a data-link-type="idl" href="https://heycam.github.io/webidl/#aborterror" id="ref-for-aborterror②">AbortError</a></code>" <code class="idl"><a data-link-type="idl" href="https://heycam.github.io/webidl/#idl-DOMException" id="ref-for-idl-DOMException②">DOMException</a></code>.</p>
-     <li data-md="">
+     <li data-md>
       <p>Let <var>p</var> be <a data-link-type="dfn" href="https://www.w3.org/2001/tag/doc/promises-guide/#a-new-promise" id="ref-for-a-new-promise">a new promise</a>.</p>
-     <li data-md="">
+     <li data-md>
+      <p>Let <var>origin</var> be the <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#current-settings-object" id="ref-for-current-settings-object③">current settings object</a>'s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#concept-settings-object-origin" id="ref-for-concept-settings-object-origin④">origin</a>.</p>
+     <li data-md>
       <p>Let <var>sameOriginWithAncestors</var> be <code>true</code> if <var>settings</var> is <a data-link-type="dfn" href="#same-origin-with-its-ancestors" id="ref-for-same-origin-with-its-ancestors④">same-origin with its
   ancestors</a>, and <code>false</code> otherwise.</p>
-     <li data-md="">
-      <p>Run the following steps <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/infrastructure.html#in-parallel" id="ref-for-in-parallel">in parallel</a>:</p>
+     <li data-md>
+      <p>Run the following steps <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/infrastructure.html#in-parallel" id="ref-for-in-parallel③">in parallel</a>:</p>
       <ol>
-       <li data-md="">
-        <p>Let <var>credentials</var> be the result of <a data-link-type="abstract-op" href="#abstract-opdef-collect-credentials-from-the-credential-store" id="ref-for-abstract-opdef-collect-credentials-from-the-credential-store">collecting <code>Credential</code>s from the credential store</a>, given <var>options</var> and <var>sameOriginWithAncestors</var>.</p>
-       <li data-md="">
+       <li data-md>
+        <p>Let <var>credentials</var> be the result of <a data-link-type="abstract-op" href="#abstract-opdef-collect-credentials-from-the-credential-store" id="ref-for-abstract-opdef-collect-credentials-from-the-credential-store">collecting <code>Credential</code>s from the credential store</a>, given <var>origin</var>, <var>options</var>, and <var>sameOriginWithAncestors</var>.</p>
+       <li data-md>
         <p>If <var>credentials</var> is an <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-exception" id="ref-for-dfn-exception">exception</a>, <a data-link-type="dfn" href="https://www.w3.org/2001/tag/doc/promises-guide/#reject-promise" id="ref-for-reject-promise">reject</a> <var>p</var> with <var>credentials</var>.</p>
-       <li data-md="">
+       <li data-md>
         <p>If all of the following statements are true, resolve <var>p</var> with <var>credentials</var>[0] and
   skip the remaining steps:</p>
         <ol>
-         <li data-md="">
+         <li data-md>
           <p><var>credentials</var>’ <a data-link-type="dfn" href="https://infra.spec.whatwg.org/#list-size" id="ref-for-list-size">size</a> is 1</p>
-         <li data-md="">
-          <p><var>settings</var>’ <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#concept-settings-object-origin" id="ref-for-concept-settings-object-origin①">origin</a> does not <a data-link-type="dfn" href="#origin-requires-user-mediation" id="ref-for-origin-requires-user-mediation①">require user mediation</a></p>
-         <li data-md="">
+         <li data-md>
+          <p><var>origin</var> does not <a data-link-type="dfn" href="#origin-requires-user-mediation" id="ref-for-origin-requires-user-mediation①">require user mediation</a></p>
+         <li data-md>
           <p><var>options</var> is <a data-link-type="dfn" href="#credentialrequestoptions-matchable-a-priori" id="ref-for-credentialrequestoptions-matchable-a-priori①">matchable <i lang="la">a priori</i></a>.</p>
-         <li data-md="">
+         <li data-md>
           <p><var>options</var>.<code class="idl"><a data-link-type="idl" href="#dom-credentialrequestoptions-mediation" id="ref-for-dom-credentialrequestoptions-mediation①②">mediation</a></code> is not
   "<code class="idl"><a data-link-type="idl" href="#dom-credentialmediationrequirement-required" id="ref-for-dom-credentialmediationrequirement-required⑤">required</a></code>".</p>
         </ol>
         <p class="issue" id="issue-e720ed3b"><a class="self-link" href="#issue-e720ed3b"></a> This might be the wrong model. It would be nice to support a site that wished
   to accept either username/passwords or webauthn-style credentials without forcing
   a chooser for those users who use the former, and who wish to remain signed in.</p>
-       <li data-md="">
+       <li data-md>
         <p>If <var>options</var>’ <code class="idl"><a data-link-type="idl" href="#dom-credentialrequestoptions-mediation" id="ref-for-dom-credentialrequestoptions-mediation①③">mediation</a></code> is
   "<code class="idl"><a data-link-type="idl" href="#dom-credentialmediationrequirement-silent" id="ref-for-dom-credentialmediationrequirement-silent④">silent</a></code>", <a data-link-type="dfn" href="https://www.w3.org/2001/tag/doc/promises-guide/#resolve-promise" id="ref-for-resolve-promise">resolve</a> <var>p</var> with <code>null</code>, and skip
   the remaining steps.</p>
-       <li data-md="">
+       <li data-md>
         <p>Let <var>choice</var> be the result of <a data-link-type="abstract-op" href="#abstract-opdef-ask-the-user-to-choose-a-credential" id="ref-for-abstract-opdef-ask-the-user-to-choose-a-credential">asking the user to
   choose a <code>Credential</code></a>, given <var>options</var> and <var>credentials</var>.</p>
-       <li data-md="">
-        <p>If <var>choice</var> is <code>null</code> or a <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential②⑧">Credential</a></code>, <a data-link-type="dfn" href="https://www.w3.org/2001/tag/doc/promises-guide/#resolve-promise" id="ref-for-resolve-promise①">resolve</a> <var>p</var> with <var>choice</var> and skip the
+       <li data-md>
+        <p>If <var>choice</var> is <code>null</code> or a <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential③④">Credential</a></code>, <a data-link-type="dfn" href="https://www.w3.org/2001/tag/doc/promises-guide/#resolve-promise" id="ref-for-resolve-promise①">resolve</a> <var>p</var> with <var>choice</var> and skip the
   remaining steps.</p>
-       <li data-md="">
-        <p class="assertion">Assert: <var>choice</var> is an <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-interface-object" id="ref-for-dfn-interface-object⑧">interface object</a>.</p>
-       <li data-md="">
-        <p>Let <var>result</var> be the result of executing <var>choice</var>’s <code class="idl"><a data-link-type="idl" href="#dom-credential-discoverfromexternalsource-slot" id="ref-for-dom-credential-discoverfromexternalsource-slot">[[DiscoverFromExternalSource]](options, sameOriginWithAncestors)</a></code>, given <var>options</var> and <var>sameOriginWithAncestors</var>.</p>
-       <li data-md="">
-        <p>If <var>result</var> is a <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential②⑨">Credential</a></code> or <code>null</code>, resolve <var>p</var> with <var>result</var>.</p>
+       <li data-md>
+        <p class="assertion">Assert: <var>choice</var> is an <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-interface-object" id="ref-for-dfn-interface-object⑨">interface object</a>.</p>
+       <li data-md>
+        <p>Let <var>result</var> be the result of executing <var>choice</var>’s <code class="idl"><a data-link-type="idl" href="#dom-credential-discoverfromexternalsource-slot" id="ref-for-dom-credential-discoverfromexternalsource-slot①">[[DiscoverFromExternalSource]](origin, options, sameOriginWithAncestors)</a></code>,
+  given <var>origin</var>, <var>options</var>, and <var>sameOriginWithAncestors</var>.</p>
+       <li data-md>
+        <p>If <var>result</var> is a <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential③⑤">Credential</a></code> or <code>null</code>, resolve <var>p</var> with <var>result</var>.</p>
         <p>Otherwise, <a data-link-type="dfn" href="https://www.w3.org/2001/tag/doc/promises-guide/#reject-promise" id="ref-for-reject-promise①">reject</a> <var>p</var> with <var>result</var>.</p>
       </ol>
-     <li data-md="">
+     <li data-md>
       <p>Return <var>p</var>.</p>
     </ol>
     <h4 class="heading settled algorithm" data-algorithm="Collect Credentials from the credential store" data-level="2.5.2" id="algorithm-collect-known"><span class="secno">2.5.2. </span><span class="content">Collect <code>Credential</code>s from the credential store</span><a class="self-link" href="#algorithm-collect-known"></a></h4>
-    <p>Given a <code class="idl"><a data-link-type="idl" href="#dictdef-credentialrequestoptions" id="ref-for-dictdef-credentialrequestoptions⑨">CredentialRequestOptions</a></code> (<var>options</var>) and a boolean which is <code>true</code> iff the calling
-  context is <a data-link-type="dfn" href="#same-origin-with-its-ancestors" id="ref-for-same-origin-with-its-ancestors⑤">same-origin with its ancestors</a> (<var>sameOriginWithAncestors</var>), the user agent may <dfn class="dfn-paneled" data-dfn-type="abstract-op" data-export="" data-local-lt="collect local" id="abstract-opdef-collect-credentials-from-the-credential-store">collect <code>Credential</code>s from the credential store</dfn>,
-  returning a set of <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential③⓪">Credential</a></code> objects stored by the user agent locally that match <var>options</var>’
-  filter. If no such <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential③①">Credential</a></code> objects are known, the returned set will be empty:</p>
+    <p>Given an <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#concept-settings-object-origin" id="ref-for-concept-settings-object-origin⑤">origin</a> (<var>origin</var>),
+  a <code class="idl"><a data-link-type="idl" href="#dictdef-credentialrequestoptions" id="ref-for-dictdef-credentialrequestoptions⑨">CredentialRequestOptions</a></code> (<var>options</var>), and a boolean which is <code>true</code> iff the calling
+  context is <a data-link-type="dfn" href="#same-origin-with-its-ancestors" id="ref-for-same-origin-with-its-ancestors⑤">same-origin with its ancestors</a> (<var>sameOriginWithAncestors</var>), the user agent may <dfn class="dfn-paneled" data-dfn-type="abstract-op" data-export data-local-lt="collect local" id="abstract-opdef-collect-credentials-from-the-credential-store">collect <code>Credential</code>s from the credential store</dfn>,
+  returning a set of <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential③⑥">Credential</a></code> objects stored by the user agent locally that match <var>options</var>’
+  filter. If no such <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential③⑦">Credential</a></code> objects are known, the returned set will be empty:</p>
     <ol class="algorithm">
-     <li data-md="">
+     <li data-md>
       <p>Let <var>possible matches</var> be an empty set.</p>
-     <li data-md="">
+     <li data-md>
       <p>For each <var>interface</var> in <var>options</var>’ <a data-link-type="dfn" href="#credentialrequestoptions-relevant-credential-interface-objects" id="ref-for-credentialrequestoptions-relevant-credential-interface-objects①">relevant credential interface objects</a>:</p>
       <ol>
-       <li data-md="">
-        <p>Let <var>r</var> be the result of executing <var>interface</var>’s <code class="idl"><a data-link-type="idl" href="#dom-credential-collectfromcredentialstore-slot" id="ref-for-dom-credential-collectfromcredentialstore-slot">[[CollectFromCredentialStore]](options, sameOriginWithAncestors)</a></code> internal
-  method on <var>options</var> and <var>sameOriginWithAncestors</var>.</p>
-       <li data-md="">
+       <li data-md>
+        <p>Let <var>r</var> be the result of executing <var>interface</var>’s <code class="idl"><a data-link-type="idl" href="#dom-credential-collectfromcredentialstore-slot" id="ref-for-dom-credential-collectfromcredentialstore-slot①">[[CollectFromCredentialStore]](origin, options, sameOriginWithAncestors)</a></code> internal method on <var>origin</var>, <var>options</var>, and <var>sameOriginWithAncestors</var>.</p>
+       <li data-md>
         <p>If <var>r</var> is an <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-exception" id="ref-for-dfn-exception①">exception</a>, return <var>r</var>.</p>
-       <li data-md="">
-        <p class="assertion">Assert: <var>r</var> is a list of <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-interface-object" id="ref-for-dfn-interface-object⑨">interface objects</a>.</p>
-       <li data-md="">
+       <li data-md>
+        <p class="assertion">Assert: <var>r</var> is a list of <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-interface-object" id="ref-for-dfn-interface-object①⓪">interface objects</a>.</p>
+       <li data-md>
         <p>For each <var>c</var> in <var>r</var>:</p>
         <ol>
-         <li data-md="">
+         <li data-md>
           <p><a data-link-type="dfn" href="https://infra.spec.whatwg.org/#set-append" id="ref-for-set-append①">Append</a> <var>c</var> to <var>possible matches</var>.</p>
         </ol>
       </ol>
-     <li data-md="">
+     <li data-md>
       <p>Return <var>possible matches</var>.</p>
     </ol>
     <h4 class="heading settled algorithm" data-algorithm="Store a Credential" data-level="2.5.3" id="algorithm-store"><span class="secno">2.5.3. </span><span class="content">Store a <code>Credential</code></span><a class="self-link" href="#algorithm-store"></a></h4>
-    <p>The <dfn class="dfn-paneled" data-dfn-type="abstract-op" data-export="" id="abstract-opdef-store-a-credential">Store a <code>Credential</code></dfn> algorithm accepts a <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential③②">Credential</a></code> (<var>credential</var>), and returns a <code class="idl"><a data-link-type="idl" href="https://heycam.github.io/webidl/#idl-promise" id="ref-for-idl-promise①">Promise</a></code> which resolves once the object is persisted to the <a data-link-type="dfn" href="#concept-credential-store" id="ref-for-concept-credential-store⑨">credential store</a>.</p>
+    <p>The <dfn class="dfn-paneled" data-dfn-type="abstract-op" data-export id="abstract-opdef-store-a-credential">Store a <code>Credential</code></dfn> algorithm accepts a <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential③⑧">Credential</a></code> (<var>credential</var>), and returns a <code class="idl"><a data-link-type="idl" href="https://heycam.github.io/webidl/#idl-promise" id="ref-for-idl-promise①">Promise</a></code> which resolves once the object is persisted to the <a data-link-type="dfn" href="#concept-credential-store" id="ref-for-concept-credential-store⑨">credential store</a>.</p>
     <ol class="algorithm">
-     <li data-md="">
-      <p>Let <var>settings</var> be the <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#current-settings-object" id="ref-for-current-settings-object③">current settings object</a></p>
-     <li data-md="">
+     <li data-md>
+      <p>Let <var>settings</var> be the <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#current-settings-object" id="ref-for-current-settings-object④">current settings object</a></p>
+     <li data-md>
       <p class="assertion">Assert: <var>settings</var> is a <a data-link-type="dfn" href="https://w3c.github.io/webappsec-secure-contexts/#secure-contexts" id="ref-for-secure-contexts②">secure context</a>.</p>
-     <li data-md="">
-      <p>Let <var>sameOriginWithAncestors</var> be <code>true</code> if the <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#current-settings-object" id="ref-for-current-settings-object④">current settings object</a> is <a data-link-type="dfn" href="#same-origin-with-its-ancestors" id="ref-for-same-origin-with-its-ancestors⑥">same-origin
+     <li data-md>
+      <p>Let <var>sameOriginWithAncestors</var> be <code>true</code> if the <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#current-settings-object" id="ref-for-current-settings-object⑤">current settings object</a> is <a data-link-type="dfn" href="#same-origin-with-its-ancestors" id="ref-for-same-origin-with-its-ancestors⑥">same-origin
   with its ancestors</a>, and <code>false</code> otherwise.</p>
-     <li data-md="">
+     <li data-md>
       <p>Let <var>p</var> be <a data-link-type="dfn" href="https://www.w3.org/2001/tag/doc/promises-guide/#a-new-promise" id="ref-for-a-new-promise①">a new promise</a>.</p>
-     <li data-md="">
-      <p>Run the following steps <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/infrastructure.html#in-parallel" id="ref-for-in-parallel①">in parallel</a>:</p>
+     <li data-md>
+      <p>Run the following steps <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/infrastructure.html#in-parallel" id="ref-for-in-parallel④">in parallel</a>:</p>
       <ol>
-       <li data-md="">
-        <p>Let <var>r</var> be the result of executing <var>credential</var>’s <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-interface-object" id="ref-for-dfn-interface-object①⓪">interface object</a>'s <code class="idl"><a data-link-type="idl" href="#dom-credential-store-slot" id="ref-for-dom-credential-store-slot">[[Store]](credential, sameOriginWithAncestors)</a></code> internal method on <var>credential</var> and <var>sameOriginWithAncestors</var>.</p>
-       <li data-md="">
+       <li data-md>
+        <p>Let <var>r</var> be the result of executing <var>credential</var>’s <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-interface-object" id="ref-for-dfn-interface-object①①">interface object</a>'s <code class="idl"><a data-link-type="idl" href="#dom-credential-store-slot" id="ref-for-dom-credential-store-slot①">[[Store]](credential, sameOriginWithAncestors)</a></code> internal method on <var>credential</var> and <var>sameOriginWithAncestors</var>.</p>
+       <li data-md>
         <p>If <var>r</var> is an <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-exception" id="ref-for-dfn-exception②">exception</a>, <a data-link-type="dfn" href="https://www.w3.org/2001/tag/doc/promises-guide/#reject-promise" id="ref-for-reject-promise②">reject</a> <var>p</var> with <var>r</var>.</p>
         <p>Otherwise, <a data-link-type="dfn" href="https://www.w3.org/2001/tag/doc/promises-guide/#resolve-promise" id="ref-for-resolve-promise②">resolve</a> <var>p</var> with <var>r</var>.</p>
       </ol>
-     <li data-md="">
+     <li data-md>
       <p>Return <var>p</var>.</p>
     </ol>
     <h4 class="heading settled algorithm" data-algorithm="Create a Credential" data-level="2.5.4" id="algorithm-create"><span class="secno">2.5.4. </span><span class="content">Create a <code>Credential</code></span><a class="self-link" href="#algorithm-create"></a></h4>
-    <p>The <dfn class="dfn-paneled" data-dfn-type="abstract-op" data-export="" id="abstract-opdef-create-a-credential">Create a <code>Credential</code></dfn> algorithm accepts a <code class="idl"><a data-link-type="idl" href="#dictdef-credentialcreationoptions" id="ref-for-dictdef-credentialcreationoptions④">CredentialCreationOptions</a></code> (<var>options</var>), and returns a <code class="idl"><a data-link-type="idl" href="https://heycam.github.io/webidl/#idl-promise" id="ref-for-idl-promise②">Promise</a></code> which resolves with a <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential③③">Credential</a></code> if one can be created
-  using the options provided, or <code>null</code> if no <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential③④">Credential</a></code> can be created. In exceptional
+    <p>The <dfn class="dfn-paneled" data-dfn-type="abstract-op" data-export id="abstract-opdef-create-a-credential">Create a <code>Credential</code></dfn> algorithm accepts a <code class="idl"><a data-link-type="idl" href="#dictdef-credentialcreationoptions" id="ref-for-dictdef-credentialcreationoptions④">CredentialCreationOptions</a></code> (<var>options</var>), and returns a <code class="idl"><a data-link-type="idl" href="https://heycam.github.io/webidl/#idl-promise" id="ref-for-idl-promise②">Promise</a></code> which resolves with a <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential③⑨">Credential</a></code> if one can be created
+  using the options provided, or <code>null</code> if no <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential④⓪">Credential</a></code> can be created. In exceptional
   circumstances, the <code class="idl"><a data-link-type="idl" href="https://heycam.github.io/webidl/#idl-promise" id="ref-for-idl-promise③">Promise</a></code> may reject with an appropriate exception:</p>
     <ol class="algorithm">
-     <li data-md="">
-      <p>Let <var>settings</var> be the <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#current-settings-object" id="ref-for-current-settings-object⑤">current settings object</a></p>
-     <li data-md="">
+     <li data-md>
+      <p>Let <var>settings</var> be the <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#current-settings-object" id="ref-for-current-settings-object⑥">current settings object</a>.</p>
+     <li data-md>
       <p class="assertion">Assert: <var>settings</var> is a <a data-link-type="dfn" href="https://w3c.github.io/webappsec-secure-contexts/#secure-contexts" id="ref-for-secure-contexts③">secure context</a>.</p>
-     <li data-md="">
-      <p>Let <var>sameOriginWithAncestors</var> be <code>true</code> if the <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#current-settings-object" id="ref-for-current-settings-object⑥">current settings object</a> is <a data-link-type="dfn" href="#same-origin-with-its-ancestors" id="ref-for-same-origin-with-its-ancestors⑦">same-origin
+     <li data-md>
+      <p>Let <var>global</var> be <var>settings</var>’ <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#concept-settings-object-global" id="ref-for-concept-settings-object-global②">global object</a>.</p>
+     <li data-md>
+      <p>Let <var>sameOriginWithAncestors</var> be <code>true</code> if the <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#current-settings-object" id="ref-for-current-settings-object⑦">current settings object</a> is <a data-link-type="dfn" href="#same-origin-with-its-ancestors" id="ref-for-same-origin-with-its-ancestors⑦">same-origin
   with its ancestors</a>, and <code>false</code> otherwise.</p>
-     <li data-md="">
-      <p>Let <var>interfaces</var> be the set of <var>options</var>’ <a data-link-type="dfn" href="#credentialrequestoptions-relevant-credential-interface-objects" id="ref-for-credentialrequestoptions-relevant-credential-interface-objects②">relevant credential interface objects</a>.</p>
-     <li data-md="">
+     <li data-md>
+      <p>Let <var>interfaces</var> be the <a data-link-type="dfn" href="https://infra.spec.whatwg.org/#ordered-set" id="ref-for-ordered-set">set</a> of <var>options</var>’ <a data-link-type="dfn" href="#credentialrequestoptions-relevant-credential-interface-objects" id="ref-for-credentialrequestoptions-relevant-credential-interface-objects②">relevant credential interface objects</a>.</p>
+     <li data-md>
       <p>Return <a data-link-type="dfn" href="https://www.w3.org/2001/tag/doc/promises-guide/#a-promise-rejected-with" id="ref-for-a-promise-rejected-with①">a promise rejected with</a> <code>NotSupportedError</code> if any of the following statements
   are true:</p>
       <ol>
-       <li data-md="">
+       <li data-md>
         <p><var>settings</var> does not have a <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#responsible-document" id="ref-for-responsible-document">responsible document</a>.</p>
-       <li data-md="">
+       <li data-md>
         <p><var>interfaces</var>’ <a data-link-type="dfn" href="https://infra.spec.whatwg.org/#list-size" id="ref-for-list-size①">size</a> is greater than 1.</p>
         <p class="note" role="note"><span>Note:</span> It may be reasonable at some point in the future to loosen this restriction, and
   allow the user agent to help the user choose among one of many potential credential
   types in order to support a "sign-up" use case. For the moment, though, we’re punting
   on that by restricting the dictionary to a single entry.</p>
       </ol>
-     <li data-md="">
+     <li data-md>
       <p>If <code><var>options</var>.<code class="idl"><a data-link-type="idl" href="#dom-credentialcreationoptions-signal" id="ref-for-dom-credentialcreationoptions-signal①">signal</a></code></code>’s <a data-link-type="dfn" href="https://dom.spec.whatwg.org/#abortsignal-aborted-flag" id="ref-for-abortsignal-aborted-flag①">aborted
   flag</a> is set, then return <a data-link-type="dfn" href="https://www.w3.org/2001/tag/doc/promises-guide/#a-promise-rejected-with" id="ref-for-a-promise-rejected-with②">a promise rejected with</a> an "<code class="idl"><a data-link-type="idl" href="https://heycam.github.io/webidl/#aborterror" id="ref-for-aborterror③">AbortError</a></code>" <code class="idl"><a data-link-type="idl" href="https://heycam.github.io/webidl/#idl-DOMException" id="ref-for-idl-DOMException③">DOMException</a></code>.</p>
-     <li data-md="">
+     <li data-md>
       <p>Let <var>p</var> be <a data-link-type="dfn" href="https://www.w3.org/2001/tag/doc/promises-guide/#a-new-promise" id="ref-for-a-new-promise②">a new promise</a>.</p>
-     <li data-md="">
-      <p>Run the following steps <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/infrastructure.html#in-parallel" id="ref-for-in-parallel②">in parallel</a>:</p>
+     <li data-md>
+      <p>Let <var>origin</var> be <var>settings</var>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#concept-settings-object-origin" id="ref-for-concept-settings-object-origin⑥">origin</a>.</p>
+     <li data-md>
+      <p>Run the following steps <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/infrastructure.html#in-parallel" id="ref-for-in-parallel⑤">in parallel</a>:</p>
       <ol>
-       <li data-md="">
-        <p>Let <var>r</var> be the result of executing <var>interfaces</var>[0] <code class="idl"><a data-link-type="idl" href="#dom-credential-create-slot" id="ref-for-dom-credential-create-slot">[[Create]](options, sameOriginWithAncestors)</a></code> internal method on <var>options</var> and <var>sameOriginWithAncestors</var>.</p>
-       <li data-md="">
-        <p>If <var>r</var> is an <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-exception" id="ref-for-dfn-exception③">exception</a>, <a data-link-type="dfn" href="https://www.w3.org/2001/tag/doc/promises-guide/#reject-promise" id="ref-for-reject-promise③">reject</a> <var>p</var> with <var>r</var>.</p>
-        <p>Otherwise, <a data-link-type="dfn" href="https://www.w3.org/2001/tag/doc/promises-guide/#resolve-promise" id="ref-for-resolve-promise③">resolve</a> <var>p</var> with <var>r</var>.</p>
+       <li data-md>
+        <p>Let <var>r</var> be the result of executing <var>interfaces</var>[0] <code class="idl"><a data-link-type="idl" href="#dom-credential-create-slot" id="ref-for-dom-credential-create-slot①">[[Create]](origin, options, sameOriginWithAncestors)</a></code> internal method on <var>origin</var>, <var>options</var>, and <var>sameOriginWithAncestors</var>.</p>
+       <li data-md>
+        <p>If <var>r</var> is an <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-exception" id="ref-for-dfn-exception③">exception</a>, <a data-link-type="dfn" href="https://www.w3.org/2001/tag/doc/promises-guide/#reject-promise" id="ref-for-reject-promise③">reject</a> <var>p</var> with <var>r</var>, and terminate these substeps.</p>
+       <li data-md>
+        <p>If <var>r</var> is a <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential④①">Credential</a></code> or <code>null</code>, <a data-link-type="dfn" href="https://www.w3.org/2001/tag/doc/promises-guide/#resolve-promise" id="ref-for-resolve-promise③">resolve</a> <var>p</var> with <var>r</var>, and terminate these substeps.</p>
+       <li data-md>
+        <p class="assertion">Assert: <var>r</var> is a algorithm (as defined in <a href="#algorithm-create-cred">§2.2.1.4 [[Create]] internal method</a>).</p>
+       <li data-md>
+        <p><a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#queue-a-task" id="ref-for-queue-a-task">Queue a task</a> on <var>global</var>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#dom-manipulation-task-source" id="ref-for-dom-manipulation-task-source">DOM manipulation task source</a> to run the following substeps:</p>
+        <ol>
+         <li data-md>
+          <p><a data-link-type="dfn" href="https://www.w3.org/2001/tag/doc/promises-guide/#resolve-promise" id="ref-for-resolve-promise④">Resolve</a> <var>p</var> with the result of <a data-link-type="dfn" href="https://www.w3.org/2001/tag/doc/promises-guide/#promise-calling" id="ref-for-promise-calling">promise-calling</a> <var>r</var> given <var>global</var>.</p>
+        </ol>
       </ol>
-     <li data-md="">
+     <li data-md>
       <p>Return <var>p</var>.</p>
     </ol>
     <h4 class="heading settled algorithm" data-algorithm="Prevent Silent Access" data-level="2.5.5" id="algorithm-prevent-silent-access"><span class="secno">2.5.5. </span><span class="content">Prevent Silent Access</span><a class="self-link" href="#algorithm-prevent-silent-access"></a></h4>
-    <p>The <dfn class="dfn-paneled" data-dfn-type="abstract-op" data-export="" id="abstract-opdef-prevent-silent-access">Prevent Silent Access</dfn> algorithm accepts an <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#environment-settings-object" id="ref-for-environment-settings-object⑤">environment settings
+    <p>The <dfn class="dfn-paneled" data-dfn-type="abstract-op" data-export id="abstract-opdef-prevent-silent-access">Prevent Silent Access</dfn> algorithm accepts an <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#environment-settings-object" id="ref-for-environment-settings-object⑤">environment settings
   object</a> (<var>settings</var>), and returns a <code class="idl"><a data-link-type="idl" href="https://heycam.github.io/webidl/#idl-promise" id="ref-for-idl-promise④">Promise</a></code> which resolves once the <code>prevent silent access</code> flag is persisted to the <a data-link-type="dfn" href="#concept-credential-store" id="ref-for-concept-credential-store①⓪">credential store</a>.</p>
     <ol class="algorithm">
-     <li data-md="">
-      <p>Let <var>origin</var> be <var>settings</var>’ <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#concept-settings-object-origin" id="ref-for-concept-settings-object-origin②">origin</a>.</p>
-     <li data-md="">
+     <li data-md>
+      <p>Let <var>origin</var> be <var>settings</var>’ <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#concept-settings-object-origin" id="ref-for-concept-settings-object-origin⑦">origin</a>.</p>
+     <li data-md>
       <p>Let <var>p</var> be <a data-link-type="dfn" href="https://www.w3.org/2001/tag/doc/promises-guide/#a-new-promise" id="ref-for-a-new-promise③">a new promise</a></p>
-     <li data-md="">
-      <p>Run the following seps <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/infrastructure.html#in-parallel" id="ref-for-in-parallel③">in parallel</a>:</p>
+     <li data-md>
+      <p>Run the following seps <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/infrastructure.html#in-parallel" id="ref-for-in-parallel⑥">in parallel</a>:</p>
       <ol>
-       <li data-md="">
+       <li data-md>
         <p>Set <var>origin</var>’s <a data-link-type="dfn" href="#origin-prevent-silent-access-flag" id="ref-for-origin-prevent-silent-access-flag③"><code>prevent silent access</code> flag</a> in the <a data-link-type="dfn" href="#concept-credential-store" id="ref-for-concept-credential-store①①">credential store</a>.</p>
-       <li data-md="">
-        <p><a data-link-type="dfn" href="https://www.w3.org/2001/tag/doc/promises-guide/#resolve-promise" id="ref-for-resolve-promise④">Resolve</a> <var>p</var> with <code>undefined</code>.</p>
+       <li data-md>
+        <p><a data-link-type="dfn" href="https://www.w3.org/2001/tag/doc/promises-guide/#resolve-promise" id="ref-for-resolve-promise⑤">Resolve</a> <var>p</var> with <code>undefined</code>.</p>
       </ol>
-     <li data-md="">
+     <li data-md>
       <p>Retun <var>p</var>.</p>
     </ol>
    </section>
    <section>
     <h2 class="heading settled" data-level="3" id="passwords"><span class="secno">3. </span><span class="content">Password Credentials</span><a class="self-link" href="#passwords"></a></h2>
     <p>For good or for ill, many websites rely on username/password pairs as an authentication mechanism.
-  The <code class="idl"><a data-link-type="idl" href="#passwordcredential" id="ref-for-passwordcredential①">PasswordCredential</a></code> interface is a <a data-link-type="dfn" href="#concept-credential" id="ref-for-concept-credential①⑤">credential</a> meant to enable this use case, storing
+  The <code class="idl"><a data-link-type="idl" href="#passwordcredential" id="ref-for-passwordcredential①">PasswordCredential</a></code> interface is a <a data-link-type="dfn" href="#concept-credential" id="ref-for-concept-credential①⑥">credential</a> meant to enable this use case, storing
   both a username and password, as well as metadata that can help a user choose the right account
   from within a <a data-link-type="dfn" href="#credential-chooser" id="ref-for-credential-chooser⑥">credential chooser</a>.</p>
     <h3 class="heading settled" data-level="3.1" id="password-examples"><span class="secno">3.1. </span><span class="content">Examples</span><a class="self-link" href="#password-examples"></a></h3>
     <h4 class="heading settled" data-level="3.1.1" id="examples-password-signin"><span class="secno">3.1.1. </span><span class="content">Password-based Sign-in</span><a class="self-link" href="#examples-password-signin"></a></h4>
-    <div class="example" id="example-77cfb89a">
-     <a class="self-link" href="#example-77cfb89a"></a> MegaCorp, Inc. supports passwords, and can use <code class="idl"><a data-link-type="idl" href="#dom-credentialscontainer-get" id="ref-for-dom-credentialscontainer-get①⑤">navigator.credentials.get()</a></code> to obtain
+    <div class="example" id="example-1e3287d5">
+     <a class="self-link" href="#example-1e3287d5"></a> MegaCorp, Inc. supports passwords, and can use <code class="idl"><a data-link-type="idl" href="#dom-credentialscontainer-get" id="ref-for-dom-credentialscontainer-get①⑤">navigator.credentials.get()</a></code> to obtain
     username/password pairs from a user’s <a data-link-type="dfn" href="#concept-credential-store" id="ref-for-concept-credential-store①②">credential store</a>: 
 <pre>navigator.<a class="idl-code" data-link-type="attribute" href="#dom-navigator-credentials" id="ref-for-dom-navigator-credentials⑥">credentials</a>
   .<a data-link-type="idl" href="#dom-credentialscontainer-get" id="ref-for-dom-credentialscontainer-get①⑥">get</a>({ '<a class="idl-code" data-link-type="dict-member" href="#dom-credentialrequestoptions-password" id="ref-for-dom-credentialrequestoptions-password">password</a>': true })
@@ -2429,12 +2466,12 @@ <h4 class="heading settled" data-level="3.1.1" id="examples-password-signin"><sp
     if (!credential) {
       return; // as above...
     }
-    if (credential.<a class="idl-code" data-link-type="attribute" href="#dom-credential-type" id="ref-for-dom-credential-type②">type</a> == '<a class="idl-code" data-link-type="const" href="#password-literal">password</a>') {
-      document.getQuerySelector('input[name=username_field]').value =
-          credential.id;
-      document.getQuerySelector('input[name=password_field]').value =
-          credential.password;
-      document.getQuerySelector('#myform').submit();
+    if (credential.<a class="idl-code" data-link-type="attribute" href="#dom-credential-type" id="ref-for-dom-credential-type②">type</a> === '<a class="idl-code" data-link-type="const" href="#password-literal">password</a>') {
+      document.querySelector('input[name=username_field]').value =
+        credential.id;
+      document.querySelector('input[name=password_field]').value =
+        credential.password;
+      document.getElementById('myform').submit();
     }
   });
 </pre>
@@ -2538,51 +2575,51 @@ <h4 class="heading settled" data-level="3.1.3" id="examples-change-password"><sp
 </pre>
     </div>
     <h3 class="heading settled" data-level="3.2" id="passwordcredential-interface"><span class="secno">3.2. </span><span class="content">The <code>PasswordCredential</code> Interface</span><a class="self-link" href="#passwordcredential-interface"></a></h3>
-<pre class="idl highlight def"><span class="kt">typedef</span> (<a class="n" data-link-type="idl-name" href="https://xhr.spec.whatwg.org/#interface-formdata" id="ref-for-interface-formdata">FormData</a> <span class="kt">or</span> <a class="n" data-link-type="idl-name" href="https://url.spec.whatwg.org/#urlsearchparams" id="ref-for-urlsearchparams">URLSearchParams</a>) <dfn class="nv idl-code" data-dfn-type="typedef" data-export="" id="typedefdef-credentialbodytype"><code>CredentialBodyType</code><a class="self-link" href="#typedefdef-credentialbodytype"></a></dfn>;
-
-[<a class="nv idl-code" data-link-type="constructor" href="#dom-passwordcredential-passwordcredential" id="ref-for-dom-passwordcredential-passwordcredential②">Constructor</a>(<a class="n" data-link-type="idl-name" href="https://html.spec.whatwg.org/multipage/forms.html#htmlformelement" id="ref-for-htmlformelement②">HTMLFormElement</a> <dfn class="nv idl-code" data-dfn-for="PasswordCredential/PasswordCredential(form)" data-dfn-type="argument" data-export="" id="dom-passwordcredential-passwordcredential-form-form"><code>form</code><a class="self-link" href="#dom-passwordcredential-passwordcredential-form-form"></a></dfn>),
- <a class="nv idl-code" data-link-type="constructor" href="#dom-passwordcredential-passwordcredential-data" id="ref-for-dom-passwordcredential-passwordcredential-data">Constructor</a>(<a class="n" data-link-type="idl-name" href="#dictdef-passwordcredentialdata" id="ref-for-dictdef-passwordcredentialdata">PasswordCredentialData</a> <dfn class="nv idl-code" data-dfn-for="PasswordCredential/PasswordCredential(data)" data-dfn-type="argument" data-export="" id="dom-passwordcredential-passwordcredential-data-data"><code>data</code><a class="self-link" href="#dom-passwordcredential-passwordcredential-data-data"></a></dfn>),
- <a class="nv idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#Exposed" id="ref-for-Exposed②">Exposed</a>=<span class="n">Window</span>,
- <a class="nv idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#SecureContext" id="ref-for-SecureContext④">SecureContext</a>]
-<span class="kt">interface</span> <dfn class="nv dfn-paneled idl-code" data-dfn-type="interface" data-export="" id="passwordcredential"><code>PasswordCredential</code></dfn> : <a class="n" data-link-type="idl-name" href="#credential" id="ref-for-credential③⑤">Credential</a> {
-  <span class="kt">readonly</span> <span class="kt">attribute</span> <a class="n idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-USVString" id="ref-for-idl-USVString⑦"><span class="kt">USVString</span></a> <a class="nv idl-code" data-link-type="attribute" data-readonly="" data-type="USVString" href="#dom-passwordcredential-password" id="ref-for-dom-passwordcredential-password">password</a>;
+<pre class="idl highlight def">[<a class="idl-code" data-link-type="constructor" href="#dom-passwordcredential-passwordcredential" id="ref-for-dom-passwordcredential-passwordcredential②"><c- g>Constructor</c-></a>(<a class="n" data-link-type="idl-name" href="https://html.spec.whatwg.org/multipage/forms.html#htmlformelement" id="ref-for-htmlformelement②"><c- n>HTMLFormElement</c-></a> <dfn class="idl-code" data-dfn-for="PasswordCredential/PasswordCredential(form)" data-dfn-type="argument" data-export id="dom-passwordcredential-passwordcredential-form-form"><code><c- g>form</c-></code><a class="self-link" href="#dom-passwordcredential-passwordcredential-form-form"></a></dfn>),
+ <a class="idl-code" data-link-type="constructor" href="#dom-passwordcredential-passwordcredential-data" id="ref-for-dom-passwordcredential-passwordcredential-data"><c- g>Constructor</c-></a>(<a class="n" data-link-type="idl-name" href="#dictdef-passwordcredentialdata" id="ref-for-dictdef-passwordcredentialdata"><c- n>PasswordCredentialData</c-></a> <dfn class="idl-code" data-dfn-for="PasswordCredential/PasswordCredential(data)" data-dfn-type="argument" data-export id="dom-passwordcredential-passwordcredential-data-data"><code><c- g>data</c-></code><a class="self-link" href="#dom-passwordcredential-passwordcredential-data-data"></a></dfn>),
+ <a class="idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#Exposed" id="ref-for-Exposed②"><c- g>Exposed</c-></a>=<c- n>Window</c->,
+ <a class="idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#SecureContext" id="ref-for-SecureContext④"><c- g>SecureContext</c-></a>]
+<c- b>interface</c-> <dfn class="dfn-paneled idl-code" data-dfn-type="interface" data-export id="passwordcredential"><code><c- g>PasswordCredential</c-></code></dfn> : <a class="n" data-link-type="idl-name" href="#credential" id="ref-for-credential④②"><c- n>Credential</c-></a> {
+  <c- b>readonly</c-> <c- b>attribute</c-> <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-USVString" id="ref-for-idl-USVString⑦"><c- b>USVString</c-></a> <a class="idl-code" data-link-type="attribute" data-readonly data-type="USVString" href="#dom-passwordcredential-password" id="ref-for-dom-passwordcredential-password"><c- g>password</c-></a>;
 };
-<a class="n" data-link-type="idl-name" href="#passwordcredential" id="ref-for-passwordcredential⑥">PasswordCredential</a> <span class="kt">includes</span> <a class="n" data-link-type="idl-name" href="#credentialuserdata" id="ref-for-credentialuserdata">CredentialUserData</a>;
+<a class="n" data-link-type="idl-name" href="#passwordcredential" id="ref-for-passwordcredential⑥"><c- n>PasswordCredential</c-></a> <c- b>includes</c-> <a class="n" data-link-type="idl-name" href="#credentialuserdata" id="ref-for-credentialuserdata"><c- n>CredentialUserData</c-></a>;
 
-<span class="kt">partial</span> <span class="kt">dictionary</span> <a class="nv idl-code" data-link-type="dictionary" href="#dictdef-credentialrequestoptions" id="ref-for-dictdef-credentialrequestoptions①⓪">CredentialRequestOptions</a> {
-  <a class="n idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-boolean" id="ref-for-idl-boolean"><span class="kt">boolean</span></a> <dfn class="nv dfn-paneled idl-code" data-default="false" data-dfn-for="CredentialRequestOptions" data-dfn-type="dict-member" data-export="" data-type="boolean " id="dom-credentialrequestoptions-password"><code>password</code></dfn> = <span class="kt">false</span>;
+<c- b>partial</c-> <c- b>dictionary</c-> <a class="idl-code" data-link-type="dictionary" href="#dictdef-credentialrequestoptions" id="ref-for-dictdef-credentialrequestoptions①⓪"><c- g>CredentialRequestOptions</c-></a> {
+  <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-boolean" id="ref-for-idl-boolean"><c- b>boolean</c-></a> <dfn class="dfn-paneled idl-code" data-default="false" data-dfn-for="CredentialRequestOptions" data-dfn-type="dict-member" data-export data-type="boolean " id="dom-credentialrequestoptions-password"><code><c- g>password</c-></code></dfn> = <c- b>false</c->;
 };
 </pre>
     <div>
      <dl>
-      <dt data-md=""><dfn class="dfn-paneled idl-code" data-dfn-for="PasswordCredential" data-dfn-type="attribute" data-export="" id="dom-passwordcredential-password"><code>password</code></dfn>, <span> of type <a data-link-type="idl-name" href="https://heycam.github.io/webidl/#idl-USVString" id="ref-for-idl-USVString⑧">USVString</a>, readonly</span>
-      <dd data-md="">
+      <dt data-md><dfn class="dfn-paneled idl-code" data-dfn-for="PasswordCredential" data-dfn-type="attribute" data-export id="dom-passwordcredential-password"><code>password</code></dfn>, <span> of type <a data-link-type="idl-name" href="https://heycam.github.io/webidl/#idl-USVString" id="ref-for-idl-USVString⑧">USVString</a>, readonly</span>
+      <dd data-md>
        <p>This attribute represents the password of the credential.</p>
-      <dt data-md=""><code class="idl"><a data-link-type="idl" href="#dom-credential-type-slot" id="ref-for-dom-credential-type-slot③">[[type]]</a></code>
-      <dd data-md="">
-       <p>The <code class="idl"><a data-link-type="idl" href="#passwordcredential" id="ref-for-passwordcredential⑦">PasswordCredential</a></code> <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-interface-object" id="ref-for-dfn-interface-object①①">interface object</a> has an internal slot named <code>[[type]]</code> whose
-  value is "<dfn class="dfn-paneled idl-code" data-dfn-for="Credential/[[type]]" data-dfn-type="const" data-export="" id="dom-credential-type-password"><code>password</code></dfn>".</p>
-      <dt data-md=""><code class="idl"><a data-link-type="idl" href="#dom-credential-discovery-slot" id="ref-for-dom-credential-discovery-slot①">[[discovery]]</a></code>
-      <dd data-md="">
-       <p>The <code class="idl"><a data-link-type="idl" href="#passwordcredential" id="ref-for-passwordcredential⑧">PasswordCredential</a></code> <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-interface-object" id="ref-for-dfn-interface-object①②">interface object</a> has an internal slot named <code>[[discovery]]</code> whose value is "<code class="idl"><a data-link-type="idl" href="#dom-credential-discovery-credential-store" id="ref-for-dom-credential-discovery-credential-store①">credential store</a></code>".</p>
-      <dt data-md=""><dfn class="dfn-paneled idl-code" data-dfn-for="PasswordCredential" data-dfn-type="constructor" data-export="" id="dom-passwordcredential-passwordcredential"><code>PasswordCredential(form)</code></dfn>
-      <dd data-md="">
+      <dt data-md><code class="idl"><a data-link-type="idl" href="#dom-credential-type-slot" id="ref-for-dom-credential-type-slot③">[[type]]</a></code>
+      <dd data-md>
+       <p>The <code class="idl"><a data-link-type="idl" href="#passwordcredential" id="ref-for-passwordcredential⑦">PasswordCredential</a></code> <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-interface-object" id="ref-for-dfn-interface-object①②">interface object</a> has an internal slot named <code>[[type]]</code> whose
+  value is "<dfn class="dfn-paneled idl-code" data-dfn-for="Credential/[[type]]" data-dfn-type="const" data-export id="dom-credential-type-password"><code>password</code></dfn>".</p>
+      <dt data-md><code class="idl"><a data-link-type="idl" href="#dom-credential-discovery-slot" id="ref-for-dom-credential-discovery-slot①">[[discovery]]</a></code>
+      <dd data-md>
+       <p>The <code class="idl"><a data-link-type="idl" href="#passwordcredential" id="ref-for-passwordcredential⑧">PasswordCredential</a></code> <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-interface-object" id="ref-for-dfn-interface-object①③">interface object</a> has an internal slot named <code>[[discovery]]</code> whose value is "<code class="idl"><a data-link-type="idl" href="#dom-credential-discovery-credential-store" id="ref-for-dom-credential-discovery-credential-store①">credential store</a></code>".</p>
+      <dt data-md><dfn class="dfn-paneled idl-code" data-dfn-for="PasswordCredential" data-dfn-type="constructor" data-export id="dom-passwordcredential-passwordcredential"><code>PasswordCredential(form)</code></dfn>
+      <dd data-md>
        <p>This constructor accepts an <code class="idl"><a data-link-type="idl" href="https://html.spec.whatwg.org/multipage/forms.html#htmlformelement" id="ref-for-htmlformelement③">HTMLFormElement</a></code> (<var>form</var>), and runs the following steps:</p>
        <ol>
-        <li data-md="">
+        <li data-md>
+         <p>Let <var>origin</var> be the <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#current-settings-object" id="ref-for-current-settings-object⑧">current settings object</a>'s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#concept-settings-object-origin" id="ref-for-concept-settings-object-origin⑧">origin</a>.</p>
+        <li data-md>
          <p>Let <var>r</var> be the result of executing <a data-link-type="abstract-op" href="#abstract-opdef-create-a-passwordcredential-from-an-htmlformelement" id="ref-for-abstract-opdef-create-a-passwordcredential-from-an-htmlformelement">Create a <code>PasswordCredential</code> from
-  an <code>HTMLFormElement</code></a> on <var>form</var>.</p>
-        <li data-md="">
+  an <code>HTMLFormElement</code></a> given <var>form</var> and <var>origin</var>.</p>
+        <li data-md>
          <p>If <var>r</var> is an <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-exception" id="ref-for-dfn-exception④">exception</a>, <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-throw" id="ref-for-dfn-throw">throw</a> <var>r</var>.</p>
          <p>Otherwise, return <var>r</var>.</p>
        </ol>
-      <dt data-md=""><dfn class="dfn-paneled idl-code" data-dfn-for="PasswordCredential" data-dfn-type="constructor" data-export="" id="dom-passwordcredential-passwordcredential-data"><code>PasswordCredential(data)</code></dfn>
-      <dd data-md="">
+      <dt data-md><dfn class="dfn-paneled idl-code" data-dfn-for="PasswordCredential" data-dfn-type="constructor" data-export id="dom-passwordcredential-passwordcredential-data"><code>PasswordCredential(data)</code></dfn>
+      <dd data-md>
        <p>This constructor accepts a <code class="idl"><a data-link-type="idl" href="#dictdef-passwordcredentialdata" id="ref-for-dictdef-passwordcredentialdata①">PasswordCredentialData</a></code> (<var>data</var>), and runs the following steps:</p>
        <ol>
-        <li data-md="">
+        <li data-md>
          <p>Let <var>r</var> be the result of executing <a data-link-type="abstract-op" href="#abstract-opdef-create-a-passwordcredential-from-passwordcredentialdata" id="ref-for-abstract-opdef-create-a-passwordcredential-from-passwordcredentialdata">Create a <code>PasswordCredential</code> from <code>PasswordCredentialData</code></a> on <var>data</var>.</p>
-        <li data-md="">
+        <li data-md>
          <p>If <var>r</var> is an <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-exception" id="ref-for-dfn-exception⑤">exception</a>, <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-throw" id="ref-for-dfn-throw①">throw</a> <var>r</var>.</p>
          <p>Otherwise, return <var>r</var>.</p>
        </ol>
@@ -2590,170 +2627,175 @@ <h3 class="heading settled" data-level="3.2" id="passwordcredential-interface"><
     </div>
     <p><code class="idl"><a data-link-type="idl" href="#passwordcredential" id="ref-for-passwordcredential⑨">PasswordCredential</a></code> objects can be created via <code class="idl"><a data-link-type="idl" href="#dom-credentialscontainer-create" id="ref-for-dom-credentialscontainer-create⑤">navigator.credentials.create()</a></code> either explicitly by passing in a <code class="idl"><a data-link-type="idl" href="#dictdef-passwordcredentialdata" id="ref-for-dictdef-passwordcredentialdata②">PasswordCredentialData</a></code> dictionary, or based on the contents
   of an <code class="idl"><a data-link-type="idl" href="https://html.spec.whatwg.org/multipage/forms.html#htmlformelement" id="ref-for-htmlformelement④">HTMLFormElement</a></code>'s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/forms.html#category-submit" id="ref-for-category-submit">submittable elements</a>.</p>
-<pre class="idl highlight def"><span class="kt">dictionary</span> <dfn class="nv dfn-paneled idl-code" data-dfn-type="dictionary" data-export="" id="dictdef-passwordcredentialdata"><code>PasswordCredentialData</code></dfn> : <a class="n" data-link-type="idl-name" href="#dictdef-credentialdata" id="ref-for-dictdef-credentialdata">CredentialData</a> {
-  <a class="n idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-USVString" id="ref-for-idl-USVString⑨"><span class="kt">USVString</span></a> <dfn class="nv dfn-paneled idl-code" data-dfn-for="PasswordCredentialData" data-dfn-type="dict-member" data-export="" data-type="USVString " id="dom-passwordcredentialdata-name"><code>name</code></dfn>;
-  <a class="n idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-USVString" id="ref-for-idl-USVString①⓪"><span class="kt">USVString</span></a> <dfn class="nv dfn-paneled idl-code" data-dfn-for="PasswordCredentialData" data-dfn-type="dict-member" data-export="" data-type="USVString " id="dom-passwordcredentialdata-iconurl"><code>iconURL</code></dfn>;
-  <span class="kt">required</span> <a class="n idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-USVString" id="ref-for-idl-USVString①①"><span class="kt">USVString</span></a> <dfn class="nv dfn-paneled idl-code" data-dfn-for="PasswordCredentialData" data-dfn-type="dict-member" data-export="" data-type="USVString " id="dom-passwordcredentialdata-password"><code>password</code></dfn>;
+<pre class="idl highlight def"><c- b>dictionary</c-> <dfn class="dfn-paneled idl-code" data-dfn-type="dictionary" data-export id="dictdef-passwordcredentialdata"><code><c- g>PasswordCredentialData</c-></code></dfn> : <a class="n" data-link-type="idl-name" href="#dictdef-credentialdata" id="ref-for-dictdef-credentialdata"><c- n>CredentialData</c-></a> {
+  <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-USVString" id="ref-for-idl-USVString⑨"><c- b>USVString</c-></a> <dfn class="dfn-paneled idl-code" data-dfn-for="PasswordCredentialData" data-dfn-type="dict-member" data-export data-type="USVString " id="dom-passwordcredentialdata-name"><code><c- g>name</c-></code></dfn>;
+  <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-USVString" id="ref-for-idl-USVString①⓪"><c- b>USVString</c-></a> <dfn class="dfn-paneled idl-code" data-dfn-for="PasswordCredentialData" data-dfn-type="dict-member" data-export data-type="USVString " id="dom-passwordcredentialdata-iconurl"><code><c- g>iconURL</c-></code></dfn>;
+  <c- b>required</c-> <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-USVString" id="ref-for-idl-USVString①①"><c- b>USVString</c-></a> <dfn class="dfn-paneled idl-code" data-dfn-for="PasswordCredentialData" data-dfn-type="dict-member" data-export data-type="USVString " id="dom-passwordcredentialdata-origin"><code><c- g>origin</c-></code></dfn>;
+  <c- b>required</c-> <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-USVString" id="ref-for-idl-USVString①②"><c- b>USVString</c-></a> <dfn class="dfn-paneled idl-code" data-dfn-for="PasswordCredentialData" data-dfn-type="dict-member" data-export data-type="USVString " id="dom-passwordcredentialdata-password"><code><c- g>password</c-></code></dfn>;
 };
 
-<span class="kt">typedef</span> (<a class="n" data-link-type="idl-name" href="#dictdef-passwordcredentialdata" id="ref-for-dictdef-passwordcredentialdata③">PasswordCredentialData</a> <span class="kt">or</span> <a class="n" data-link-type="idl-name" href="https://html.spec.whatwg.org/multipage/forms.html#htmlformelement" id="ref-for-htmlformelement⑤">HTMLFormElement</a>) <dfn class="nv dfn-paneled idl-code" data-dfn-type="typedef" data-export="" id="typedefdef-passwordcredentialinit"><code>PasswordCredentialInit</code></dfn>;
+<c- b>typedef</c-> (<a class="n" data-link-type="idl-name" href="#dictdef-passwordcredentialdata" id="ref-for-dictdef-passwordcredentialdata③"><c- n>PasswordCredentialData</c-></a> <c- b>or</c-> <a class="n" data-link-type="idl-name" href="https://html.spec.whatwg.org/multipage/forms.html#htmlformelement" id="ref-for-htmlformelement⑤"><c- n>HTMLFormElement</c-></a>) <dfn class="dfn-paneled idl-code" data-dfn-type="typedef" data-export id="typedefdef-passwordcredentialinit"><code><c- g>PasswordCredentialInit</c-></code></dfn>;
 
-<span class="kt">partial</span> <span class="kt">dictionary</span> <a class="nv idl-code" data-link-type="dictionary" href="#dictdef-credentialcreationoptions" id="ref-for-dictdef-credentialcreationoptions⑤">CredentialCreationOptions</a> {
-  <a class="n" data-link-type="idl-name" href="#typedefdef-passwordcredentialinit" id="ref-for-typedefdef-passwordcredentialinit">PasswordCredentialInit</a> <dfn class="nv dfn-paneled idl-code" data-dfn-for="CredentialCreationOptions" data-dfn-type="dict-member" data-export="" data-type="PasswordCredentialInit " id="dom-credentialcreationoptions-password"><code>password</code></dfn>;
+<c- b>partial</c-> <c- b>dictionary</c-> <a class="idl-code" data-link-type="dictionary" href="#dictdef-credentialcreationoptions" id="ref-for-dictdef-credentialcreationoptions⑤"><c- g>CredentialCreationOptions</c-></a> {
+  <a class="n" data-link-type="idl-name" href="#typedefdef-passwordcredentialinit" id="ref-for-typedefdef-passwordcredentialinit"><c- n>PasswordCredentialInit</c-></a> <dfn class="dfn-paneled idl-code" data-dfn-for="CredentialCreationOptions" data-dfn-type="dict-member" data-export data-type="PasswordCredentialInit " id="dom-credentialcreationoptions-password"><code><c- g>password</c-></code></dfn>;
 };
 </pre>
     <p><code class="idl"><a data-link-type="idl" href="#passwordcredential" id="ref-for-passwordcredential①⓪">PasswordCredential</a></code> objects are <a data-link-type="dfn" href="#credential-origin-bound" id="ref-for-credential-origin-bound">origin bound</a>.</p>
-    <p><code class="idl"><a data-link-type="idl" href="#passwordcredential" id="ref-for-passwordcredential①①">PasswordCredential</a></code>'s <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-interface-object" id="ref-for-dfn-interface-object①③">interface object</a> inherits <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential③⑥">Credential</a></code>'s implementation of <code class="idl"><a data-link-type="idl" href="#dom-credential-discoverfromexternalsource-slot" id="ref-for-dom-credential-discoverfromexternalsource-slot①">[[DiscoverFromExternalSource]](options, sameOriginWithAncestors)</a></code>, and defines its
-  own implementation of <code class="idl"><a data-link-type="idl" href="#dom-passwordcredential-collectfromcredentialstore-slot" id="ref-for-dom-passwordcredential-collectfromcredentialstore-slot">[[CollectFromCredentialStore]](options, sameOriginWithAncestors)</a></code>, <code class="idl"><a data-link-type="idl" href="#dom-passwordcredential-create-slot" id="ref-for-dom-passwordcredential-create-slot">[[Create]](options, sameOriginWithAncestors)</a></code>, and <code class="idl"><a data-link-type="idl" href="#dom-passwordcredential-store-slot" id="ref-for-dom-passwordcredential-store-slot">[[Store]](credential, sameOriginWithAncestors)</a></code>.</p>
+    <p><code class="idl"><a data-link-type="idl" href="#passwordcredential" id="ref-for-passwordcredential①①">PasswordCredential</a></code>'s <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-interface-object" id="ref-for-dfn-interface-object①④">interface object</a> inherits <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential④③">Credential</a></code>'s implementation of <code class="idl"><a data-link-type="idl" href="#dom-credential-discoverfromexternalsource-slot" id="ref-for-dom-credential-discoverfromexternalsource-slot②">[[DiscoverFromExternalSource]](origin, options, sameOriginWithAncestors)</a></code>, and defines
+  its own implementation of <code class="idl"><a data-link-type="idl" href="#dom-passwordcredential-collectfromcredentialstore-slot" id="ref-for-dom-passwordcredential-collectfromcredentialstore-slot">[[CollectFromCredentialStore]](origin, options, sameOriginWithAncestors)</a></code>, <code class="idl"><a data-link-type="idl" href="#dom-passwordcredential-create-slot" id="ref-for-dom-passwordcredential-create-slot">[[Create]](origin, options, sameOriginWithAncestors)</a></code>, and <code class="idl"><a data-link-type="idl" href="#dom-passwordcredential-store-slot" id="ref-for-dom-passwordcredential-store-slot">[[Store]](credential, sameOriginWithAncestors)</a></code>.</p>
     <h3 class="heading settled" data-level="3.3" id="passwordcredential-algorithms"><span class="secno">3.3. </span><span class="content">Algorithms</span><a class="self-link" href="#passwordcredential-algorithms"></a></h3>
-    <h4 class="heading settled algorithm" data-algorithm="PasswordCredential&apos;s [[CollectFromCredentialStore]](options, sameOriginWithAncestors)" data-level="3.3.1" id="collectfromcredentialstore-passwordcredential"><span class="secno">3.3.1. </span><span class="content"> <code>PasswordCredential</code>'s <code>[[CollectFromCredentialStore]](options, sameOriginWithAncestors)</code> </span><a class="self-link" href="#collectfromcredentialstore-passwordcredential"></a></h4>
-    <p><dfn class="dfn-paneled idl-code" data-dfn-for="PasswordCredential" data-dfn-type="method" data-export="" id="dom-passwordcredential-collectfromcredentialstore-slot"><code>[[CollectFromCredentialStore]](options, sameOriginWithAncestors)</code></dfn> is called with a <code class="idl"><a data-link-type="idl" href="#dictdef-credentialrequestoptions" id="ref-for-dictdef-credentialrequestoptions①①">CredentialRequestOptions</a></code> (<var>options</var>), and a boolean which is <code>true</code> iff the
-  calling context is <a data-link-type="dfn" href="#same-origin-with-its-ancestors" id="ref-for-same-origin-with-its-ancestors⑧">same-origin with its ancestors</a> (<var>sameOriginWithAncestors</var>). The algorithm
-  returns a set of <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential③⑦">Credential</a></code> objects from the <a data-link-type="dfn" href="#concept-credential-store" id="ref-for-concept-credential-store①③">credential store</a>. If no matching <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential③⑧">Credential</a></code> objects are available, or <var>sameOriginWithAncestors</var> is <code>false</code>, the returned set
+    <h4 class="heading settled algorithm" data-algorithm="PasswordCredential&apos;s [[CollectFromCredentialStore]](origin, options, sameOriginWithAncestors)" data-level="3.3.1" id="collectfromcredentialstore-passwordcredential"><span class="secno">3.3.1. </span><span class="content"> <code>PasswordCredential</code>'s <code>[[CollectFromCredentialStore]](origin, options, sameOriginWithAncestors)</code> </span><a class="self-link" href="#collectfromcredentialstore-passwordcredential"></a></h4>
+    <p><dfn class="dfn-paneled idl-code" data-dfn-for="PasswordCredential" data-dfn-type="method" data-export id="dom-passwordcredential-collectfromcredentialstore-slot"><code>[[CollectFromCredentialStore]](origin, options, sameOriginWithAncestors)</code></dfn> is called with an <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/origin.html#concept-origin" id="ref-for-concept-origin④">origin</a> (<var>origin</var>), a <code class="idl"><a data-link-type="idl" href="#dictdef-credentialrequestoptions" id="ref-for-dictdef-credentialrequestoptions①①">CredentialRequestOptions</a></code> (<var>options</var>),
+  and a boolean which is <code>true</code> iff the calling context is <a data-link-type="dfn" href="#same-origin-with-its-ancestors" id="ref-for-same-origin-with-its-ancestors⑧">same-origin with its ancestors</a> (<var>sameOriginWithAncestors</var>).
+  The algorithm returns a set of <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential④④">Credential</a></code> objects from
+  the <a data-link-type="dfn" href="#concept-credential-store" id="ref-for-concept-credential-store①③">credential store</a>. If no matching <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential④⑤">Credential</a></code> objects are available, the returned set
   will be empty.</p>
     <p>The algorithm will return a <code>NotAllowedError</code> if <var>sameOriginWithAncestors</var> is not <code>true</code>.</p>
     <ol class="algorithm">
-     <li data-md="">
+     <li data-md>
       <p class="assertion">Assert: <var>options</var>["<code class="idl"><a data-link-type="idl" href="#dom-credentialrequestoptions-password" id="ref-for-dom-credentialrequestoptions-password②">password</a></code>"] <a data-link-type="dfn" href="https://infra.spec.whatwg.org/#map-exists" id="ref-for-map-exists①">exists</a>.</p>
-     <li data-md="">
+     <li data-md>
       <p>If |sameOriginWithAncestors is <code>false</code>, return a "<code class="idl"><a data-link-type="idl" href="https://heycam.github.io/webidl/#notallowederror" id="ref-for-notallowederror">NotAllowedError</a></code>" <code class="idl"><a data-link-type="idl" href="https://heycam.github.io/webidl/#idl-DOMException" id="ref-for-idl-DOMException④">DOMException</a></code>.</p>
       <p class="note" role="note"><span>Note:</span> This restriction aims to address the concern raised in <a href="#security-origin-confusion">§6.4 Origin Confusion</a>.</p>
-     <li data-md="">
+     <li data-md>
       <p>Return the empty set if <var>options</var>["<code class="idl"><a data-link-type="idl" href="#dom-credentialrequestoptions-password" id="ref-for-dom-credentialrequestoptions-password③">password</a></code>"] is not <code>true</code>.</p>
-     <li data-md="">
+     <li data-md>
       <p>Return the result of <a data-link-type="abstract-op" href="#abstract-opdef-credential-store-retrieve-a-list-of-credentials" id="ref-for-abstract-opdef-credential-store-retrieve-a-list-of-credentials">retrieving</a> credentials from the <a data-link-type="dfn" href="#concept-credential-store" id="ref-for-concept-credential-store①④">credential store</a> that match the following filter:</p>
       <ol>
-       <li data-md="">
+       <li data-md>
         <p>The credential is a <code class="idl"><a data-link-type="idl" href="#passwordcredential" id="ref-for-passwordcredential①②">PasswordCredential</a></code></p>
-       <li data-md="">
-        <p>The credential’s <code class="idl"><a data-link-type="idl" href="#dom-credential-origin-slot" id="ref-for-dom-credential-origin-slot">[[origin]]</a></code> is the <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/origin.html#same-origin" id="ref-for-same-origin①">same origin</a> as the <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#current-settings-object" id="ref-for-current-settings-object⑦">current settings object</a>'s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#concept-settings-object-origin" id="ref-for-concept-settings-object-origin③">origin</a>.</p>
+       <li data-md>
+        <p>The credential’s <code class="idl"><a data-link-type="idl" href="#dom-credential-origin-slot" id="ref-for-dom-credential-origin-slot">[[origin]]</a></code> is the <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/origin.html#same-origin" id="ref-for-same-origin①">same origin</a> as <var>origin</var>.</p>
       </ol>
     </ol>
-    <h4 class="heading settled algorithm" data-algorithm="PasswordCredential&apos;s [[Create]](options, sameOriginWithAncestors)" data-level="3.3.2" id="create-passwordcredential"><span class="secno">3.3.2. </span><span class="content"> <code>PasswordCredential</code>'s <code>[[Create]](options, sameOriginWithAncestors)</code> </span><a class="self-link" href="#create-passwordcredential"></a></h4>
-    <p><dfn class="dfn-paneled idl-code" data-dfn-for="PasswordCredential" data-dfn-type="method" data-export="" id="dom-passwordcredential-create-slot"><code>[[Create]](options, sameOriginWithAncestors)</code></dfn> is called
-  with a <code class="idl"><a data-link-type="idl" href="#dictdef-credentialcreationoptions" id="ref-for-dictdef-credentialcreationoptions⑥">CredentialCreationOptions</a></code> (<var>options</var>), and a boolean which is <code>true</code> iff the calling
-  context is <a data-link-type="dfn" href="#same-origin-with-its-ancestors" id="ref-for-same-origin-with-its-ancestors⑨">same-origin with its ancestors</a> (<var>sameOriginWithAncestors</var>). The algorithm returns a <code class="idl"><a data-link-type="idl" href="#passwordcredential" id="ref-for-passwordcredential①③">PasswordCredential</a></code> if one can be created, and <code>null</code> otherwise. The <code class="idl"><a data-link-type="idl" href="#dictdef-credentialcreationoptions" id="ref-for-dictdef-credentialcreationoptions⑦">CredentialCreationOptions</a></code> dictionary must have a <code>password</code> member which holds either an <code class="idl"><a data-link-type="idl" href="https://html.spec.whatwg.org/multipage/forms.html#htmlformelement" id="ref-for-htmlformelement⑥">HTMLFormElement</a></code> or a <code class="idl"><a data-link-type="idl" href="#dictdef-passwordcredentialdata" id="ref-for-dictdef-passwordcredentialdata④">PasswordCredentialData</a></code>. If that member’s value cannot be
+    <h4 class="heading settled algorithm" data-algorithm="PasswordCredential&apos;s [[Create]](origin, options, sameOriginWithAncestors)" data-level="3.3.2" id="create-passwordcredential"><span class="secno">3.3.2. </span><span class="content"> <code>PasswordCredential</code>'s <code>[[Create]](origin, options, sameOriginWithAncestors)</code> </span><a class="self-link" href="#create-passwordcredential"></a></h4>
+    <p><dfn class="dfn-paneled idl-code" data-dfn-for="PasswordCredential" data-dfn-type="method" data-export id="dom-passwordcredential-create-slot"><code>[[Create]](origin, options, sameOriginWithAncestors)</code></dfn> is called with an <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/origin.html#concept-origin" id="ref-for-concept-origin⑤">origin</a> (<var>origin</var>), a <code class="idl"><a data-link-type="idl" href="#dictdef-credentialcreationoptions" id="ref-for-dictdef-credentialcreationoptions⑥">CredentialCreationOptions</a></code> (<var>options</var>), and a boolean which is <code>true</code> iff the calling
+  context is <a data-link-type="dfn" href="#same-origin-with-its-ancestors" id="ref-for-same-origin-with-its-ancestors⑨">same-origin with its ancestors</a> (<var>sameOriginWithAncestors</var>).
+  The algorithm returns a <code class="idl"><a data-link-type="idl" href="#passwordcredential" id="ref-for-passwordcredential①③">PasswordCredential</a></code> if one can be created, <code>null</code> otherwise. The <code class="idl"><a data-link-type="idl" href="#dictdef-credentialcreationoptions" id="ref-for-dictdef-credentialcreationoptions⑦">CredentialCreationOptions</a></code> dictionary must have a <code>password</code> member which
+  holds either an <code class="idl"><a data-link-type="idl" href="https://html.spec.whatwg.org/multipage/forms.html#htmlformelement" id="ref-for-htmlformelement⑥">HTMLFormElement</a></code> or a <code class="idl"><a data-link-type="idl" href="#dictdef-passwordcredentialdata" id="ref-for-dictdef-passwordcredentialdata④">PasswordCredentialData</a></code>. If that member’s value cannot be
   used to create a <code class="idl"><a data-link-type="idl" href="#passwordcredential" id="ref-for-passwordcredential①④">PasswordCredential</a></code>, this algorithm will return a <code class="idl"><a data-link-type="idl" href="https://heycam.github.io/webidl/#exceptiondef-typeerror" id="ref-for-exceptiondef-typeerror②">TypeError</a></code> <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-exception" id="ref-for-dfn-exception⑥">exception</a>.</p>
     <ol class="algorithm">
-     <li data-md="">
+     <li data-md>
       <p class="assertion">Assert: <var>options</var>["<code class="idl"><a data-link-type="idl" href="#dom-credentialcreationoptions-password" id="ref-for-dom-credentialcreationoptions-password">password</a></code>"] <a data-link-type="dfn" href="https://infra.spec.whatwg.org/#map-exists" id="ref-for-map-exists②">exists</a>, and <var>sameOriginWithAncestors</var> is unused.</p>
-     <li data-md="">
+     <li data-md>
       <p>If <var>options</var>["<code class="idl"><a data-link-type="idl" href="#dom-credentialcreationoptions-password" id="ref-for-dom-credentialcreationoptions-password①">password</a></code>"] is an <code class="idl"><a data-link-type="idl" href="https://html.spec.whatwg.org/multipage/forms.html#htmlformelement" id="ref-for-htmlformelement⑦">HTMLFormElement</a></code>, return the
-  result of executing <a data-link-type="abstract-op" href="#abstract-opdef-create-a-passwordcredential-from-an-htmlformelement" id="ref-for-abstract-opdef-create-a-passwordcredential-from-an-htmlformelement①">Create a <code>PasswordCredential</code> from an <code>HTMLFormElement</code></a> on <var>options</var>["<code class="idl"><a data-link-type="idl" href="#dom-credentialcreationoptions-password" id="ref-for-dom-credentialcreationoptions-password②">password</a></code>"].</p>
-     <li data-md="">
+  result of executing <a data-link-type="abstract-op" href="#abstract-opdef-create-a-passwordcredential-from-an-htmlformelement" id="ref-for-abstract-opdef-create-a-passwordcredential-from-an-htmlformelement①">Create a <code>PasswordCredential</code> from an <code>HTMLFormElement</code></a> given <var>options</var>["<code class="idl"><a data-link-type="idl" href="#dom-credentialcreationoptions-password" id="ref-for-dom-credentialcreationoptions-password②">password</a></code>"] and <var>origin</var>.</p>
+     <li data-md>
       <p>If <var>options</var>["<code class="idl"><a data-link-type="idl" href="#dom-credentialcreationoptions-password" id="ref-for-dom-credentialcreationoptions-password③">password</a></code>"] is a <code class="idl"><a data-link-type="idl" href="#dictdef-passwordcredentialdata" id="ref-for-dictdef-passwordcredentialdata⑤">PasswordCredentialData</a></code>, return
-  the result of executing <a data-link-type="abstract-op" href="#abstract-opdef-create-a-passwordcredential-from-passwordcredentialdata" id="ref-for-abstract-opdef-create-a-passwordcredential-from-passwordcredentialdata①">Create a <code>PasswordCredential</code> from <code>PasswordCredentialData</code></a> on <var>options</var>["<code class="idl"><a data-link-type="idl" href="#dom-credentialcreationoptions-password" id="ref-for-dom-credentialcreationoptions-password④">password</a></code>"].</p>
-     <li data-md="">
+  the result of executing <a data-link-type="abstract-op" href="#abstract-opdef-create-a-passwordcredential-from-passwordcredentialdata" id="ref-for-abstract-opdef-create-a-passwordcredential-from-passwordcredentialdata①">Create a <code>PasswordCredential</code> from <code>PasswordCredentialData</code></a> given <var>options</var>["<code class="idl"><a data-link-type="idl" href="#dom-credentialcreationoptions-password" id="ref-for-dom-credentialcreationoptions-password④">password</a></code>"].</p>
+     <li data-md>
       <p>Return a <code class="idl"><a data-link-type="idl" href="https://heycam.github.io/webidl/#exceptiondef-typeerror" id="ref-for-exceptiondef-typeerror③">TypeError</a></code> <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-exception" id="ref-for-dfn-exception⑦">exception</a>.</p>
     </ol>
     <h4 class="heading settled algorithm" data-algorithm="PasswordCredential&apos;s [[Store]](credential, sameOriginWithAncestors)" data-level="3.3.3" id="store-passwordcredential"><span class="secno">3.3.3. </span><span class="content"> <code>PasswordCredential</code>'s <code>[[Store]](credential, sameOriginWithAncestors)</code> </span><a class="self-link" href="#store-passwordcredential"></a></h4>
-    <p><dfn class="dfn-paneled idl-code" data-dfn-for="PasswordCredential" data-dfn-type="method" data-export="" id="dom-passwordcredential-store-slot"><code>[[Store]](credential, sameOriginWithAncestors)</code></dfn> is
+    <p><dfn class="dfn-paneled idl-code" data-dfn-for="PasswordCredential" data-dfn-type="method" data-export id="dom-passwordcredential-store-slot"><code>[[Store]](credential, sameOriginWithAncestors)</code></dfn> is
   called with a <code class="idl"><a data-link-type="idl" href="#passwordcredential" id="ref-for-passwordcredential①⑤">PasswordCredential</a></code> (<var>credential</var>), and a boolean which is <code>true</code> iff the calling
   context is <a data-link-type="dfn" href="#same-origin-with-its-ancestors" id="ref-for-same-origin-with-its-ancestors①⓪">same-origin with its ancestors</a> (<var>sameOriginWithAncestors</var>). The algorithm returns <code>undefined</code> once <var>credential</var> is persisted to the <a data-link-type="dfn" href="#concept-credential-store" id="ref-for-concept-credential-store①⑤">credential store</a>.</p>
     <p>The algorithm will return a <code>NotAllowedError</code> if <var>sameOriginWithAncestors</var> is not <code>true</code>.</p>
     <ol class="algorithm">
-     <li data-md="">
+     <li data-md>
       <p>Return a "<code class="idl"><a data-link-type="idl" href="https://heycam.github.io/webidl/#notallowederror" id="ref-for-notallowederror①">NotAllowedError</a></code>" <code class="idl"><a data-link-type="idl" href="https://heycam.github.io/webidl/#idl-DOMException" id="ref-for-idl-DOMException⑤">DOMException</a></code> without altering the user agent’s <a data-link-type="dfn" href="#concept-credential-store" id="ref-for-concept-credential-store①⑥">credential store</a> if <var>sameOriginWithAncestors</var> is <code>false</code>.</p>
       <p class="note" role="note"><span>Note:</span> This restriction aims to address the concern raised in <a href="#security-origin-confusion">§6.4 Origin Confusion</a>.</p>
-     <li data-md="">
+     <li data-md>
       <p>If the user agent’s <a data-link-type="dfn" href="#concept-credential-store" id="ref-for-concept-credential-store①⑦">credential store</a> contains a <code class="idl"><a data-link-type="idl" href="#passwordcredential" id="ref-for-passwordcredential①⑥">PasswordCredential</a></code> (<var>stored</var>)
   whose <code class="idl"><a data-link-type="idl" href="#dom-credential-id" id="ref-for-dom-credential-id①">id</a></code> attribute is <var>credential</var>’s <code class="idl"><a data-link-type="idl" href="#dom-credential-id" id="ref-for-dom-credential-id②">id</a></code> and whose <code class="idl"><a data-link-type="idl" href="#dom-credential-origin-slot" id="ref-for-dom-credential-origin-slot①">[[origin]]</a></code> slot is the <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/origin.html#same-origin" id="ref-for-same-origin②">same origin</a> as <var>credential</var>’s <code class="idl"><a data-link-type="idl" href="#dom-credential-origin-slot" id="ref-for-dom-credential-origin-slot②">[[origin]]</a></code>,
   then:</p>
       <ol>
-       <li data-md="">
+       <li data-md>
         <p>If the user grants permission to update credentials (as discussed when defining <a data-link-type="dfn" href="#user-mediated" id="ref-for-user-mediated⑥">user mediation</a>), then:</p>
         <ol>
-         <li data-md="">
+         <li data-md>
           <p>Set <var>stored</var>’s <a class="idl-code" data-link-type="attribute" href="#dom-passwordcredential-password" id="ref-for-dom-passwordcredential-password①"><code>password</code></a> to <var>credential</var>’s <a class="idl-code" data-link-type="attribute" href="#dom-passwordcredential-password" id="ref-for-dom-passwordcredential-password②"><code>password</code></a>.</p>
-         <li data-md="">
+         <li data-md>
           <p>Set <var>stored</var>’s <code class="idl"><a data-link-type="idl" href="#dom-credentialuserdata-name" id="ref-for-dom-credentialuserdata-name①">name</a></code> to <var>credential</var>’s <code class="idl"><a data-link-type="idl" href="#dom-credentialuserdata-name" id="ref-for-dom-credentialuserdata-name②">name</a></code>.</p>
-         <li data-md="">
+         <li data-md>
           <p>Set <var>stored</var>’s <code class="idl"><a data-link-type="idl" href="#dom-credentialuserdata-iconurl" id="ref-for-dom-credentialuserdata-iconurl①">iconURL</a></code> to <var>credential</var>’s <code class="idl"><a data-link-type="idl" href="#dom-credentialuserdata-iconurl" id="ref-for-dom-credentialuserdata-iconurl②">iconURL</a></code>.</p>
         </ol>
       </ol>
       <p>Otherwise, if the user grants permission to store credentials (as discussed when
   defining <a data-link-type="dfn" href="#user-mediated" id="ref-for-user-mediated⑦">user mediation</a>, then:</p>
       <ol>
-       <li data-md="">
+       <li data-md>
         <p>Store a <code class="idl"><a data-link-type="idl" href="#passwordcredential" id="ref-for-passwordcredential①⑦">PasswordCredential</a></code> in the <a data-link-type="dfn" href="#concept-credential-store" id="ref-for-concept-credential-store①⑧">credential store</a> with the following
   properties:</p>
         <dl>
-         <dt data-md=""><code class="idl"><a data-link-type="idl" href="#dom-credential-id" id="ref-for-dom-credential-id③">id</a></code>
-         <dd data-md="">
+         <dt data-md><code class="idl"><a data-link-type="idl" href="#dom-credential-id" id="ref-for-dom-credential-id③">id</a></code>
+         <dd data-md>
           <p><var>credential</var>’s <code class="idl"><a data-link-type="idl" href="#dom-credential-id" id="ref-for-dom-credential-id④">id</a></code></p>
-         <dt data-md=""><code class="idl"><a data-link-type="idl" href="#dom-credentialuserdata-name" id="ref-for-dom-credentialuserdata-name③">name</a></code>,
-         <dd data-md="">
+         <dt data-md><code class="idl"><a data-link-type="idl" href="#dom-credentialuserdata-name" id="ref-for-dom-credentialuserdata-name③">name</a></code>,
+         <dd data-md>
           <p><var>credential</var>’s <code class="idl"><a data-link-type="idl" href="#dom-credentialuserdata-name" id="ref-for-dom-credentialuserdata-name④">name</a></code></p>
-         <dt data-md=""><code class="idl"><a data-link-type="idl" href="#dom-credentialuserdata-iconurl" id="ref-for-dom-credentialuserdata-iconurl③">iconURL</a></code>
-         <dd data-md="">
+         <dt data-md><code class="idl"><a data-link-type="idl" href="#dom-credentialuserdata-iconurl" id="ref-for-dom-credentialuserdata-iconurl③">iconURL</a></code>
+         <dd data-md>
           <p><var>credential</var>’s <code class="idl"><a data-link-type="idl" href="#dom-credentialuserdata-iconurl" id="ref-for-dom-credentialuserdata-iconurl④">iconURL</a></code></p>
-         <dt data-md=""><code class="idl"><a data-link-type="idl" href="#dom-credential-origin-slot" id="ref-for-dom-credential-origin-slot③">[[origin]]</a></code>
-         <dd data-md="">
+         <dt data-md><code class="idl"><a data-link-type="idl" href="#dom-credential-origin-slot" id="ref-for-dom-credential-origin-slot③">[[origin]]</a></code>
+         <dd data-md>
           <p><var>credential</var>’s <code class="idl"><a data-link-type="idl" href="#dom-credential-origin-slot" id="ref-for-dom-credential-origin-slot④">[[origin]]</a></code></p>
-         <dt data-md=""><a class="idl-code" data-link-type="attribute" href="#dom-passwordcredential-password" id="ref-for-dom-passwordcredential-password③"><code>password</code></a>
-         <dd data-md="">
+         <dt data-md><a class="idl-code" data-link-type="attribute" href="#dom-passwordcredential-password" id="ref-for-dom-passwordcredential-password③"><code>password</code></a>
+         <dd data-md>
           <p><var>credential</var>’s <a class="idl-code" data-link-type="attribute" href="#dom-passwordcredential-password" id="ref-for-dom-passwordcredential-password④"><code>password</code></a></p>
         </dl>
       </ol>
-     <li data-md="">
+     <li data-md>
       <p>Return <code>undefined</code>.</p>
     </ol>
     <h4 class="heading settled algorithm" data-algorithm="Create a PasswordCredential from an HTMLFormElement" data-level="3.3.4" id="construct-passwordcredential-form"><span class="secno">3.3.4. </span><span class="content"> Create a <code>PasswordCredential</code> from an <code>HTMLFormElement</code> </span><a class="self-link" href="#construct-passwordcredential-form"></a></h4>
-    <p>To <dfn class="dfn-paneled" data-dfn-type="abstract-op" data-export="" id="abstract-opdef-create-a-passwordcredential-from-an-htmlformelement">Create a <code>PasswordCredential</code> from an <code>HTMLFormElement</code></dfn>, given an <code class="idl"><a data-link-type="idl" href="https://html.spec.whatwg.org/multipage/forms.html#htmlformelement" id="ref-for-htmlformelement⑧">HTMLFormElement</a></code> (<var>form</var>), run these steps.</p>
+    <p>To <dfn class="dfn-paneled" data-dfn-type="abstract-op" data-export id="abstract-opdef-create-a-passwordcredential-from-an-htmlformelement">Create a <code>PasswordCredential</code> from an <code>HTMLFormElement</code></dfn>, given an <code class="idl"><a data-link-type="idl" href="https://html.spec.whatwg.org/multipage/forms.html#htmlformelement" id="ref-for-htmlformelement⑧">HTMLFormElement</a></code> (<var>form</var>) and an <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/origin.html#concept-origin" id="ref-for-concept-origin⑥">origin</a> (<var>origin</var>), run these steps.</p>
     <p class="note" role="note"><span>Note:</span> <a href="#examples-post-signin">§3.1.2 Post-sign-in Confirmation</a> and <a href="#examples-change-password">§3.1.3 Change Password</a> provide examples of the intended
   usage.</p>
     <ol class="algorithm">
-     <li data-md="">
+     <li data-md>
       <p>Let <var>data</var> be a new <code class="idl"><a data-link-type="idl" href="#dictdef-passwordcredentialdata" id="ref-for-dictdef-passwordcredentialdata⑥">PasswordCredentialData</a></code> dictionary.</p>
-     <li data-md="">
-      <p>Let <var>formData</var> be the result of executing the <code class="idl"><a data-link-type="idl" href="https://xhr.spec.whatwg.org/#interface-formdata" id="ref-for-interface-formdata①">FormData</a></code> constructor
+     <li data-md>
+      <p>Set <var>data</var>’s <code class="idl"><a data-link-type="idl" href="#dom-passwordcredentialdata-origin" id="ref-for-dom-passwordcredentialdata-origin">origin</a></code> member’s value to <var>origin</var>’s value.</p>
+     <li data-md>
+      <p>Let <var>formData</var> be the result of executing the <code class="idl"><a data-link-type="idl" href="https://xhr.spec.whatwg.org/#interface-formdata" id="ref-for-interface-formdata">FormData</a></code> constructor
   on <var>form</var>.</p>
-     <li data-md="">
+     <li data-md>
       <p>Let <var>elements</var> be a list of all the <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/forms.html#category-submit" id="ref-for-category-submit①">submittable elements</a> whose <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/form-control-infrastructure.html#form-owner" id="ref-for-form-owner">form owner</a> is <var>form</var>, in <a data-link-type="dfn" href="https://dom.spec.whatwg.org/#concept-tree-order" id="ref-for-concept-tree-order">tree order</a>.</p>
-     <li data-md="">
+     <li data-md>
       <p>Let <var>newPasswordObserved</var> be <code>false</code>.</p>
-     <li data-md="">
+     <li data-md>
       <p>For each <var>field</var> in <var>elements</var>, run the following steps:</p>
       <ol>
-       <li data-md="">
+       <li data-md>
         <p>If <var>field</var> does not have an <code><a data-link-type="element-sub" href="https://html.spec.whatwg.org/multipage/forms.html#attr-fe-autocomplete" id="ref-for-attr-fe-autocomplete⑦">autocomplete</a></code> attribute, then skip to the next <var>field</var>.</p>
-       <li data-md="">
+       <li data-md>
         <p>Let <var>name</var> be the value of <var>field</var>’s <code><a data-link-type="element-sub" href="https://html.spec.whatwg.org/multipage/forms.html#attr-fe-name" id="ref-for-attr-fe-name">name</a></code> attribute.</p>
-       <li data-md="">
+       <li data-md>
         <p>If <var>formData</var>’s <code class="idl"><a data-link-type="idl" href="https://xhr.spec.whatwg.org/#dom-formdata-has" id="ref-for-dom-formdata-has">has()</a></code> method returns <code>false</code> when executed on <var>name</var>, then
   skip to the next <var>field</var>.</p>
-       <li data-md="">
+       <li data-md>
         <p>If <var>field</var>’s <code><a data-link-type="element-sub" href="https://html.spec.whatwg.org/multipage/forms.html#attr-fe-autocomplete" id="ref-for-attr-fe-autocomplete⑧">autocomplete</a></code> attribute’s value contains one or more <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/form-control-infrastructure.html#autofill-detail-tokens" id="ref-for-autofill-detail-tokens">autofill
   detail tokens</a> (<var>tokens</var>), then:</p>
         <ol>
-         <li data-md="">
+         <li data-md>
           <p>For each <var>token</var> in <var>tokens</var>:</p>
           <ol>
-           <li data-md="">
+           <li data-md>
             <p>If <var>token</var> is an <a data-link-type="dfn" href="https://infra.spec.whatwg.org/#ascii-case-insensitive" id="ref-for-ascii-case-insensitive">ASCII case-insensitive</a> match for one
   of the following strings, run the associated steps:</p>
             <dl>
-             <dt data-md="">"<a data-link-type="attr-value" href="https://html.spec.whatwg.org/multipage/forms.html#attr-fe-autocomplete-new-password" id="ref-for-attr-fe-autocomplete-new-password①"><code>new-password</code></a>"
-             <dd data-md="">
+             <dt data-md>"<a data-link-type="attr-value" href="https://html.spec.whatwg.org/multipage/forms.html#attr-fe-autocomplete-new-password" id="ref-for-attr-fe-autocomplete-new-password①"><code>new-password</code></a>"
+             <dd data-md>
               <p>Set <var>data</var>’s <code class="idl"><a data-link-type="idl" href="#dom-passwordcredentialdata-password" id="ref-for-dom-passwordcredentialdata-password">password</a></code> member’s
   value to the result of executing <var>formData</var>’s <code class="idl"><a data-link-type="idl" href="https://xhr.spec.whatwg.org/#dom-formdata-get" id="ref-for-dom-formdata-get">get()</a></code> method on <var>name</var>, and <var>newPasswordObserved</var> to <code>true</code>.</p>
-             <dt data-md="">"<a data-link-type="attr-value" href="https://html.spec.whatwg.org/multipage/forms.html#attr-fe-autocomplete-current-password" id="ref-for-attr-fe-autocomplete-current-password①"><code>current-password</code></a>"
-             <dd data-md="">
+             <dt data-md>"<a data-link-type="attr-value" href="https://html.spec.whatwg.org/multipage/forms.html#attr-fe-autocomplete-current-password" id="ref-for-attr-fe-autocomplete-current-password①"><code>current-password</code></a>"
+             <dd data-md>
               <p>If <var>newPasswordObserved</var> is <code>false</code>,
   set <var>data</var>’s <code class="idl"><a data-link-type="idl" href="#dom-passwordcredentialdata-password" id="ref-for-dom-passwordcredentialdata-password①">password</a></code> member’s
   value to the result of executing <var>formData</var>’s <code class="idl"><a data-link-type="idl" href="https://xhr.spec.whatwg.org/#dom-formdata-get" id="ref-for-dom-formdata-get①">get()</a></code> method on <var>name</var>.</p>
               <p class="note" role="note"><span>Note:</span> By checking that <var>newPasswordObserved</var> is <code>false</code>, <code>new-password</code> fields take precedence over <code>current-password</code> fields.</p>
-             <dt data-md="">"<a data-link-type="attr-value" href="https://html.spec.whatwg.org/multipage/forms.html#attr-fe-autocomplete-photo" id="ref-for-attr-fe-autocomplete-photo"><code>photo</code></a>"
-             <dd data-md="">
+             <dt data-md>"<a data-link-type="attr-value" href="https://html.spec.whatwg.org/multipage/forms.html#attr-fe-autocomplete-photo" id="ref-for-attr-fe-autocomplete-photo"><code>photo</code></a>"
+             <dd data-md>
               <p>Set <var>data</var>’s <code class="idl"><a data-link-type="idl" href="#dom-credentialuserdata-iconurl" id="ref-for-dom-credentialuserdata-iconurl⑤">iconURL</a></code> member’s
   value to the result of executing <var>formData</var>’s <code class="idl"><a data-link-type="idl" href="https://xhr.spec.whatwg.org/#dom-formdata-get" id="ref-for-dom-formdata-get②">get()</a></code> method on <var>name</var>.</p>
-             <dt data-md="">"<a data-link-type="attr-value" href="https://html.spec.whatwg.org/multipage/forms.html#attr-fe-autocomplete-name" id="ref-for-attr-fe-autocomplete-name"><code>name</code></a>"
-             <dt data-md="">"<a data-link-type="attr-value" href="https://html.spec.whatwg.org/multipage/forms.html#attr-fe-autocomplete-nickname" id="ref-for-attr-fe-autocomplete-nickname"><code>nickname</code></a>"
-             <dd data-md="">
+             <dt data-md>"<a data-link-type="attr-value" href="https://html.spec.whatwg.org/multipage/forms.html#attr-fe-autocomplete-name" id="ref-for-attr-fe-autocomplete-name"><code>name</code></a>"
+             <dt data-md>"<a data-link-type="attr-value" href="https://html.spec.whatwg.org/multipage/forms.html#attr-fe-autocomplete-nickname" id="ref-for-attr-fe-autocomplete-nickname"><code>nickname</code></a>"
+             <dd data-md>
               <p>Set <var>data</var>’s <code class="idl"><a data-link-type="idl" href="#dom-credentialuserdata-name" id="ref-for-dom-credentialuserdata-name⑤">name</a></code> member’s
   value to the result of executing <var>formData</var>’s <code class="idl"><a data-link-type="idl" href="https://xhr.spec.whatwg.org/#dom-formdata-get" id="ref-for-dom-formdata-get③">get()</a></code> method on <var>name</var>.</p>
-             <dt data-md="">"<a data-link-type="attr-value" href="https://html.spec.whatwg.org/multipage/forms.html#attr-fe-autocomplete-username" id="ref-for-attr-fe-autocomplete-username②"><code>username</code></a>"
-             <dd data-md="">
+             <dt data-md>"<a data-link-type="attr-value" href="https://html.spec.whatwg.org/multipage/forms.html#attr-fe-autocomplete-username" id="ref-for-attr-fe-autocomplete-username②"><code>username</code></a>"
+             <dd data-md>
               <p>Set <var>data</var>’s <code class="idl"><a data-link-type="idl" href="#dom-credentialdata-id" id="ref-for-dom-credentialdata-id">id</a></code> member’s value to the
   result of executing <var>formData</var>’s <code class="idl"><a data-link-type="idl" href="https://xhr.spec.whatwg.org/#dom-formdata-get" id="ref-for-dom-formdata-get④">get()</a></code> method
   on <var>name</var>.</p>
@@ -2761,106 +2803,108 @@ <h4 class="heading settled algorithm" data-algorithm="Create a PasswordCredentia
           </ol>
         </ol>
       </ol>
-     <li data-md="">
+     <li data-md>
       <p>Let <var>c</var> be the result of executing <a data-link-type="abstract-op" href="#abstract-opdef-create-a-passwordcredential-from-passwordcredentialdata" id="ref-for-abstract-opdef-create-a-passwordcredential-from-passwordcredentialdata②">Create a <code>PasswordCredential</code> from <code>PasswordCredentialData</code></a> on <var>data</var>.</p>
-     <li data-md="">
+     <li data-md>
       <p>If <var>c</var> is an <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-exception" id="ref-for-dfn-exception⑧">exception</a>, return <var>c</var>.</p>
-     <li data-md="">
+     <li data-md>
       <p class="assertion">Assert: <var>c</var> is a <code class="idl"><a data-link-type="idl" href="#passwordcredential" id="ref-for-passwordcredential①⑧">PasswordCredential</a></code>.</p>
-     <li data-md="">
+     <li data-md>
       <p>Return <var>c</var>.</p>
     </ol>
     <h4 class="heading settled algorithm" data-algorithm="Create a PasswordCredential from PasswordCredentialData" data-level="3.3.5" id="construct-passwordcredential-data"><span class="secno">3.3.5. </span><span class="content"> Create a <code>PasswordCredential</code> from <code>PasswordCredentialData</code> </span><a class="self-link" href="#construct-passwordcredential-data"></a></h4>
-    <p>To <dfn class="dfn-paneled" data-dfn-type="abstract-op" data-export="" id="abstract-opdef-create-a-passwordcredential-from-passwordcredentialdata">Create a <code>PasswordCredential</code> from <code>PasswordCredentialData</code></dfn>, given an <code class="idl"><a data-link-type="idl" href="#dictdef-passwordcredentialdata" id="ref-for-dictdef-passwordcredentialdata⑦">PasswordCredentialData</a></code> (<var>data</var>), run these steps.</p>
+    <p>To <dfn class="dfn-paneled" data-dfn-type="abstract-op" data-export id="abstract-opdef-create-a-passwordcredential-from-passwordcredentialdata">Create a <code>PasswordCredential</code> from <code>PasswordCredentialData</code></dfn>, given an <code class="idl"><a data-link-type="idl" href="#dictdef-passwordcredentialdata" id="ref-for-dictdef-passwordcredentialdata⑦">PasswordCredentialData</a></code> (<var>data</var>), run these steps.</p>
     <ol class="algorithm">
-     <li data-md="">
+     <li data-md>
       <p>Let <var>c</var> be a new <code class="idl"><a data-link-type="idl" href="#passwordcredential" id="ref-for-passwordcredential①⑨">PasswordCredential</a></code> object.</p>
-     <li data-md="">
+     <li data-md>
       <p>If any of the following are the empty string, return a <code class="idl"><a data-link-type="idl" href="https://heycam.github.io/webidl/#exceptiondef-typeerror" id="ref-for-exceptiondef-typeerror④">TypeError</a></code> <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-exception" id="ref-for-dfn-exception⑨">exception</a>:</p>
       <ul>
-       <li data-md="">
+       <li data-md>
         <p><var>data</var>’s <code class="idl"><a data-link-type="idl" href="#dom-credentialdata-id" id="ref-for-dom-credentialdata-id①">id</a></code> member’s value</p>
-       <li data-md="">
+       <li data-md>
+        <p><var>data</var>’s <code class="idl"><a data-link-type="idl" href="#dom-passwordcredentialdata-origin" id="ref-for-dom-passwordcredentialdata-origin①">origin</a></code> member’s value</p>
+       <li data-md>
         <p><var>data</var>’s <code class="idl"><a data-link-type="idl" href="#dom-passwordcredentialdata-password" id="ref-for-dom-passwordcredentialdata-password②">password</a></code> member’s value</p>
       </ul>
-     <li data-md="">
+     <li data-md>
       <p>Set <var>c</var>’s properties as follows:</p>
       <dl>
-       <dt data-md=""><a class="idl-code" data-link-type="attribute" href="#dom-passwordcredential-password" id="ref-for-dom-passwordcredential-password⑤"><code>password</code></a>
-       <dd data-md="">
+       <dt data-md><a class="idl-code" data-link-type="attribute" href="#dom-passwordcredential-password" id="ref-for-dom-passwordcredential-password⑤"><code>password</code></a>
+       <dd data-md>
         <p><var>data</var>’s <code class="idl"><a data-link-type="idl" href="#dom-passwordcredentialdata-password" id="ref-for-dom-passwordcredentialdata-password③">password</a></code> member’s value</p>
-       <dt data-md=""><code class="idl"><a data-link-type="idl" href="#dom-credential-id" id="ref-for-dom-credential-id⑤">id</a></code>
-       <dd data-md="">
+       <dt data-md><code class="idl"><a data-link-type="idl" href="#dom-credential-id" id="ref-for-dom-credential-id⑤">id</a></code>
+       <dd data-md>
         <p><var>data</var>’s <code class="idl"><a data-link-type="idl" href="#dom-credentialdata-id" id="ref-for-dom-credentialdata-id②">id</a></code> member’s value</p>
-       <dt data-md=""><code class="idl"><a data-link-type="idl" href="#dom-credentialuserdata-iconurl" id="ref-for-dom-credentialuserdata-iconurl⑥">iconURL</a></code>
-       <dd data-md="">
+       <dt data-md><code class="idl"><a data-link-type="idl" href="#dom-credentialuserdata-iconurl" id="ref-for-dom-credentialuserdata-iconurl⑥">iconURL</a></code>
+       <dd data-md>
         <p><var>data</var>’s <code class="idl"><a data-link-type="idl" href="#dom-passwordcredentialdata-iconurl" id="ref-for-dom-passwordcredentialdata-iconurl">iconURL</a></code> member’s value</p>
-       <dt data-md=""><code class="idl"><a data-link-type="idl" href="#dom-credentialuserdata-name" id="ref-for-dom-credentialuserdata-name⑥">name</a></code>
-       <dd data-md="">
+       <dt data-md><code class="idl"><a data-link-type="idl" href="#dom-credentialuserdata-name" id="ref-for-dom-credentialuserdata-name⑥">name</a></code>
+       <dd data-md>
         <p><var>data</var>’s <code class="idl"><a data-link-type="idl" href="#dom-passwordcredentialdata-name" id="ref-for-dom-passwordcredentialdata-name">name</a></code> member’s value</p>
-       <dt data-md=""><code class="idl"><a data-link-type="idl" href="#dom-credential-origin-slot" id="ref-for-dom-credential-origin-slot⑤">[[origin]]</a></code>
-       <dd data-md="">
-        <p>The <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#concept-settings-object-origin" id="ref-for-concept-settings-object-origin④">origin</a> of the <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#current-settings-object" id="ref-for-current-settings-object⑧">current settings object</a>.</p>
+       <dt data-md><code class="idl"><a data-link-type="idl" href="#dom-credential-origin-slot" id="ref-for-dom-credential-origin-slot⑤">[[origin]]</a></code>
+       <dd data-md>
+        <p><var>data</var>’s <code class="idl"><a data-link-type="idl" href="#dom-passwordcredentialdata-origin" id="ref-for-dom-passwordcredentialdata-origin②">origin</a></code> member’s value.</p>
       </dl>
-     <li data-md="">
+     <li data-md>
       <p>Return <var>c</var>.</p>
     </ol>
     <h4 class="heading settled algorithm" data-algorithm="CredentialRequestOptions Matching for PasswordCredential" data-level="3.3.6" id="passwordcredential-matching"><span class="secno">3.3.6. </span><span class="content"> <code>CredentialRequestOptions</code> Matching for <code>PasswordCredential</code> </span><a class="self-link" href="#passwordcredential-matching"></a></h4>
     <p>Given a <code class="idl"><a data-link-type="idl" href="#dictdef-credentialrequestoptions" id="ref-for-dictdef-credentialrequestoptions①②">CredentialRequestOptions</a></code> (<var>options</var>), the following algorithm returns "<code>Matches</code>" if
   the <code class="idl"><a data-link-type="idl" href="#passwordcredential" id="ref-for-passwordcredential②⓪">PasswordCredential</a></code> should be available as a response to a <code class="idl"><a data-link-type="idl" href="#dom-credentialscontainer-get" id="ref-for-dom-credentialscontainer-get①⑨">get()</a></code> request, and "<code>Does Not Match</code>" otherwise.</p>
     <ol>
-     <li data-md="">
+     <li data-md>
       <p>If <var>options</var> has a <code class="idl"><a data-link-type="idl" href="#dom-credentialrequestoptions-password" id="ref-for-dom-credentialrequestoptions-password④">password</a></code> member whose value is <code>true</code>, then
   return "<code>Matches</code>".</p>
-     <li data-md="">
+     <li data-md>
       <p>Return "<code>Does Not Match</code>".</p>
     </ol>
    </section>
    <section>
     <h2 class="heading settled" data-level="4" id="federated"><span class="secno">4. </span><span class="content">Federated Credentials</span><a class="self-link" href="#federated"></a></h2>
     <h3 class="heading settled" data-level="4.1" id="federatedcredential-interface"><span class="secno">4.1. </span><span class="content">The <code>FederatedCredential</code> Interface</span><a class="self-link" href="#federatedcredential-interface"></a></h3>
-<pre class="idl highlight def">[<a class="nv idl-code" data-link-type="constructor" href="#dom-federatedcredential-federatedcredential" id="ref-for-dom-federatedcredential-federatedcredential">Constructor</a>(<a class="n" data-link-type="idl-name" href="#dictdef-federatedcredentialinit" id="ref-for-dictdef-federatedcredentialinit">FederatedCredentialInit</a> <dfn class="nv idl-code" data-dfn-for="FederatedCredential/FederatedCredential(data)" data-dfn-type="argument" data-export="" id="dom-federatedcredential-federatedcredential-data-data"><code>data</code><a class="self-link" href="#dom-federatedcredential-federatedcredential-data-data"></a></dfn>),
- <a class="nv idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#Exposed" id="ref-for-Exposed③">Exposed</a>=<span class="n">Window</span>,
- <a class="nv idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#SecureContext" id="ref-for-SecureContext⑤">SecureContext</a>]
-<span class="kt">interface</span> <dfn class="nv dfn-paneled idl-code" data-dfn-type="interface" data-export="" id="federatedcredential"><code>FederatedCredential</code></dfn> : <a class="n" data-link-type="idl-name" href="#credential" id="ref-for-credential③⑨">Credential</a> {
-  <span class="kt">readonly</span> <span class="kt">attribute</span> <a class="n idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-USVString" id="ref-for-idl-USVString①②"><span class="kt">USVString</span></a> <a class="nv idl-code" data-link-type="attribute" data-readonly="" data-type="USVString" href="#dom-federatedcredential-provider" id="ref-for-dom-federatedcredential-provider">provider</a>;
-  <span class="kt">readonly</span> <span class="kt">attribute</span> <a class="n idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-DOMString" id="ref-for-idl-DOMString②"><span class="kt">DOMString</span></a>? <a class="nv idl-code" data-link-type="attribute" data-readonly="" data-type="DOMString?" href="#dom-federatedcredential-protocol" id="ref-for-dom-federatedcredential-protocol">protocol</a>;
+<pre class="idl highlight def">[<a class="idl-code" data-link-type="constructor" href="#dom-federatedcredential-federatedcredential" id="ref-for-dom-federatedcredential-federatedcredential"><c- g>Constructor</c-></a>(<a class="n" data-link-type="idl-name" href="#dictdef-federatedcredentialinit" id="ref-for-dictdef-federatedcredentialinit"><c- n>FederatedCredentialInit</c-></a> <dfn class="idl-code" data-dfn-for="FederatedCredential/FederatedCredential(data)" data-dfn-type="argument" data-export id="dom-federatedcredential-federatedcredential-data-data"><code><c- g>data</c-></code><a class="self-link" href="#dom-federatedcredential-federatedcredential-data-data"></a></dfn>),
+ <a class="idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#Exposed" id="ref-for-Exposed③"><c- g>Exposed</c-></a>=<c- n>Window</c->,
+ <a class="idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#SecureContext" id="ref-for-SecureContext⑤"><c- g>SecureContext</c-></a>]
+<c- b>interface</c-> <dfn class="dfn-paneled idl-code" data-dfn-type="interface" data-export id="federatedcredential"><code><c- g>FederatedCredential</c-></code></dfn> : <a class="n" data-link-type="idl-name" href="#credential" id="ref-for-credential④⑥"><c- n>Credential</c-></a> {
+  <c- b>readonly</c-> <c- b>attribute</c-> <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-USVString" id="ref-for-idl-USVString①③"><c- b>USVString</c-></a> <a class="idl-code" data-link-type="attribute" data-readonly data-type="USVString" href="#dom-federatedcredential-provider" id="ref-for-dom-federatedcredential-provider"><c- g>provider</c-></a>;
+  <c- b>readonly</c-> <c- b>attribute</c-> <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-DOMString" id="ref-for-idl-DOMString②"><c- b>DOMString</c-></a>? <a class="idl-code" data-link-type="attribute" data-readonly data-type="DOMString?" href="#dom-federatedcredential-protocol" id="ref-for-dom-federatedcredential-protocol"><c- g>protocol</c-></a>;
 };
-<a class="n" data-link-type="idl-name" href="#federatedcredential" id="ref-for-federatedcredential①">FederatedCredential</a> <span class="kt">includes</span> <a class="n" data-link-type="idl-name" href="#credentialuserdata" id="ref-for-credentialuserdata①">CredentialUserData</a>;
+<a class="n" data-link-type="idl-name" href="#federatedcredential" id="ref-for-federatedcredential①"><c- n>FederatedCredential</c-></a> <c- b>includes</c-> <a class="n" data-link-type="idl-name" href="#credentialuserdata" id="ref-for-credentialuserdata①"><c- n>CredentialUserData</c-></a>;
 
-<span class="kt">dictionary</span> <dfn class="nv dfn-paneled idl-code" data-dfn-type="dictionary" data-export="" id="dictdef-federatedcredentialrequestoptions"><code>FederatedCredentialRequestOptions</code></dfn> {
-  <span class="kt">sequence</span>&lt;<a class="n idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-USVString" id="ref-for-idl-USVString①③"><span class="kt">USVString</span></a>> <dfn class="nv dfn-paneled idl-code" data-dfn-for="FederatedCredentialRequestOptions" data-dfn-type="dict-member" data-export="" data-type="sequence<USVString> " id="dom-federatedcredentialrequestoptions-providers"><code>providers</code></dfn>;
-  <span class="kt">sequence</span>&lt;<a class="n idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-DOMString" id="ref-for-idl-DOMString③"><span class="kt">DOMString</span></a>> <dfn class="nv dfn-paneled idl-code" data-dfn-for="FederatedCredentialRequestOptions" data-dfn-type="dict-member" data-export="" data-type="sequence<DOMString> " id="dom-federatedcredentialrequestoptions-protocols"><code>protocols</code></dfn>;
+<c- b>dictionary</c-> <dfn class="dfn-paneled idl-code" data-dfn-type="dictionary" data-export id="dictdef-federatedcredentialrequestoptions"><code><c- g>FederatedCredentialRequestOptions</c-></code></dfn> {
+  <c- b>sequence</c->&lt;<a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-USVString" id="ref-for-idl-USVString①④"><c- b>USVString</c-></a>> <dfn class="dfn-paneled idl-code" data-dfn-for="FederatedCredentialRequestOptions" data-dfn-type="dict-member" data-export data-type="sequence<USVString> " id="dom-federatedcredentialrequestoptions-providers"><code><c- g>providers</c-></code></dfn>;
+  <c- b>sequence</c->&lt;<a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-DOMString" id="ref-for-idl-DOMString③"><c- b>DOMString</c-></a>> <dfn class="dfn-paneled idl-code" data-dfn-for="FederatedCredentialRequestOptions" data-dfn-type="dict-member" data-export data-type="sequence<DOMString> " id="dom-federatedcredentialrequestoptions-protocols"><code><c- g>protocols</c-></code></dfn>;
 };
 
-<span class="kt">partial</span> <span class="kt">dictionary</span> <a class="nv idl-code" data-link-type="dictionary" href="#dictdef-credentialrequestoptions" id="ref-for-dictdef-credentialrequestoptions①③">CredentialRequestOptions</a> {
-  <a class="n" data-link-type="idl-name" href="#dictdef-federatedcredentialrequestoptions" id="ref-for-dictdef-federatedcredentialrequestoptions">FederatedCredentialRequestOptions</a> <dfn class="nv dfn-paneled idl-code" data-dfn-for="CredentialRequestOptions" data-dfn-type="dict-member" data-export="" data-type="FederatedCredentialRequestOptions " id="dom-credentialrequestoptions-federated"><code>federated</code></dfn>;
+<c- b>partial</c-> <c- b>dictionary</c-> <a class="idl-code" data-link-type="dictionary" href="#dictdef-credentialrequestoptions" id="ref-for-dictdef-credentialrequestoptions①③"><c- g>CredentialRequestOptions</c-></a> {
+  <a class="n" data-link-type="idl-name" href="#dictdef-federatedcredentialrequestoptions" id="ref-for-dictdef-federatedcredentialrequestoptions"><c- n>FederatedCredentialRequestOptions</c-></a> <dfn class="dfn-paneled idl-code" data-dfn-for="CredentialRequestOptions" data-dfn-type="dict-member" data-export data-type="FederatedCredentialRequestOptions " id="dom-credentialrequestoptions-federated"><code><c- g>federated</c-></code></dfn>;
 };
 </pre>
     <div>
      <dl>
-      <dt data-md=""><dfn class="dfn-paneled idl-code" data-dfn-for="FederatedCredential" data-dfn-type="attribute" data-export="" id="dom-federatedcredential-provider"><code>provider</code></dfn>, <span> of type <a data-link-type="idl-name" href="https://heycam.github.io/webidl/#idl-USVString" id="ref-for-idl-USVString①④">USVString</a>, readonly</span>
-      <dd data-md="">
+      <dt data-md><dfn class="dfn-paneled idl-code" data-dfn-for="FederatedCredential" data-dfn-type="attribute" data-export id="dom-federatedcredential-provider"><code>provider</code></dfn>, <span> of type <a data-link-type="idl-name" href="https://heycam.github.io/webidl/#idl-USVString" id="ref-for-idl-USVString①⑤">USVString</a>, readonly</span>
+      <dd data-md>
        <p>The credential’s federated identity provider. See <a href="#provider-identification">§4.1.1 Identifying Providers</a> for
   details regarding valid formats.</p>
-      <dt data-md=""><dfn class="dfn-paneled idl-code" data-dfn-for="FederatedCredential" data-dfn-type="attribute" data-export="" id="dom-federatedcredential-protocol"><code>protocol</code></dfn>, <span> of type <a data-link-type="idl-name" href="https://heycam.github.io/webidl/#idl-DOMString" id="ref-for-idl-DOMString④">DOMString</a>, readonly, nullable</span>
-      <dd data-md="">
+      <dt data-md><dfn class="dfn-paneled idl-code" data-dfn-for="FederatedCredential" data-dfn-type="attribute" data-export id="dom-federatedcredential-protocol"><code>protocol</code></dfn>, <span> of type <a data-link-type="idl-name" href="https://heycam.github.io/webidl/#idl-DOMString" id="ref-for-idl-DOMString④">DOMString</a>, readonly, nullable</span>
+      <dd data-md>
        <p>The credential’s federated identity provider’s protocol (e.g. "<code>openidconnect</code>"). If the
   value is <code>null</code>, then the protocol can be inferred from the <code class="idl"><a data-link-type="idl" href="#dom-federatedcredential-provider" id="ref-for-dom-federatedcredential-provider①">provider</a></code>.</p>
-      <dt data-md=""><code class="idl"><a data-link-type="idl" href="#dom-credential-type-slot" id="ref-for-dom-credential-type-slot④">[[type]]</a></code>
-      <dd data-md="">
-       <p>The <code class="idl"><a data-link-type="idl" href="#federatedcredential" id="ref-for-federatedcredential②">FederatedCredential</a></code> <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-interface-object" id="ref-for-dfn-interface-object①④">interface object</a> has an internal slot named <code>[[type]]</code> whose
-  value is "<dfn class="idl-code" data-dfn-for="FederatedCredential" data-dfn-type="const" data-export="" id="dom-federatedcredential-federated"><code>federated</code><a class="self-link" href="#dom-federatedcredential-federated"></a></dfn>".</p>
-      <dt data-md=""><code class="idl"><a data-link-type="idl" href="#dom-credential-discovery-slot" id="ref-for-dom-credential-discovery-slot②">[[discovery]]</a></code>
-      <dd data-md="">
-       <p>The <code class="idl"><a data-link-type="idl" href="#federatedcredential" id="ref-for-federatedcredential③">FederatedCredential</a></code> <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-interface-object" id="ref-for-dfn-interface-object①⑤">interface object</a> has an internal slot named <code>[[discovery]]</code> whose value is "<code class="idl"><a data-link-type="idl" href="#dom-credential-discovery-credential-store" id="ref-for-dom-credential-discovery-credential-store②">credential store</a></code>".</p>
-      <dt data-md=""><dfn class="dfn-paneled idl-code" data-dfn-for="FederatedCredential" data-dfn-type="constructor" data-export="" id="dom-federatedcredential-federatedcredential"><code>FederatedCredential(data)</code></dfn>
-      <dd data-md="">
+      <dt data-md><code class="idl"><a data-link-type="idl" href="#dom-credential-type-slot" id="ref-for-dom-credential-type-slot④">[[type]]</a></code>
+      <dd data-md>
+       <p>The <code class="idl"><a data-link-type="idl" href="#federatedcredential" id="ref-for-federatedcredential②">FederatedCredential</a></code> <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-interface-object" id="ref-for-dfn-interface-object①⑤">interface object</a> has an internal slot named <code>[[type]]</code> whose
+  value is "<dfn class="idl-code" data-dfn-for="FederatedCredential" data-dfn-type="const" data-export id="dom-federatedcredential-federated"><code>federated</code><a class="self-link" href="#dom-federatedcredential-federated"></a></dfn>".</p>
+      <dt data-md><code class="idl"><a data-link-type="idl" href="#dom-credential-discovery-slot" id="ref-for-dom-credential-discovery-slot②">[[discovery]]</a></code>
+      <dd data-md>
+       <p>The <code class="idl"><a data-link-type="idl" href="#federatedcredential" id="ref-for-federatedcredential③">FederatedCredential</a></code> <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-interface-object" id="ref-for-dfn-interface-object①⑥">interface object</a> has an internal slot named <code>[[discovery]]</code> whose value is "<code class="idl"><a data-link-type="idl" href="#dom-credential-discovery-credential-store" id="ref-for-dom-credential-discovery-credential-store②">credential store</a></code>".</p>
+      <dt data-md><dfn class="dfn-paneled idl-code" data-dfn-for="FederatedCredential" data-dfn-type="constructor" data-export id="dom-federatedcredential-federatedcredential"><code>FederatedCredential(data)</code></dfn>
+      <dd data-md>
        <p>This constructor accepts a <code class="idl"><a data-link-type="idl" href="#dictdef-federatedcredentialinit" id="ref-for-dictdef-federatedcredentialinit①">FederatedCredentialInit</a></code> (<var>data</var>), and runs the following steps:</p>
        <ol>
-        <li data-md="">
+        <li data-md>
          <p>Let <var>r</var> be the result of executing <a data-link-type="abstract-op" href="#abstract-opdef-create-a-federatedcredential-from-federatedcredentialinit" id="ref-for-abstract-opdef-create-a-federatedcredential-from-federatedcredentialinit">Create a <code>FederatedCredential</code> from <code>FederatedCredentialInit</code></a> on <var>data</var>.</p>
-        <li data-md="">
+        <li data-md>
          <p>If <var>r</var> is an <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-exception" id="ref-for-dfn-exception①⓪">exception</a>, <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-throw" id="ref-for-dfn-throw②">throw</a> <var>r</var>.</p>
          <p>Otherwise, return <var>r</var>.</p>
        </ol>
@@ -2868,22 +2912,23 @@ <h3 class="heading settled" data-level="4.1" id="federatedcredential-interface">
     </div>
     <p><code class="idl"><a data-link-type="idl" href="#federatedcredential" id="ref-for-federatedcredential④">FederatedCredential</a></code> objects can be created by passing a <code class="idl"><a data-link-type="idl" href="#dictdef-federatedcredentialinit" id="ref-for-dictdef-federatedcredentialinit②">FederatedCredentialInit</a></code> dictionary
   into <code class="idl"><a data-link-type="idl" href="#dom-credentialscontainer-create" id="ref-for-dom-credentialscontainer-create⑥">navigator.credentials.create()</a></code>.</p>
-<pre class="idl highlight def"><span class="kt">dictionary</span> <dfn class="nv dfn-paneled idl-code" data-dfn-type="dictionary" data-export="" id="dictdef-federatedcredentialinit"><code>FederatedCredentialInit</code></dfn> : <a class="n" data-link-type="idl-name" href="#dictdef-credentialdata" id="ref-for-dictdef-credentialdata①">CredentialData</a> {
-  <a class="n idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-USVString" id="ref-for-idl-USVString①⑤"><span class="kt">USVString</span></a> <dfn class="nv idl-code" data-dfn-for="FederatedCredentialInit" data-dfn-type="dict-member" data-export="" data-type="USVString " id="dom-federatedcredentialinit-name"><code>name</code><a class="self-link" href="#dom-federatedcredentialinit-name"></a></dfn>;
-  <a class="n idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-USVString" id="ref-for-idl-USVString①⑥"><span class="kt">USVString</span></a> <dfn class="nv idl-code" data-dfn-for="FederatedCredentialInit" data-dfn-type="dict-member" data-export="" data-type="USVString " id="dom-federatedcredentialinit-iconurl"><code>iconURL</code><a class="self-link" href="#dom-federatedcredentialinit-iconurl"></a></dfn>;
-  <span class="kt">required</span> <a class="n idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-USVString" id="ref-for-idl-USVString①⑦"><span class="kt">USVString</span></a> <dfn class="nv dfn-paneled idl-code" data-dfn-for="FederatedCredentialInit" data-dfn-type="dict-member" data-export="" data-type="USVString " id="dom-federatedcredentialinit-provider"><code>provider</code></dfn>;
-  <a class="n idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-DOMString" id="ref-for-idl-DOMString⑤"><span class="kt">DOMString</span></a> <dfn class="nv idl-code" data-dfn-for="FederatedCredentialInit" data-dfn-type="dict-member" data-export="" data-type="DOMString " id="dom-federatedcredentialinit-protocol"><code>protocol</code><a class="self-link" href="#dom-federatedcredentialinit-protocol"></a></dfn>;
+<pre class="idl highlight def"><c- b>dictionary</c-> <dfn class="dfn-paneled idl-code" data-dfn-type="dictionary" data-export id="dictdef-federatedcredentialinit"><code><c- g>FederatedCredentialInit</c-></code></dfn> : <a class="n" data-link-type="idl-name" href="#dictdef-credentialdata" id="ref-for-dictdef-credentialdata①"><c- n>CredentialData</c-></a> {
+  <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-USVString" id="ref-for-idl-USVString①⑥"><c- b>USVString</c-></a> <dfn class="idl-code" data-dfn-for="FederatedCredentialInit" data-dfn-type="dict-member" data-export data-type="USVString " id="dom-federatedcredentialinit-name"><code><c- g>name</c-></code><a class="self-link" href="#dom-federatedcredentialinit-name"></a></dfn>;
+  <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-USVString" id="ref-for-idl-USVString①⑦"><c- b>USVString</c-></a> <dfn class="idl-code" data-dfn-for="FederatedCredentialInit" data-dfn-type="dict-member" data-export data-type="USVString " id="dom-federatedcredentialinit-iconurl"><code><c- g>iconURL</c-></code><a class="self-link" href="#dom-federatedcredentialinit-iconurl"></a></dfn>;
+  <c- b>required</c-> <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-USVString" id="ref-for-idl-USVString①⑧"><c- b>USVString</c-></a> <dfn class="dfn-paneled idl-code" data-dfn-for="FederatedCredentialInit" data-dfn-type="dict-member" data-export data-type="USVString " id="dom-federatedcredentialinit-origin"><code><c- g>origin</c-></code></dfn>;
+  <c- b>required</c-> <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-USVString" id="ref-for-idl-USVString①⑨"><c- b>USVString</c-></a> <dfn class="dfn-paneled idl-code" data-dfn-for="FederatedCredentialInit" data-dfn-type="dict-member" data-export data-type="USVString " id="dom-federatedcredentialinit-provider"><code><c- g>provider</c-></code></dfn>;
+  <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-DOMString" id="ref-for-idl-DOMString⑤"><c- b>DOMString</c-></a> <dfn class="idl-code" data-dfn-for="FederatedCredentialInit" data-dfn-type="dict-member" data-export data-type="DOMString " id="dom-federatedcredentialinit-protocol"><code><c- g>protocol</c-></code><a class="self-link" href="#dom-federatedcredentialinit-protocol"></a></dfn>;
 };
 
-<span class="kt">partial</span> <span class="kt">dictionary</span> <a class="nv idl-code" data-link-type="dictionary" href="#dictdef-credentialcreationoptions" id="ref-for-dictdef-credentialcreationoptions⑧">CredentialCreationOptions</a> {
-  <a class="n" data-link-type="idl-name" href="#dictdef-federatedcredentialinit" id="ref-for-dictdef-federatedcredentialinit③">FederatedCredentialInit</a> <dfn class="nv dfn-paneled idl-code" data-dfn-for="CredentialCreationOptions" data-dfn-type="dict-member" data-export="" data-type="FederatedCredentialInit " id="dom-credentialcreationoptions-federated"><code>federated</code></dfn>;
+<c- b>partial</c-> <c- b>dictionary</c-> <a class="idl-code" data-link-type="dictionary" href="#dictdef-credentialcreationoptions" id="ref-for-dictdef-credentialcreationoptions⑧"><c- g>CredentialCreationOptions</c-></a> {
+  <a class="n" data-link-type="idl-name" href="#dictdef-federatedcredentialinit" id="ref-for-dictdef-federatedcredentialinit③"><c- n>FederatedCredentialInit</c-></a> <dfn class="dfn-paneled idl-code" data-dfn-for="CredentialCreationOptions" data-dfn-type="dict-member" data-export data-type="FederatedCredentialInit " id="dom-credentialcreationoptions-federated"><code><c- g>federated</c-></code></dfn>;
 };
 </pre>
     <p><code class="idl"><a data-link-type="idl" href="#federatedcredential" id="ref-for-federatedcredential⑤">FederatedCredential</a></code> objects are <a data-link-type="dfn" href="#credential-origin-bound" id="ref-for-credential-origin-bound①">origin bound</a>.</p>
-    <p><code class="idl"><a data-link-type="idl" href="#federatedcredential" id="ref-for-federatedcredential⑥">FederatedCredential</a></code>'s <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-interface-object" id="ref-for-dfn-interface-object①⑥">interface object</a> inherits <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential④⓪">Credential</a></code>'s implementation of <code class="idl"><a data-link-type="idl" href="#dom-credential-discoverfromexternalsource-slot" id="ref-for-dom-credential-discoverfromexternalsource-slot②">[[DiscoverFromExternalSource]](options, sameOriginWithAncestors)</a></code>, and defines
-  its own implementation of <code class="idl"><a data-link-type="idl" href="#dom-federatedcredential-collectfromcredentialstore-slot" id="ref-for-dom-federatedcredential-collectfromcredentialstore-slot">[[CollectFromCredentialStore]](options, sameOriginWithAncestors)</a></code>, <code class="idl"><a data-link-type="idl" href="#dom-federatedcredential-create-slot" id="ref-for-dom-federatedcredential-create-slot">[[Create]](options, sameOriginWithAncestors)</a></code>, and <code class="idl"><a data-link-type="idl" href="#dom-federatedcredential-store-slot" id="ref-for-dom-federatedcredential-store-slot">[[Store]](credential, sameOriginWithAncestors)</a></code>.</p>
+    <p><code class="idl"><a data-link-type="idl" href="#federatedcredential" id="ref-for-federatedcredential⑥">FederatedCredential</a></code>'s <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-interface-object" id="ref-for-dfn-interface-object①⑦">interface object</a> inherits <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential④⑦">Credential</a></code>'s implementation of <code class="idl"><a data-link-type="idl" href="#dom-credential-discoverfromexternalsource-slot" id="ref-for-dom-credential-discoverfromexternalsource-slot③">[[DiscoverFromExternalSource]](origin, options, sameOriginWithAncestors)</a></code>,
+  and defines its own implementation of <code class="idl"><a data-link-type="idl" href="#dom-federatedcredential-collectfromcredentialstore-slot" id="ref-for-dom-federatedcredential-collectfromcredentialstore-slot">[[CollectFromCredentialStore]](origin, options, sameOriginWithAncestors)</a></code>, <code class="idl"><a data-link-type="idl" href="#dom-federatedcredential-create-slot" id="ref-for-dom-federatedcredential-create-slot">[[Create]](origin, options, sameOriginWithAncestors)</a></code>, and <code class="idl"><a data-link-type="idl" href="#dom-federatedcredential-store-slot" id="ref-for-dom-federatedcredential-store-slot">[[Store]](credential, sameOriginWithAncestors)</a></code>.</p>
     <p class="note" role="note"><span>Note:</span> If, in the future, we teach the user agent to obtain authentication tokens on a user’s
-  behalf, we could do so by building an implementation of <code>[[DiscoverFromExternalSource]](options, sameOriginWithAncestors)</code>.</p>
+  behalf, we could do so by building an implementation of <code>[[DiscoverFromExternalSource]](origin, options, sameOriginWithAncestors)</code>.</p>
     <h4 class="heading settled" data-level="4.1.1" id="provider-identification"><span class="secno">4.1.1. </span><span class="content">Identifying Providers</span><a class="self-link" href="#provider-identification"></a></h4>
     <p>Every site should use the same identifier when referring to a specific federated identity
   provider. For example, <a href="https://developers.facebook.com/docs/facebook-login/v2.0">Facebook Login</a> shouldn’t be referred to as "Facebook" and "Facebook Login" and "FB" and "FBL" and "Facebook.com"
@@ -2891,121 +2936,121 @@ <h4 class="heading settled" data-level="4.1.1" id="provider-identification"><spa
   identification makes it possible for user agents to be helpful.</p>
     <p>For consistency, federations passed into the APIs defined in this document (e.g. <code class="idl"><a data-link-type="idl" href="#dictdef-federatedcredentialrequestoptions" id="ref-for-dictdef-federatedcredentialrequestoptions①">FederatedCredentialRequestOptions</a></code>'s <code class="idl"><a data-link-type="idl" href="#dom-federatedcredentialrequestoptions-providers" id="ref-for-dom-federatedcredentialrequestoptions-providers">providers</a></code> array, or <code class="idl"><a data-link-type="idl" href="#federatedcredential" id="ref-for-federatedcredential⑦">FederatedCredential</a></code>'s <code class="idl"><a data-link-type="idl" href="#dom-federatedcredential-provider" id="ref-for-dom-federatedcredential-provider②">provider</a></code> property) MUST be identified by the <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/origin.html#ascii-serialisation-of-an-origin" id="ref-for-ascii-serialisation-of-an-origin">ASCII serialization</a> of the origin the provider uses
   for sign in. That is, Facebook would be represented by <code>https://www.facebook.com</code> and Google by <code>https://accounts.google.com</code>.</p>
-    <p>This serialization of an <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/origin.html#concept-origin" id="ref-for-concept-origin④">origin</a> does _not_ include a trailing U+002F SOLIDUS ("<code>/</code>"), but
+    <p>This serialization of an <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/origin.html#concept-origin" id="ref-for-concept-origin⑦">origin</a> does _not_ include a trailing U+002F SOLIDUS ("<code>/</code>"), but
   user agents SHOULD accept them silently: <code>https://accounts.google.com/</code> is clearly
   intended to be the same as <code>https://accounts.google.com</code>.</p>
     <h3 class="heading settled" data-level="4.2" id="federatedcredential-algorithms"><span class="secno">4.2. </span><span class="content">Algorithms</span><a class="self-link" href="#federatedcredential-algorithms"></a></h3>
-    <h4 class="heading settled algorithm" data-algorithm="FederatedCredential&apos;s [[CollectFromCredentialStore]](options, sameOriginWithAncestors)" data-level="4.2.1" id="collectfromcredentialstore-federatedcredential"><span class="secno">4.2.1. </span><span class="content"> <code>FederatedCredential</code>'s <code>[[CollectFromCredentialStore]](options, sameOriginWithAncestors)</code> </span><a class="self-link" href="#collectfromcredentialstore-federatedcredential"></a></h4>
-    <p><dfn class="dfn-paneled idl-code" data-dfn-for="FederatedCredential" data-dfn-type="method" data-export="" id="dom-federatedcredential-collectfromcredentialstore-slot"><code>[[CollectFromCredentialStore]](options, sameOriginWithAncestors)</code></dfn> is called
-  with a <code class="idl"><a data-link-type="idl" href="#dictdef-credentialrequestoptions" id="ref-for-dictdef-credentialrequestoptions①④">CredentialRequestOptions</a></code> (<var>options</var>), and a boolean which is <code>true</code> iff the calling
-  context is <a data-link-type="dfn" href="#same-origin-with-its-ancestors" id="ref-for-same-origin-with-its-ancestors①①">same-origin with its ancestors</a> (<var>sameOriginWithAncestors</var>). The algorithm returns
-  a set of <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential④①">Credential</a></code> objects from the <a data-link-type="dfn" href="#concept-credential-store" id="ref-for-concept-credential-store①⑨">credential store</a>. If no matching <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential④②">Credential</a></code> objects are available, the returned set will be empty.</p>
-    <p>The algorithm will return a <code>NotAllowedError</code> if <var>sameOriginWithAncestors</var> is not <code>true</code>.</p>
+    <h4 class="heading settled algorithm" data-algorithm="FederatedCredential&apos;s [[CollectFromCredentialStore]](origin, options, sameOriginWithAncestors)" data-level="4.2.1" id="collectfromcredentialstore-federatedcredential"><span class="secno">4.2.1. </span><span class="content"> <code>FederatedCredential</code>'s <code>[[CollectFromCredentialStore]](origin, options, sameOriginWithAncestors)</code> </span><a class="self-link" href="#collectfromcredentialstore-federatedcredential"></a></h4>
+    <p><dfn class="dfn-paneled idl-code" data-dfn-for="FederatedCredential" data-dfn-type="method" data-export id="dom-federatedcredential-collectfromcredentialstore-slot"><code>[[CollectFromCredentialStore]](origin, options, sameOriginWithAncestors)</code></dfn> is called with an <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/origin.html#concept-origin" id="ref-for-concept-origin⑧">origin</a> (<var>origin</var>), a <code class="idl"><a data-link-type="idl" href="#dictdef-credentialrequestoptions" id="ref-for-dictdef-credentialrequestoptions①④">CredentialRequestOptions</a></code> (<var>options</var>),
+  and a boolean which is <code>true</code> iff the calling context is <a data-link-type="dfn" href="#same-origin-with-its-ancestors" id="ref-for-same-origin-with-its-ancestors①①">same-origin with its ancestors</a> (<var>sameOriginWithAncestors</var>).
+  The algorithm returns a set of <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential④⑧">Credential</a></code> objects from
+  the <a data-link-type="dfn" href="#concept-credential-store" id="ref-for-concept-credential-store①⑨">credential store</a>. If no matching <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential④⑨">Credential</a></code> objects are available, the returned set
+  will be empty.</p>
     <ol class="algorithm">
-     <li data-md="">
+     <li data-md>
       <p class="assertion">Assert: <var>options</var>["<code class="idl"><a data-link-type="idl" href="#dom-credentialrequestoptions-federated" id="ref-for-dom-credentialrequestoptions-federated">federated</a></code>"] <a data-link-type="dfn" href="https://infra.spec.whatwg.org/#map-exists" id="ref-for-map-exists③">exists</a>.</p>
-     <li data-md="">
-      <p>If |sameOriginWithAncestors is <code>false</code>, return a "<code class="idl"><a data-link-type="idl" href="https://heycam.github.io/webidl/#notallowederror" id="ref-for-notallowederror②">NotAllowedError</a></code>" <code class="idl"><a data-link-type="idl" href="https://heycam.github.io/webidl/#idl-DOMException" id="ref-for-idl-DOMException⑥">DOMException</a></code>.</p>
+     <li data-md>
+      <p>If <var>sameOriginWithAncestors</var> is <code>false</code>, return a "<code class="idl"><a data-link-type="idl" href="https://heycam.github.io/webidl/#notallowederror" id="ref-for-notallowederror②">NotAllowedError</a></code>" <code class="idl"><a data-link-type="idl" href="https://heycam.github.io/webidl/#idl-DOMException" id="ref-for-idl-DOMException⑥">DOMException</a></code>.</p>
       <p class="note" role="note"><span>Note:</span> This restriction aims to address the concern raised in <a href="#security-origin-confusion">§6.4 Origin Confusion</a>.</p>
-     <li data-md="">
+     <li data-md>
       <p>Return the empty set if <var>options</var>["<code class="idl"><a data-link-type="idl" href="#dom-credentialrequestoptions-federated" id="ref-for-dom-credentialrequestoptions-federated①">federated</a></code>"] is not <code>true</code>.</p>
-     <li data-md="">
+     <li data-md>
       <p>Return the result of <a data-link-type="abstract-op" href="#abstract-opdef-credential-store-retrieve-a-list-of-credentials" id="ref-for-abstract-opdef-credential-store-retrieve-a-list-of-credentials①">retrieving</a> credentials from the <a data-link-type="dfn" href="#concept-credential-store" id="ref-for-concept-credential-store②⓪">credential store</a> that match the following filter:</p>
       <ol>
-       <li data-md="">
+       <li data-md>
         <p>The credential is a <code class="idl"><a data-link-type="idl" href="#federatedcredential" id="ref-for-federatedcredential⑧">FederatedCredential</a></code></p>
-       <li data-md="">
-        <p>The credential’s <code class="idl"><a data-link-type="idl" href="#dom-credential-origin-slot" id="ref-for-dom-credential-origin-slot⑥">[[origin]]</a></code> is the <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/origin.html#same-origin" id="ref-for-same-origin③">same origin</a> as the <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#current-settings-object" id="ref-for-current-settings-object⑨">current settings object</a>'s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#concept-settings-object-origin" id="ref-for-concept-settings-object-origin⑤">origin</a>.</p>
-       <li data-md="">
+       <li data-md>
+        <p>The credential’s <code class="idl"><a data-link-type="idl" href="#dom-credential-origin-slot" id="ref-for-dom-credential-origin-slot⑥">[[origin]]</a></code> is the <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/origin.html#same-origin" id="ref-for-same-origin③">same origin</a> as <var>origin</var>.</p>
+       <li data-md>
         <p>If <var>options</var>["<code class="idl"><a data-link-type="idl" href="#dom-credentialrequestoptions-federated" id="ref-for-dom-credentialrequestoptions-federated②">federated</a></code>"]["<code class="idl"><a data-link-type="idl" href="#dom-federatedcredentialrequestoptions-providers" id="ref-for-dom-federatedcredentialrequestoptions-providers①">providers</a></code>"] <a data-link-type="dfn" href="https://infra.spec.whatwg.org/#map-exists" id="ref-for-map-exists④">exists</a>, its value <a data-link-type="dfn" href="https://infra.spec.whatwg.org/#list-contain" id="ref-for-list-contain①">contains</a> the credentials’s <code class="idl"><a data-link-type="idl" href="#dom-federatedcredential-provider" id="ref-for-dom-federatedcredential-provider③">provider</a></code>.</p>
-       <li data-md="">
+       <li data-md>
         <p>If <var>options</var>["<code class="idl"><a data-link-type="idl" href="#dom-credentialrequestoptions-federated" id="ref-for-dom-credentialrequestoptions-federated③">federated</a></code>"]["<code class="idl"><a data-link-type="idl" href="#dom-federatedcredentialrequestoptions-protocols" id="ref-for-dom-federatedcredentialrequestoptions-protocols">protocols</a></code>"] <a data-link-type="dfn" href="https://infra.spec.whatwg.org/#map-exists" id="ref-for-map-exists⑤">exists</a>, its value <a data-link-type="dfn" href="https://infra.spec.whatwg.org/#list-contain" id="ref-for-list-contain②">contains</a> the credentials’s <code class="idl"><a data-link-type="idl" href="#dom-federatedcredential-protocol" id="ref-for-dom-federatedcredential-protocol①">protocol</a></code>.</p>
       </ol>
     </ol>
-    <h4 class="heading settled algorithm" data-algorithm="FederatedCredential&apos;s [[Create]](options, sameOriginWithAncestors)" data-level="4.2.2" id="create-federatedcredential"><span class="secno">4.2.2. </span><span class="content"> <code>FederatedCredential</code>'s <code>[[Create]](options, sameOriginWithAncestors)</code> </span><a class="self-link" href="#create-federatedcredential"></a></h4>
-    <p><dfn class="dfn-paneled idl-code" data-dfn-for="FederatedCredential" data-dfn-type="method" data-export="" id="dom-federatedcredential-create-slot"><code>[[Create]](options, sameOriginWithAncestors)</code></dfn> is
-  called with a <code class="idl"><a data-link-type="idl" href="#dictdef-credentialcreationoptions" id="ref-for-dictdef-credentialcreationoptions⑨">CredentialCreationOptions</a></code> (<var>options</var>), and a boolean which is <code>true</code> iff the
-  calling context is <a data-link-type="dfn" href="#same-origin-with-its-ancestors" id="ref-for-same-origin-with-its-ancestors①②">same-origin with its ancestors</a> (<var>sameOriginWithAncestors</var>). The algorithm
-  returns a <code class="idl"><a data-link-type="idl" href="#federatedcredential" id="ref-for-federatedcredential⑨">FederatedCredential</a></code> if one can be created, <code>null</code> otherwise, or an <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-exception" id="ref-for-dfn-exception①①">exception</a> in
-  exceptional circumstances:</p>
+    <h4 class="heading settled algorithm" data-algorithm="FederatedCredential&apos;s [[Create]](origin, options, sameOriginWithAncestors)" data-level="4.2.2" id="create-federatedcredential"><span class="secno">4.2.2. </span><span class="content"> <code>FederatedCredential</code>'s <code>[[Create]](origin, options, sameOriginWithAncestors)</code> </span><a class="self-link" href="#create-federatedcredential"></a></h4>
+    <p><dfn class="dfn-paneled idl-code" data-dfn-for="FederatedCredential" data-dfn-type="method" data-export id="dom-federatedcredential-create-slot"><code>[[Create]](origin, options, sameOriginWithAncestors)</code></dfn> is called with an <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/origin.html#concept-origin" id="ref-for-concept-origin⑨">origin</a> (<var>origin</var>), a <code class="idl"><a data-link-type="idl" href="#dictdef-credentialcreationoptions" id="ref-for-dictdef-credentialcreationoptions⑨">CredentialCreationOptions</a></code> (<var>options</var>), and a boolean which is <code>true</code> iff the
+  calling context is <a data-link-type="dfn" href="#same-origin-with-its-ancestors" id="ref-for-same-origin-with-its-ancestors①②">same-origin with its ancestors</a> (<var>sameOriginWithAncestors</var>).
+  The algorithm returns a <code class="idl"><a data-link-type="idl" href="#federatedcredential" id="ref-for-federatedcredential⑨">FederatedCredential</a></code> if one can be created, <code>null</code> otherwise, or an <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-exception" id="ref-for-dfn-exception①①">exception</a> in exceptional circumstances:</p>
     <ol class="algorithm">
-     <li data-md="">
+     <li data-md>
       <p class="assertion">Assert: <var>options</var>["<code class="idl"><a data-link-type="idl" href="#dom-credentialcreationoptions-federated" id="ref-for-dom-credentialcreationoptions-federated">federated</a></code>"] <a data-link-type="dfn" href="https://infra.spec.whatwg.org/#map-exists" id="ref-for-map-exists⑥">exists</a>, and <var>sameOriginWithAncestors</var> is unused.</p>
-     <li data-md="">
-      <p>Return the result of executing <a data-link-type="abstract-op" href="#abstract-opdef-create-a-federatedcredential-from-federatedcredentialinit" id="ref-for-abstract-opdef-create-a-federatedcredential-from-federatedcredentialinit①">Create a <code>FederatedCredential</code> from <code>FederatedCredentialInit</code></a> on <var>options</var>["<code class="idl"><a data-link-type="idl" href="#dom-credentialcreationoptions-federated" id="ref-for-dom-credentialcreationoptions-federated①">federated</a></code>"].</p>
+     <li data-md>
+      <p>Set <var>options</var>["<code class="idl"><a data-link-type="idl" href="#dom-credentialcreationoptions-federated" id="ref-for-dom-credentialcreationoptions-federated①">federated</a></code>"]'s <code class="idl"><a data-link-type="idl" href="#dom-federatedcredentialinit-origin" id="ref-for-dom-federatedcredentialinit-origin">origin</a></code> member’s value to <var>origin</var>’s value.</p>
+     <li data-md>
+      <p>Return the result of executing <a data-link-type="abstract-op" href="#abstract-opdef-create-a-federatedcredential-from-federatedcredentialinit" id="ref-for-abstract-opdef-create-a-federatedcredential-from-federatedcredentialinit①">Create a <code>FederatedCredential</code> from <code>FederatedCredentialInit</code></a> on <var>options</var>["<code class="idl"><a data-link-type="idl" href="#dom-credentialcreationoptions-federated" id="ref-for-dom-credentialcreationoptions-federated②">federated</a></code>"].</p>
     </ol>
     <h4 class="heading settled algorithm" data-algorithm="FederatedCredential&apos;s [[Store]](credential, sameOriginWithAncestors)" data-level="4.2.3" id="store-federatedcredential"><span class="secno">4.2.3. </span><span class="content"> <code>FederatedCredential</code>'s <code>[[Store]](credential, sameOriginWithAncestors)</code> </span><a class="self-link" href="#store-federatedcredential"></a></h4>
-    <p><dfn class="dfn-paneled idl-code" data-dfn-for="FederatedCredential" data-dfn-type="method" data-export="" id="dom-federatedcredential-store-slot"><code>[[Store]](credential, sameOriginWithAncestors)</code></dfn> is
+    <p><dfn class="dfn-paneled idl-code" data-dfn-for="FederatedCredential" data-dfn-type="method" data-export id="dom-federatedcredential-store-slot"><code>[[Store]](credential, sameOriginWithAncestors)</code></dfn> is
   called with a <code class="idl"><a data-link-type="idl" href="#federatedcredential" id="ref-for-federatedcredential①⓪">FederatedCredential</a></code> (<var>credential</var>), and a boolean which is <code>true</code> iff the
   calling context is <a data-link-type="dfn" href="#same-origin-with-its-ancestors" id="ref-for-same-origin-with-its-ancestors①③">same-origin with its ancestors</a> (<var>sameOriginWithAncestors</var>). The algorithm
   returns <code>undefined</code> once <var>credential</var> is persisted to the <a data-link-type="dfn" href="#concept-credential-store" id="ref-for-concept-credential-store②①">credential store</a>.</p>
     <p>The algorithm will return a <code>NotAllowedError</code> if <var>sameOriginWithAncestors</var> is not <code>true</code>.</p>
     <ol class="algorithm">
-     <li data-md="">
+     <li data-md>
       <p>Return a "<code class="idl"><a data-link-type="idl" href="https://heycam.github.io/webidl/#notallowederror" id="ref-for-notallowederror③">NotAllowedError</a></code>" <code class="idl"><a data-link-type="idl" href="https://heycam.github.io/webidl/#idl-DOMException" id="ref-for-idl-DOMException⑦">DOMException</a></code> without altering the user agent’s <a data-link-type="dfn" href="#concept-credential-store" id="ref-for-concept-credential-store②②">credential store</a> if <var>sameOriginWithAncestors</var> is <code>false</code>.</p>
       <p class="note" role="note"><span>Note:</span> This restriction aims to address the concern raised in <a href="#security-origin-confusion">§6.4 Origin Confusion</a>.</p>
-     <li data-md="">
+     <li data-md>
       <p>If the user agent’s <a data-link-type="dfn" href="#concept-credential-store" id="ref-for-concept-credential-store②③">credential store</a> contains a <code class="idl"><a data-link-type="idl" href="#federatedcredential" id="ref-for-federatedcredential①①">FederatedCredential</a></code> whose <code class="idl"><a data-link-type="idl" href="#dom-credential-id" id="ref-for-dom-credential-id⑥">id</a></code> attribute is <var>credential</var>’s <code class="idl"><a data-link-type="idl" href="#dom-credential-id" id="ref-for-dom-credential-id⑦">id</a></code> and whose <code class="idl"><a data-link-type="idl" href="#dom-credential-origin-slot" id="ref-for-dom-credential-origin-slot⑦">[[origin]]</a></code> slot is the <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/origin.html#same-origin" id="ref-for-same-origin④">same origin</a> as <var>credential</var>’s <code class="idl"><a data-link-type="idl" href="#dom-credential-origin-slot" id="ref-for-dom-credential-origin-slot⑧">[[origin]]</a></code>, and
   whose <code class="idl"><a data-link-type="idl" href="#dom-federatedcredential-provider" id="ref-for-dom-federatedcredential-provider④">provider</a></code> is <var>credential</var>’s <code class="idl"><a data-link-type="idl" href="#dom-federatedcredential-provider" id="ref-for-dom-federatedcredential-provider⑤">provider</a></code>, then return.</p>
-     <li data-md="">
+     <li data-md>
       <p>If the user grants permission to store credentials (as discussed when defining <a data-link-type="dfn" href="#user-mediated" id="ref-for-user-mediated⑧">user mediation</a>), then store a <code class="idl"><a data-link-type="idl" href="#federatedcredential" id="ref-for-federatedcredential①②">FederatedCredential</a></code> in the <a data-link-type="dfn" href="#concept-credential-store" id="ref-for-concept-credential-store②④">credential store</a> with
   the following properties:</p>
       <dl>
-       <dt data-md=""><code class="idl"><a data-link-type="idl" href="#dom-credential-id" id="ref-for-dom-credential-id⑧">id</a></code>
-       <dd data-md="">
+       <dt data-md><code class="idl"><a data-link-type="idl" href="#dom-credential-id" id="ref-for-dom-credential-id⑧">id</a></code>
+       <dd data-md>
         <p><var>credential</var>’s <code class="idl"><a data-link-type="idl" href="#dom-credential-id" id="ref-for-dom-credential-id⑨">id</a></code></p>
-       <dt data-md=""><code class="idl"><a data-link-type="idl" href="#dom-credentialuserdata-name" id="ref-for-dom-credentialuserdata-name⑦">name</a></code>,
-       <dd data-md="">
+       <dt data-md><code class="idl"><a data-link-type="idl" href="#dom-credentialuserdata-name" id="ref-for-dom-credentialuserdata-name⑦">name</a></code>,
+       <dd data-md>
         <p><var>credential</var>’s <code class="idl"><a data-link-type="idl" href="#dom-credentialuserdata-name" id="ref-for-dom-credentialuserdata-name⑧">name</a></code></p>
-       <dt data-md=""><code class="idl"><a data-link-type="idl" href="#dom-credentialuserdata-iconurl" id="ref-for-dom-credentialuserdata-iconurl⑦">iconURL</a></code>
-       <dd data-md="">
+       <dt data-md><code class="idl"><a data-link-type="idl" href="#dom-credentialuserdata-iconurl" id="ref-for-dom-credentialuserdata-iconurl⑦">iconURL</a></code>
+       <dd data-md>
         <p><var>credential</var>’s <code class="idl"><a data-link-type="idl" href="#dom-credentialuserdata-iconurl" id="ref-for-dom-credentialuserdata-iconurl⑧">iconURL</a></code></p>
-       <dt data-md=""><code class="idl"><a data-link-type="idl" href="#dom-credential-origin-slot" id="ref-for-dom-credential-origin-slot⑨">[[origin]]</a></code>
-       <dd data-md="">
+       <dt data-md><code class="idl"><a data-link-type="idl" href="#dom-credential-origin-slot" id="ref-for-dom-credential-origin-slot⑨">[[origin]]</a></code>
+       <dd data-md>
         <p><var>credential</var>’s <code class="idl"><a data-link-type="idl" href="#dom-credential-origin-slot" id="ref-for-dom-credential-origin-slot①⓪">[[origin]]</a></code></p>
-       <dt data-md=""><code class="idl"><a data-link-type="idl" href="#dom-federatedcredential-provider" id="ref-for-dom-federatedcredential-provider⑥">provider</a></code>
-       <dd data-md="">
+       <dt data-md><code class="idl"><a data-link-type="idl" href="#dom-federatedcredential-provider" id="ref-for-dom-federatedcredential-provider⑥">provider</a></code>
+       <dd data-md>
         <p><var>credential</var>’s <code class="idl"><a data-link-type="idl" href="#dom-federatedcredential-provider" id="ref-for-dom-federatedcredential-provider⑦">provider</a></code></p>
-       <dt data-md=""><code class="idl"><a data-link-type="idl" href="#dom-federatedcredential-protocol" id="ref-for-dom-federatedcredential-protocol②">protocol</a></code>
-       <dd data-md="">
+       <dt data-md><code class="idl"><a data-link-type="idl" href="#dom-federatedcredential-protocol" id="ref-for-dom-federatedcredential-protocol②">protocol</a></code>
+       <dd data-md>
         <p><var>credential</var>’s <code class="idl"><a data-link-type="idl" href="#dom-federatedcredential-protocol" id="ref-for-dom-federatedcredential-protocol③">protocol</a></code></p>
       </dl>
-     <li data-md="">
+     <li data-md>
       <p>Return <code>undefined</code>.</p>
     </ol>
     <h4 class="heading settled algorithm" data-algorithm="Create a FederatedCredential from FederatedCredentialInit" data-level="4.2.4" id="construct-federatedcredential-data"><span class="secno">4.2.4. </span><span class="content"> Create a <code>FederatedCredential</code> from <code>FederatedCredentialInit</code> </span><a class="self-link" href="#construct-federatedcredential-data"></a></h4>
-    <p>To <dfn class="dfn-paneled" data-dfn-type="abstract-op" data-export="" id="abstract-opdef-create-a-federatedcredential-from-federatedcredentialinit">Create a <code>FederatedCredential</code> from <code>FederatedCredentialInit</code></dfn>, given a <code class="idl"><a data-link-type="idl" href="#dictdef-federatedcredentialinit" id="ref-for-dictdef-federatedcredentialinit④">FederatedCredentialInit</a></code> (<var>init</var>), run these steps.</p>
+    <p>To <dfn class="dfn-paneled" data-dfn-type="abstract-op" data-export id="abstract-opdef-create-a-federatedcredential-from-federatedcredentialinit">Create a <code>FederatedCredential</code> from <code>FederatedCredentialInit</code></dfn>, given a <code class="idl"><a data-link-type="idl" href="#dictdef-federatedcredentialinit" id="ref-for-dictdef-federatedcredentialinit④">FederatedCredentialInit</a></code> (<var>init</var>), run these steps.</p>
     <ol class="algorithm">
-     <li data-md="">
+     <li data-md>
       <p>Let <var>c</var> be a new <code class="idl"><a data-link-type="idl" href="#federatedcredential" id="ref-for-federatedcredential①③">FederatedCredential</a></code> object.</p>
-     <li data-md="">
+     <li data-md>
       <p>If any of the following are the empty string, return a <code class="idl"><a data-link-type="idl" href="https://heycam.github.io/webidl/#exceptiondef-typeerror" id="ref-for-exceptiondef-typeerror⑤">TypeError</a></code> <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-exception" id="ref-for-dfn-exception①②">exception</a>:</p>
       <ul>
-       <li data-md="">
+       <li data-md>
         <p><var>init</var>.<code class="idl"><a data-link-type="idl" href="#dom-credentialdata-id" id="ref-for-dom-credentialdata-id③">id</a></code>'s value</p>
-       <li data-md="">
+       <li data-md>
         <p><var>init</var>.<code class="idl"><a data-link-type="idl" href="#dom-federatedcredentialinit-provider" id="ref-for-dom-federatedcredentialinit-provider">provider</a></code>'s value</p>
       </ul>
-     <li data-md="">
+     <li data-md>
       <p>Set <var>c</var>’s properties as follows:</p>
       <dl>
-       <dt data-md=""><code class="idl"><a data-link-type="idl" href="#dom-credential-id" id="ref-for-dom-credential-id①⓪">id</a></code>
-       <dd data-md="">
+       <dt data-md><code class="idl"><a data-link-type="idl" href="#dom-credential-id" id="ref-for-dom-credential-id①⓪">id</a></code>
+       <dd data-md>
         <p><var>init</var>.<code class="idl"><a data-link-type="idl" href="#dom-credentialdata-id" id="ref-for-dom-credentialdata-id④">id</a></code>'s value</p>
-       <dt data-md=""><code class="idl"><a data-link-type="idl" href="#dom-federatedcredential-provider" id="ref-for-dom-federatedcredential-provider⑧">provider</a></code>
-       <dd data-md="">
+       <dt data-md><code class="idl"><a data-link-type="idl" href="#dom-federatedcredential-provider" id="ref-for-dom-federatedcredential-provider⑧">provider</a></code>
+       <dd data-md>
         <p><var>init</var>.<code class="idl"><a data-link-type="idl" href="#dom-federatedcredentialinit-provider" id="ref-for-dom-federatedcredentialinit-provider①">provider</a></code>'s value</p>
-       <dt data-md=""><code class="idl"><a data-link-type="idl" href="#dom-credentialuserdata-iconurl" id="ref-for-dom-credentialuserdata-iconurl⑨">iconURL</a></code>
-       <dd data-md="">
+       <dt data-md><code class="idl"><a data-link-type="idl" href="#dom-credentialuserdata-iconurl" id="ref-for-dom-credentialuserdata-iconurl⑨">iconURL</a></code>
+       <dd data-md>
         <p><var>init</var>.<code class="idl"><a data-link-type="idl" href="#dom-credentialuserdata-iconurl" id="ref-for-dom-credentialuserdata-iconurl①⓪">iconURL</a></code>'s value</p>
-       <dt data-md=""><code class="idl"><a data-link-type="idl" href="#dom-credentialuserdata-name" id="ref-for-dom-credentialuserdata-name⑨">name</a></code>
-       <dd data-md="">
+       <dt data-md><code class="idl"><a data-link-type="idl" href="#dom-credentialuserdata-name" id="ref-for-dom-credentialuserdata-name⑨">name</a></code>
+       <dd data-md>
         <p><var>init</var>.<code class="idl"><a data-link-type="idl" href="#dom-credentialuserdata-name" id="ref-for-dom-credentialuserdata-name①⓪">name</a></code>'s value</p>
-       <dt data-md=""><code class="idl"><a data-link-type="idl" href="#dom-credential-origin-slot" id="ref-for-dom-credential-origin-slot①①">[[origin]]</a></code>
-       <dd data-md="">
-        <p>The <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#concept-settings-object-origin" id="ref-for-concept-settings-object-origin⑥">origin</a> of the <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#current-settings-object" id="ref-for-current-settings-object①⓪">current settings object</a>.</p>
+       <dt data-md><code class="idl"><a data-link-type="idl" href="#dom-credential-origin-slot" id="ref-for-dom-credential-origin-slot①①">[[origin]]</a></code>
+       <dd data-md>
+        <p><var>init</var>.<code class="idl"><a data-link-type="idl" href="#dom-federatedcredentialinit-origin" id="ref-for-dom-federatedcredentialinit-origin①">origin</a></code>'s value.</p>
       </dl>
-     <li data-md="">
+     <li data-md>
       <p>Return <var>c</var>.</p>
     </ol>
    </section>
@@ -3014,7 +3059,7 @@ <h2 class="heading settled" data-level="5" id="user-mediation"><span class="secn
     <p>Exposing credential information to the web via an API has a number of potential impacts on user
   privacy. The user agent, therefore, MUST involve the user in a number of cases in order to ensure
   that they clearly understands what’s going on, and with whom their credentials are being shared.</p>
-    <p>We call a particular action <dfn class="dfn-paneled" data-dfn-type="dfn" data-export="" data-lt="user mediated|user mediation" id="user-mediated">user mediated</dfn> if
+    <p>We call a particular action <dfn class="dfn-paneled" data-dfn-type="dfn" data-export data-lt="user mediated|user mediation" id="user-mediated">user mediated</dfn> if
   it takes place after gaining a user’s explicit consent. Consent might be expressed through a
   user’s direct interaction with a <a data-link-type="dfn" href="#credential-chooser" id="ref-for-credential-chooser⑧">credential chooser</a> interface, for example. In general, <a data-link-type="dfn" href="#user-mediated" id="ref-for-user-mediated⑨">user
   mediated</a> actions will involve presenting the user some sort of UI, and asking them to make a
@@ -3031,7 +3076,7 @@ <h3 class="heading settled" data-level="5.1" id="user-mediated-storage"><span cl
   storage. Inadvertent credential storage could, for instance, unexpectedly link a user’s local
   profile on a particular device to a specific online persona. To mitigate the risk of surprise:</p>
     <ol>
-     <li data-md="">
+     <li data-md>
       <p>Credential information SHOULD NOT be stored or updated without <a data-link-type="dfn" href="#user-mediated" id="ref-for-user-mediated①⓪">user mediation</a>. For
   example, the user agent could display a "Save this credential?" dialog box to the user in
   response to each call to <code class="idl"><a data-link-type="idl" href="#dom-credentialscontainer-store" id="ref-for-dom-credentialscontainer-store①②">store()</a></code>.</p>
@@ -3039,15 +3084,15 @@ <h3 class="heading settled" data-level="5.1" id="user-mediated-storage"><span cl
   in the form of an "Always save passwords" option (though we’d suggest that user agents should
   err on the side of something more narrowly scoped: perhaps "Always save _generated_
   passwords.", or "Always save passwords for this site.").</p>
-     <li data-md="">
+     <li data-md>
       <p>User agents SHOULD notify users when credentials are stored. This might take the form of an
   icon in the address bar, or some similar location.</p>
-     <li data-md="">
+     <li data-md>
       <p>User agents MUST allow users to manually remove stored credentials. This functionality might
   be implemented as a settings page, or via interaction with a notification as described above.</p>
     </ol>
     <h3 class="heading settled" data-level="5.2" id="user-mediation-requirement"><span class="secno">5.2. </span><span class="content">Requiring User Mediation</span><a class="self-link" href="#user-mediation-requirement"></a></h3>
-    <p>By default, <a data-link-type="dfn" href="#user-mediated" id="ref-for-user-mediated①①">user mediation</a> is required for all <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/origin.html#concept-origin" id="ref-for-concept-origin⑤">origins</a>, as the relevant <a data-link-type="dfn" href="#origin-prevent-silent-access-flag" id="ref-for-origin-prevent-silent-access-flag④">prevent silent
+    <p>By default, <a data-link-type="dfn" href="#user-mediated" id="ref-for-user-mediated①①">user mediation</a> is required for all <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/origin.html#concept-origin" id="ref-for-concept-origin①⓪">origins</a>, as the relevant <a data-link-type="dfn" href="#origin-prevent-silent-access-flag" id="ref-for-origin-prevent-silent-access-flag④">prevent silent
   access flag</a> in the <a data-link-type="dfn" href="#concept-credential-store" id="ref-for-concept-credential-store②⑤">credential store</a> is set to <code>true</code>. Users MAY choose to grant an
   origin persistent access to credentials (perhaps in the form of a "Stay signed into this site."
   option), which would set this flag to <code>false</code>. In this case, the user would always be signed into
@@ -3056,34 +3101,34 @@ <h3 class="heading settled" data-level="5.2" id="user-mediation-requirement"><sp
   state across devices, for instance).</p>
     <p>To mitigate the risk of surprise:</p>
     <ol>
-     <li data-md="">
+     <li data-md>
       <p>User agents MUST allow users to require <a data-link-type="dfn" href="#user-mediated" id="ref-for-user-mediated①②">user mediation</a> for a given origin or for all
   origins. This functionality might be implemented as a global toggle that overrides each
   origin’s <a data-link-type="dfn" href="#origin-prevent-silent-access-flag" id="ref-for-origin-prevent-silent-access-flag⑤"><code>prevent silent access</code> flag</a> to return <code>false</code>, or via more granular
   settings for specific origins (or specific credentials on specific origins).</p>
-     <li data-md="">
-      <p>User agents MUST NOT set an <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/origin.html#concept-origin" id="ref-for-concept-origin⑥">origin</a>'s <a data-link-type="dfn" href="#origin-prevent-silent-access-flag" id="ref-for-origin-prevent-silent-access-flag⑥"><code>prevent silent access</code> flag</a> to <code>false</code> without <a data-link-type="dfn" href="#user-mediated" id="ref-for-user-mediated①③">user mediation</a>. For example, the <a data-link-type="dfn" href="#credential-chooser" id="ref-for-credential-chooser⑨">credential chooser</a> described in <a href="#user-mediated-selection">§5.3 Credential Selection</a> could have a checkbox which the user could toggle to mark a
+     <li data-md>
+      <p>User agents MUST NOT set an <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/origin.html#concept-origin" id="ref-for-concept-origin①①">origin</a>'s <a data-link-type="dfn" href="#origin-prevent-silent-access-flag" id="ref-for-origin-prevent-silent-access-flag⑥"><code>prevent silent access</code> flag</a> to <code>false</code> without <a data-link-type="dfn" href="#user-mediated" id="ref-for-user-mediated①③">user mediation</a>. For example, the <a data-link-type="dfn" href="#credential-chooser" id="ref-for-credential-chooser⑨">credential chooser</a> described in <a href="#user-mediated-selection">§5.3 Credential Selection</a> could have a checkbox which the user could toggle to mark a
   credential as available without mediation for the origin, or the user agent could have an
   onboarding process for its credential manager which asked a user for a default setting.</p>
-     <li data-md="">
+     <li data-md>
       <p>User agents MUST notify users when credentials are provided to an origin. This could take the
   form of an icon in the address bar, or some similar location.</p>
-     <li data-md="">
+     <li data-md>
       <p>If a user clears her browsing data for an origin (cookies, localStorage, and so on), the user
   agent MUST set the <a data-link-type="dfn" href="#origin-prevent-silent-access-flag" id="ref-for-origin-prevent-silent-access-flag⑦"><code>prevent silent access</code> flag</a> to <code>true</code> for that origin.</p>
     </ol>
     <h3 class="heading settled" data-level="5.3" id="user-mediated-selection"><span class="secno">5.3. </span><span class="content">Credential Selection</span><a class="self-link" href="#user-mediated-selection"></a></h3>
     <p>When responding to a call to <code class="idl"><a data-link-type="idl" href="#dom-credentialscontainer-get" id="ref-for-dom-credentialscontainer-get②⓪">get()</a></code> on an origin which requires <a data-link-type="dfn" href="#user-mediated" id="ref-for-user-mediated①④">user mediation</a>, user agents MUST ask the user for permission to share credential information.
-  This SHOULD take the form of a <dfn class="dfn-paneled" data-dfn-type="dfn" data-export="" id="credential-chooser">credential chooser</dfn> which presents the user with a
+  This SHOULD take the form of a <dfn class="dfn-paneled" data-dfn-type="dfn" data-export id="credential-chooser">credential chooser</dfn> which presents the user with a
   list of credentials that are available for use on a site, allowing them to select one which should
   be provided to the website, or to reject the request entirely.</p>
     <p>The chooser interface SHOULD be implemented in such a way as to be distinguishable from UI which a
   website could produce. For example, the chooser might overlap the user agent’s UI in some
   unspoofable way.</p>
     <p>The chooser interface MUST include an indication of the origin which is requesting credentials.</p>
-    <p>The chooser interface SHOULD include all <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential④③">Credential</a></code> objects associated with the origin that
+    <p>The chooser interface SHOULD include all <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential⑤⓪">Credential</a></code> objects associated with the origin that
   requested credentials.</p>
-    <p>User agents MAY internally associate information with each <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential④④">Credential</a></code> object beyond the
+    <p>User agents MAY internally associate information with each <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential⑤①">Credential</a></code> object beyond the
   attributes specified in this document in order to enhance the utility of such a chooser. For
   example, favicons could help disambiguate identity providers, etc. Any additional information
   stored MUST not be exposed directly to the web.</p>
@@ -3092,9 +3137,9 @@ <h3 class="heading settled" data-level="5.3" id="user-mediated-selection"><span
   process of choosing a credential to present. That said, the interface to the chooser is as
   follows:</p>
     <section class="algorithm" data-algorithm="ask the user to choose">
-      The user agent can <dfn class="dfn-paneled" data-dfn-type="abstract-op" data-export="" data-local-lt="ask to choose" data-lt="ask the user to choose a Credential" id="abstract-opdef-ask-the-user-to-choose-a-credential">ask the user to choose a <code>Credential</code></dfn>, given a <code class="idl"><a data-link-type="idl" href="#dictdef-credentialrequestoptions" id="ref-for-dictdef-credentialrequestoptions①⑤">CredentialRequestOptions</a></code> (<var>options</var>), and a set of <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential④⑤">Credential</a></code> objects from the <a data-link-type="dfn" href="#concept-credential-store" id="ref-for-concept-credential-store②⑥">credential store</a> (<var>locally discovered credentials</var>). 
+      The user agent can <dfn class="dfn-paneled" data-dfn-type="abstract-op" data-export data-local-lt="ask to choose" data-lt="ask the user to choose a Credential" id="abstract-opdef-ask-the-user-to-choose-a-credential">ask the user to choose a <code>Credential</code></dfn>, given a <code class="idl"><a data-link-type="idl" href="#dictdef-credentialrequestoptions" id="ref-for-dictdef-credentialrequestoptions①⑤">CredentialRequestOptions</a></code> (<var>options</var>), and a set of <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential⑤②">Credential</a></code> objects from the <a data-link-type="dfn" href="#concept-credential-store" id="ref-for-concept-credential-store②⑥">credential store</a> (<var>locally discovered credentials</var>). 
      <p>This algorithm returns either <code>null</code> if the user chose not to share a credential with the site,
-    a <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential④⑥">Credential</a></code> object if the user chose a specific credential, or a <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential④⑦">Credential</a></code> <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-interface-object" id="ref-for-dfn-interface-object①⑦">interface
+    a <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential⑤③">Credential</a></code> object if the user chose a specific credential, or a <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential⑤④">Credential</a></code> <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-interface-object" id="ref-for-dfn-interface-object①⑧">interface
     object</a> if the user chose a type of credential.</p>
      <div class="note" role="note">
        It seems reasonable for the chooser interface to display the list of <var>locally discovered
@@ -3123,18 +3168,18 @@ <h3 class="heading settled" data-level="6.1" id="security-credential-access"><sp
   web, however: consider sites which divide functionality into subdomains like <code>example.com</code> vs <code>admin.example.com</code>.</p>
     <p>As a compromise between annoying users, and securing their credentials, user agents:</p>
     <ol>
-     <li data-md="">
+     <li data-md>
       <p>MUST NOT share credentials between origins whose scheme components represent a downgrade in
   security. That is, it may make sense to allow credentials saved on <code>http://example.com/</code> to
   be made available to <code>https://example.com/</code> (in order to encourage developers to migrate to
   secure transport), but the inverse would be dangerous.</p>
-     <li data-md="">
+     <li data-md>
       <p>MAY use the Public Suffix List <a data-link-type="biblio" href="#biblio-psl">[PSL]</a> to determine the effective scope of a credential by
   comparing the <a data-link-type="dfn" href="https://publicsuffix.org/list/#" id="termref-for-">registerable domain</a> of the credential’s <code class="idl"><a data-link-type="idl" href="#dom-credential-origin-slot" id="ref-for-dom-credential-origin-slot①②">[[origin]]</a></code> with the
   origin in which <code class="idl"><a data-link-type="idl" href="#dom-credentialscontainer-get" id="ref-for-dom-credentialscontainer-get②①">get()</a></code> is called. That is: credentials saved on <code>https://admin.example.com/</code> and <code>https://example.com/</code> MAY be offered to users when <code class="idl"><a data-link-type="idl" href="#dom-credentialscontainer-get" id="ref-for-dom-credentialscontainer-get②②">get()</a></code> is called from <code>https://www.example.com/</code>, and vice versa.</p>
-     <li data-md="">
+     <li data-md>
       <p>MUST NOT offer credentials to an origin in response to <code class="idl"><a data-link-type="idl" href="#dom-credentialscontainer-get" id="ref-for-dom-credentialscontainer-get②③">get()</a></code> without <a data-link-type="dfn" href="#user-mediated" id="ref-for-user-mediated①⑤">user mediation</a> if the credential’s origin is not an exact match for the calling origin.
-  That is, <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential④⑧">Credential</a></code> objects for <code>https://example.com</code> would not be returned directly to <code>https://www.example.com</code>, but could be offered to the user via the chooser.</p>
+  That is, <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential⑤⑤">Credential</a></code> objects for <code>https://example.com</code> would not be returned directly to <code>https://www.example.com</code>, but could be offered to the user via the chooser.</p>
     </ol>
     <h3 class="heading settled" data-level="6.2" id="security-leakage"><span class="secno">6.2. </span><span class="content">Credential Leakage</span><a class="self-link" href="#security-leakage"></a></h3>
     <p>Developers are well-advised to take
@@ -3142,14 +3187,14 @@ <h3 class="heading settled" data-level="6.2" id="security-leakage"><span class="
   persistent access to a user’s account by setting a reasonable Content Security Policy <a data-link-type="biblio" href="#biblio-csp">[CSP]</a> which restricts the endpoints to which data can be sent. In particular, developers should ensure
   that the following directives are set, explicitly or implicitly, in their pages' policies:</p>
     <ul>
-     <li data-md="">
+     <li data-md>
       <p><a data-link-type="dfn" href="https://w3c.github.io/webappsec-csp/#script-src" id="ref-for-script-src"><code>script-src</code></a> and <a data-link-type="dfn" href="https://w3c.github.io/webappsec-csp/#object-src" id="ref-for-object-src"><code>object-src</code></a> both restrict script execution on a page, making
   it less likely that a cross-site scripting attack will succeed in the first place. If sites
   are populating <code><a data-link-type="element" href="https://html.spec.whatwg.org/multipage/forms.html#the-form-element" id="ref-for-the-form-element②">form</a></code> elements, also <a data-link-type="dfn" href="https://w3c.github.io/webappsec-csp/#form-action" id="ref-for-form-action"><code>form-action</code></a> directives should be set.</p>
-     <li data-md="">
+     <li data-md>
       <p><a data-link-type="dfn" href="https://w3c.github.io/webappsec-csp/#connect-src" id="ref-for-connect-src"><code>connect-src</code></a> restricts the origins to which <code class="idl"><a data-link-type="idl" href="https://fetch.spec.whatwg.org/#dom-global-fetch" id="ref-for-dom-global-fetch①">fetch()</a></code> may submit data (which
   mitigates the risk that credentials could be exfiltrated to <code>evil.com</code>.</p>
-     <li data-md="">
+     <li data-md>
       <p><a data-link-type="dfn" href="https://w3c.github.io/webappsec-csp/#child-src" id="ref-for-child-src"><code>child-src</code></a> restricts the nested browsing contexts which may be embedded in a page,
   making it more difficult to inject a malicious <code>postMessage()</code> target. <a data-link-type="biblio" href="#biblio-webmessaging">[WEBMESSAGING]</a></p>
     </ul>
@@ -3172,8 +3217,8 @@ <h3 class="heading settled" data-level="6.4" id="security-origin-confusion"><spa
   credential types will be straightforward to make available if user agents put enough thought and
   context into their UI.</p>
     <p>Specific credential types, however, will be difficult to expose in those contexts without risk.
-  Those credential types are restricted via checks in their <code class="idl"><a data-link-type="idl" href="#dom-credential-create-slot" id="ref-for-dom-credential-create-slot①">[[Create]](options, sameOriginWithAncestors)</a></code>, <code class="idl"><a data-link-type="idl" href="#dom-credential-collectfromcredentialstore-slot" id="ref-for-dom-credential-collectfromcredentialstore-slot①">[[CollectFromCredentialStore]](options, sameOriginWithAncestors)</a></code>, <code class="idl"><a data-link-type="idl" href="#dom-credential-discoverfromexternalsource-slot" id="ref-for-dom-credential-discoverfromexternalsource-slot③">[[DiscoverFromExternalSource]](options, sameOriginWithAncestors)</a></code>, and <code class="idl"><a data-link-type="idl" href="#dom-credential-store-slot" id="ref-for-dom-credential-store-slot①">[[Store]](credential, sameOriginWithAncestors)</a></code> methods, as appropriate.</p>
-    <p>For example <code class="idl"><a data-link-type="idl" href="#passwordcredential" id="ref-for-passwordcredential②①">PasswordCredential</a></code>'s <code class="idl"><a data-link-type="idl" href="#dom-passwordcredential-collectfromcredentialstore-slot" id="ref-for-dom-passwordcredential-collectfromcredentialstore-slot①">[[CollectFromCredentialStore]](options, sameOriginWithAncestors)</a></code> method
+  Those credential types are restricted via checks in their <code class="idl"><a data-link-type="idl" href="#dom-credential-create-slot" id="ref-for-dom-credential-create-slot②">[[Create]](origin, options, sameOriginWithAncestors)</a></code>, <code class="idl"><a data-link-type="idl" href="#dom-credential-collectfromcredentialstore-slot" id="ref-for-dom-credential-collectfromcredentialstore-slot②">[[CollectFromCredentialStore]](origin, options, sameOriginWithAncestors)</a></code>, <code class="idl"><a data-link-type="idl" href="#dom-credential-discoverfromexternalsource-slot" id="ref-for-dom-credential-discoverfromexternalsource-slot④">[[DiscoverFromExternalSource]](origin, options, sameOriginWithAncestors)</a></code>, and <code class="idl"><a data-link-type="idl" href="#dom-credential-store-slot" id="ref-for-dom-credential-store-slot②">[[Store]](credential, sameOriginWithAncestors)</a></code> methods, as appropriate.</p>
+    <p>For example <code class="idl"><a data-link-type="idl" href="#passwordcredential" id="ref-for-passwordcredential②①">PasswordCredential</a></code>'s <code class="idl"><a data-link-type="idl" href="#dom-passwordcredential-collectfromcredentialstore-slot" id="ref-for-dom-passwordcredential-collectfromcredentialstore-slot①">[[CollectFromCredentialStore]](origin, options, sameOriginWithAncestors)</a></code> method
   will immedietely return an empty set if called from inside a <code class="idl"><a data-link-type="idl" href="https://html.spec.whatwg.org/multipage/workers.html#worker" id="ref-for-worker">Worker</a></code>, or a non-<a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/browsers.html#top-level-browsing-context" id="ref-for-top-level-browsing-context①">top-level
   browsing context</a>.</p>
     <h3 class="heading settled" data-level="6.5" id="security-timing"><span class="secno">6.5. </span><span class="content">Timing Attacks</span><a class="self-link" href="#security-timing"></a></h3>
@@ -3197,16 +3242,16 @@ <h3 class="heading settled" data-level="6.6" id="security-signout"><span class="
   for disabling automatic sign-in for a particular origin. This could be tied to the notification
   that credentials have been provided to an origin, for example.</p>
     <h3 class="heading settled" data-level="6.7" id="security-chooser-leakage"><span class="secno">6.7. </span><span class="content">Chooser Leakage</span><a class="self-link" href="#security-chooser-leakage"></a></h3>
-    <p>If a user agent’s <a data-link-type="dfn" href="#credential-chooser" id="ref-for-credential-chooser①⓪">credential chooser</a> displays images supplied by an origin (for example, if a <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential④⑨">Credential</a></code> displays a site’s favicon), then, requests for these images MUST NOT be directly
+    <p>If a user agent’s <a data-link-type="dfn" href="#credential-chooser" id="ref-for-credential-chooser①⓪">credential chooser</a> displays images supplied by an origin (for example, if a <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential⑤⑥">Credential</a></code> displays a site’s favicon), then, requests for these images MUST NOT be directly
   tied to instantiating the chooser in order to avoid leaking chooser usage. One option would be to
-  fetch the images in the background when saving or updating a <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential⑤⓪">Credential</a></code>, and to cache them for
-  the lifetime of the <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential⑤①">Credential</a></code>.</p>
+  fetch the images in the background when saving or updating a <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential⑤⑦">Credential</a></code>, and to cache them for
+  the lifetime of the <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential⑤⑧">Credential</a></code>.</p>
     <p>These images MUST be fetched with the <a data-link-type="dfn" href="https://fetch.spec.whatwg.org/#concept-request-credentials-mode" id="ref-for-concept-request-credentials-mode">credentials mode</a> set to "<code>omit</code>", the <a data-link-type="dfn" href="https://fetch.spec.whatwg.org/#request-service-workers-mode" id="ref-for-request-service-workers-mode">service-workers mode</a> set to "<code>none</code>", the <a data-link-type="dfn" href="https://fetch.spec.whatwg.org/#concept-request-client" id="ref-for-concept-request-client">client</a> set to <code>null</code>, the <a data-link-type="dfn" href="https://fetch.spec.whatwg.org/#concept-request-initiator" id="ref-for-concept-request-initiator">initiator</a> set to the empty string, and the <a data-link-type="dfn" href="https://fetch.spec.whatwg.org/#concept-request-destination" id="ref-for-concept-request-destination">destination</a> "<code>subresource</code>".</p>
     <p>Moreover, if the user agent allows the user to change either the name or icon associated with the
   credential, the alterations to the data SHOULD NOT be exposed to the website (consider a user who
   names two credentials for an origin "My fake account" and "My real account", for instance).</p>
     <h3 class="heading settled" data-level="6.8" id="security-local-data"><span class="secno">6.8. </span><span class="content">Locally Stored Data</span><a class="self-link" href="#security-local-data"></a></h3>
-    <p>This API offers an <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/origin.html#concept-origin" id="ref-for-concept-origin⑦">origin</a> the ability to store data persistently along with a user’s profile.
+    <p>This API offers an <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/origin.html#concept-origin" id="ref-for-concept-origin①②">origin</a> the ability to store data persistently along with a user’s profile.
   Since most user agents treat credential data differently than "browsing data" (cookies, etc.)
   this might have the side effect of surprising a user who might believe that all traces of an
   origin have been wiped out when they clear their cookies.</p>
@@ -3221,19 +3266,19 @@ <h3 class="heading settled" data-level="7.1" id="implementation-authors"><span c
     <p class="issue" id="issue-84808a53"><a class="self-link" href="#issue-84808a53"></a> Add some thoughts here about when and how the API
   should be used, especially with regard to <code class="idl"><a data-link-type="idl" href="#dom-credentialrequestoptions-mediation" id="ref-for-dom-credentialrequestoptions-mediation①④">mediation</a></code>. <a href="https://github.com/w3c/webappsec/issues/290">&lt;https://github.com/w3c/webappsec/issues/290></a></p>
     <p class="issue" id="issue-19b3ffaf"><a class="self-link" href="#issue-19b3ffaf"></a> Describe encoding restrictions of submitting credentials by <code class="idl"><a data-link-type="idl" href="https://fetch.spec.whatwg.org/#dom-global-fetch" id="ref-for-dom-global-fetch②">fetch()</a></code> with
-  a <code class="idl"><a data-link-type="idl" href="https://xhr.spec.whatwg.org/#interface-formdata" id="ref-for-interface-formdata②">FormData</a></code> body.</p>
+  a <code class="idl"><a data-link-type="idl" href="https://xhr.spec.whatwg.org/#interface-formdata" id="ref-for-interface-formdata①">FormData</a></code> body.</p>
     <p>When performing feature detection for a given credential type, developers are encouraged to verify
-  that the relevant <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential⑤②">Credential</a></code> specialization is present, rather than relying on the presence of <code>navigator.credentals</code>. The latter verifies the existence of the API itself, but does not ensure
+  that the relevant <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential⑤⑨">Credential</a></code> specialization is present, rather than relying on the presence of <code>navigator.credentals</code>. The latter verifies the existence of the API itself, but does not ensure
   that the specific kind of credential necessary for a given site is supported. For example, if a
   given site requires passwords, checking <code>if (window.PasswordCredential)</code> is the most effective
   verification of support.</p>
     <h3 class="heading settled" data-level="7.2" id="implementation-extension"><span class="secno">7.2. </span><span class="content">Extension Points</span><a class="self-link" href="#implementation-extension"></a></h3>
     <p>This document provides a generic, high-level API that’s meant to be extended with specific types
-  of <a data-link-type="dfn" href="#concept-credential" id="ref-for-concept-credential①⑥">credentials</a> that serve specific authentication needs. Doing so is, hopefully,
+  of <a data-link-type="dfn" href="#concept-credential" id="ref-for-concept-credential①⑦">credentials</a> that serve specific authentication needs. Doing so is, hopefully,
   straightforward:</p>
     <ol>
-     <li data-md="">
-      <p>Define a new interface that inherits from <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential⑤③">Credential</a></code>:</p>
+     <li data-md>
+      <p>Define a new interface that inherits from <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential⑥⓪">Credential</a></code>:</p>
       <div class="example" id="example-99055e03">
        <a class="self-link" href="#example-99055e03"></a> 
 <pre>[Exposed=Window,
@@ -3243,38 +3288,39 @@ <h3 class="heading settled" data-level="7.2" id="implementation-extension"><span
 };
 </pre>
       </div>
-     <li data-md="">
-      <p>Define appropriate <code class="idl"><a data-link-type="idl" href="#dom-credential-create-slot" id="ref-for-dom-credential-create-slot②">[[Create]](options, sameOriginWithAncestors)</a></code>, <code class="idl"><a data-link-type="idl" href="#dom-credential-collectfromcredentialstore-slot" id="ref-for-dom-credential-collectfromcredentialstore-slot②">[[CollectFromCredentialStore]](options, sameOriginWithAncestors)</a></code>, <code class="idl"><a data-link-type="idl" href="#dom-credential-discoverfromexternalsource-slot" id="ref-for-dom-credential-discoverfromexternalsource-slot④">[[DiscoverFromExternalSource]](options, sameOriginWithAncestors)</a></code>, and <code class="idl"><a data-link-type="idl" href="#dom-credential-store-slot" id="ref-for-dom-credential-store-slot②">[[Store]](credential, sameOriginWithAncestors)</a></code> methods on <code>ExampleCredential</code>'s <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-interface-object" id="ref-for-dfn-interface-object①⑧">interface object</a>. <code class="idl"><a data-link-type="idl" href="#dom-credential-collectfromcredentialstore-slot" id="ref-for-dom-credential-collectfromcredentialstore-slot③">[[CollectFromCredentialStore]](options, sameOriginWithAncestors)</a></code> is appropriate for <a data-link-type="dfn" href="#concept-credential" id="ref-for-concept-credential①⑦">credentials</a> that remain <a data-link-type="dfn" href="#credential-effective" id="ref-for-credential-effective③">effective</a> forever and
-  can therefore simply be copied out of the <a data-link-type="dfn" href="#concept-credential-store" id="ref-for-concept-credential-store②⑧">credential store</a>, while <code class="idl"><a data-link-type="idl" href="#dom-credential-discoverfromexternalsource-slot" id="ref-for-dom-credential-discoverfromexternalsource-slot⑤">[[DiscoverFromExternalSource]](options, sameOriginWithAncestors)</a></code> is
-  appropriate for <a data-link-type="dfn" href="#concept-credential" id="ref-for-concept-credential①⑧">credentials</a> that need to be re-generated from a <a data-link-type="dfn" href="#credential-source" id="ref-for-credential-source①">credential source</a>.</p>
-      <p>Long-running operations, like those in <code class="idl"><a data-link-type="idl" href="https://w3c.github.io/webauthn/#publickeycredential" id="ref-for-publickeycredential">PublicKeyCredential</a></code>'s <code class="idl"><a data-link-type="idl">[[Create]](options, sameOriginWithAncestors)</a></code> and <code class="idl"><a data-link-type="idl">[[DiscoverFromExternalSource]](options, sameOriginWithAncestors)</a></code> operations are encouraged to use <code>options.signal</code> to allow developers to abort
+     <li data-md>
+      <p>Define appropriate <code class="idl"><a data-link-type="idl" href="#dom-credential-create-slot" id="ref-for-dom-credential-create-slot③">[[Create]](origin, options, sameOriginWithAncestors)</a></code>, <code class="idl"><a data-link-type="idl" href="#dom-credential-collectfromcredentialstore-slot" id="ref-for-dom-credential-collectfromcredentialstore-slot③">[[CollectFromCredentialStore]](origin, options, sameOriginWithAncestors)</a></code>, <code class="idl"><a data-link-type="idl" href="#dom-credential-discoverfromexternalsource-slot" id="ref-for-dom-credential-discoverfromexternalsource-slot⑤">[[DiscoverFromExternalSource]](origin, options, sameOriginWithAncestors)</a></code>, and <code class="idl"><a data-link-type="idl" href="#dom-credential-store-slot" id="ref-for-dom-credential-store-slot③">[[Store]](credential, sameOriginWithAncestors)</a></code> methods on <code>ExampleCredential</code>'s <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-interface-object" id="ref-for-dfn-interface-object①⑨">interface object</a>. <code class="idl"><a data-link-type="idl" href="#dom-credential-collectfromcredentialstore-slot" id="ref-for-dom-credential-collectfromcredentialstore-slot④">[[CollectFromCredentialStore]](origin, options, sameOriginWithAncestors)</a></code> is appropriate for <a data-link-type="dfn" href="#concept-credential" id="ref-for-concept-credential①⑧">credentials</a> that remain <a data-link-type="dfn" href="#credential-effective" id="ref-for-credential-effective③">effective</a> forever and
+  can therefore simply be copied out of the <a data-link-type="dfn" href="#concept-credential-store" id="ref-for-concept-credential-store②⑧">credential store</a>, while <code class="idl"><a data-link-type="idl" href="#dom-credential-discoverfromexternalsource-slot" id="ref-for-dom-credential-discoverfromexternalsource-slot⑥">[[DiscoverFromExternalSource]](origin, options, sameOriginWithAncestors)</a></code> is appropriate for <a data-link-type="dfn" href="#concept-credential" id="ref-for-concept-credential①⑨">credentials</a> that need to be re-generated from a <a data-link-type="dfn" href="#credential-source" id="ref-for-credential-source①">credential source</a>.</p>
+      <p>Long-running operations, like those in <code class="idl"><a data-link-type="idl" href="https://w3c.github.io/webauthn/#publickeycredential" id="ref-for-publickeycredential">PublicKeyCredential</a></code>'s <code class="idl"><a data-link-type="idl" href="https://w3c.github.io/webauthn/#dom-publickeycredential-create-slot" id="ref-for-dom-publickeycredential-create-slot">[[Create]](origin, options, sameOriginWithAncestors)</a></code> and <code class="idl"><a data-link-type="idl" href="https://w3c.github.io/webauthn/#dom-publickeycredential-discoverfromexternalsource-slot" id="ref-for-dom-publickeycredential-discoverfromexternalsource-slot">[[DiscoverFromExternalSource]](origin, options, sameOriginWithAncestors)</a></code> operations are encouraged to use <code>options.signal</code> to allow developers to abort
   the operation. See <a href="https://dom.spec.whatwg.org/#abortcontroller-api-integration">DOM §3.3 Using AbortController and AbortSignal objects in APIs</a> for detailed instructions.</p>
-      <div class="example" id="example-7780cf3b">
-       <a class="self-link" href="#example-7780cf3b"></a> <code>ExampleCredential</code>'s <code>[[CollectFromCredentialStore]](options, sameOriginWithAncestors)</code> internal method is called with a CredentialRequestOptions object (<code>options</code>), and a boolean
-    which is <code>true</code> iff the calling context is <a data-link-type="dfn" href="#same-origin-with-its-ancestors" id="ref-for-same-origin-with-its-ancestors①④">same-origin with its ancestors</a>. The algorithm
-    returns a set of <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential⑤④">Credential</a></code> objects that match the options provided. If no matching <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential⑤⑤">Credential</a></code> objects are available, the returned set will be empty. 
+      <div class="example" id="example-aa966077">
+       <a class="self-link" href="#example-aa966077"></a> <code>ExampleCredential</code>'s <code>[[CollectFromCredentialStore]](origin, options, sameOriginWithAncestors)</code> internal method is called
+    with an <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#concept-settings-object-origin" id="ref-for-concept-settings-object-origin⑨">origin</a> (<code>origin</code>), a CredentialRequestOptions
+    object (<code>options</code>), and a boolean which is <code>true</code> iff the calling context is <a data-link-type="dfn" href="#same-origin-with-its-ancestors" id="ref-for-same-origin-with-its-ancestors①④">same-origin with its ancestors</a>.
+    The algorithm returns a set of <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential⑥①">Credential</a></code> objects that match the options provided. If no matching <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential⑥②">Credential</a></code> objects are
+    available, the returned set will be empty. 
        <ol>
-        <li data-md="">
+        <li data-md>
          <p class="assertion">Assert: <code>options</code>[<code>example</code>] exists.</p>
-        <li data-md="">
+        <li data-md>
          <p>If <code>options</code>[<code>example</code>] is not truthy, return the empty set.</p>
-        <li data-md="">
+        <li data-md>
          <p>For each <i>credential</i> in the <a data-link-type="dfn" href="#concept-credential-store" id="ref-for-concept-credential-store②⑨">credential store</a>:</p>
          <ol>
-          <li data-md="">
+          <li data-md>
            <p>...</p>
          </ol>
        </ol>
       </div>
-     <li data-md="">
-      <p>Define the value of the <code>ExampleCredential</code> <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-interface-object" id="ref-for-dfn-interface-object①⑨">interface object</a>'s <code class="idl"><a data-link-type="idl" href="#dom-credential-type-slot" id="ref-for-dom-credential-type-slot⑤">[[type]]</a></code> slot:</p>
-      <div class="example" id="example-b9aa85d8"><a class="self-link" href="#example-b9aa85d8"></a> The <code>ExampleCredential</code> <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-interface-object" id="ref-for-dfn-interface-object②⓪">interface object</a> has an internal slot named <code>[[type]]</code> whose
+     <li data-md>
+      <p>Define the value of the <code>ExampleCredential</code> <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-interface-object" id="ref-for-dfn-interface-object②⓪">interface object</a>'s <code class="idl"><a data-link-type="idl" href="#dom-credential-type-slot" id="ref-for-dom-credential-type-slot⑤">[[type]]</a></code> slot:</p>
+      <div class="example" id="example-b9aa85d8"><a class="self-link" href="#example-b9aa85d8"></a> The <code>ExampleCredential</code> <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-interface-object" id="ref-for-dfn-interface-object②①">interface object</a> has an internal slot named <code>[[type]]</code> whose
     value is the string "<code>example</code>". </div>
-     <li data-md="">
-      <p>Define the value of the <code>ExampleCredential</code> <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-interface-object" id="ref-for-dfn-interface-object②①">interface object</a>'s <code class="idl"><a data-link-type="idl" href="#dom-credential-discovery-slot" id="ref-for-dom-credential-discovery-slot③">[[discovery]]</a></code> slot:</p>
-      <div class="example" id="example-1ee7dd92"><a class="self-link" href="#example-1ee7dd92"></a> The <code>ExampleCredential</code> <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-interface-object" id="ref-for-dfn-interface-object②②">interface object</a> has an internal slot named <code>[[type]]</code> whose
+     <li data-md>
+      <p>Define the value of the <code>ExampleCredential</code> <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-interface-object" id="ref-for-dfn-interface-object②②">interface object</a>'s <code class="idl"><a data-link-type="idl" href="#dom-credential-discovery-slot" id="ref-for-dom-credential-discovery-slot③">[[discovery]]</a></code> slot:</p>
+      <div class="example" id="example-1ee7dd92"><a class="self-link" href="#example-1ee7dd92"></a> The <code>ExampleCredential</code> <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-interface-object" id="ref-for-dfn-interface-object②③">interface object</a> has an internal slot named <code>[[type]]</code> whose
     value is "<code class="idl"><a data-link-type="idl" href="#dom-credential-discovery-credential-store" id="ref-for-dom-credential-discovery-credential-store③">credential store</a></code>". </div>
-     <li data-md="">
+     <li data-md>
       <p>Extend <code class="idl"><a data-link-type="idl" href="#dictdef-credentialrequestoptions" id="ref-for-dictdef-credentialrequestoptions①⑥">CredentialRequestOptions</a></code> with the options the new credential type needs to respond
   reasonably to <code class="idl"><a data-link-type="idl" href="#dom-credentialscontainer-get" id="ref-for-dom-credentialscontainer-get②⑤">get()</a></code>:</p>
       <div class="example" id="example-b76ecbfb">
@@ -3288,7 +3334,7 @@ <h3 class="heading settled" data-level="7.2" id="implementation-extension"><span
 };
 </pre>
       </div>
-     <li data-md="">
+     <li data-md>
       <p>Extend <code class="idl"><a data-link-type="idl" href="#dictdef-credentialcreationoptions" id="ref-for-dictdef-credentialcreationoptions①⓪">CredentialCreationOptions</a></code> with the data the new credential type needs to create <code>Credential</code> objects in response to <code class="idl"><a data-link-type="idl" href="#dom-credentialscontainer-create" id="ref-for-dom-credentialscontainer-create⑦">create()</a></code>:</p>
       <div class="example" id="example-a3c18cc7">
        <a class="self-link" href="#example-a3c18cc7"></a> 
@@ -3303,7 +3349,7 @@ <h3 class="heading settled" data-level="7.2" id="implementation-extension"><span
       </div>
     </ol>
     <p>You might also find that new primitives are necessary. For instance, you might want to return
-  many <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential⑤⑥">Credential</a></code> objects rather than just one in some sort of complicated, multi-factor
+  many <code class="idl"><a data-link-type="idl" href="#credential" id="ref-for-credential⑥③">Credential</a></code> objects rather than just one in some sort of complicated, multi-factor
   sign-in process. That might be accomplished in a generic fashion by adding a <code>getAll()</code> method to <code class="idl"><a data-link-type="idl" href="#credentialscontainer" id="ref-for-credentialscontainer⑥">CredentialsContainer</a></code> which returned a <code>sequence&lt;Credential></code>, and defining a reasonable
   mechanism for dealing with requesting credentials of distinct types.</p>
     <p>For any such extension, we recommend getting in touch with <a href="mailto:public-webappsec@w3.org">public-webappsec@</a> for consultation and review.</p>
@@ -3376,9 +3422,9 @@ <h3 class="no-num no-ref heading settled" id="index-defined-here"><span class="c
    <li><a href="#abstract-opdef-ask-the-user-to-choose-a-credential">ask to choose</a><span>, in §5.3</span>
    <li><a href="#abstract-opdef-collect-credentials-from-the-credential-store">collect Credentials from the credential store</a><span>, in §2.5.2</span>
    <li>
-    [[CollectFromCredentialStore]](options, sameOriginWithAncestors)
+    [[CollectFromCredentialStore]](origin, options, sameOriginWithAncestors)
     <ul>
-     <li><a href="#dom-credential-collectfromcredentialstore-slot">method for Credential</a><span>, in §2.2.1</span>
+     <li><a href="#dom-credential-collectfromcredentialstore-slot">method for Credential</a><span>, in §2.2.1.1</span>
      <li><a href="#dom-federatedcredential-collectfromcredentialstore-slot">method for FederatedCredential</a><span>, in §4.2.1</span>
      <li><a href="#dom-passwordcredential-collectfromcredentialstore-slot">method for PasswordCredential</a><span>, in §3.3.1</span>
     </ul>
@@ -3390,15 +3436,14 @@ <h3 class="no-num no-ref heading settled" id="index-defined-here"><span class="c
    <li><a href="#abstract-opdef-create-a-passwordcredential-from-passwordcredentialdata">Create a PasswordCredential from PasswordCredentialData</a><span>, in §3.3.5</span>
    <li><a href="#dom-credentialscontainer-create">create(options)</a><span>, in §2.3</span>
    <li>
-    [[Create]](options, sameOriginWithAncestors)
+    [[Create]](origin, options, sameOriginWithAncestors)
     <ul>
-     <li><a href="#dom-credential-create-slot">method for Credential</a><span>, in §2.2.1</span>
+     <li><a href="#dom-credential-create-slot">method for Credential</a><span>, in §2.2.1.4</span>
      <li><a href="#dom-federatedcredential-create-slot">method for FederatedCredential</a><span>, in §4.2.2</span>
      <li><a href="#dom-passwordcredential-create-slot">method for PasswordCredential</a><span>, in §3.3.2</span>
     </ul>
    <li><a href="#credential">Credential</a><span>, in §2.2</span>
    <li><a href="#concept-credential">credential</a><span>, in §2</span>
-   <li><a href="#typedefdef-credentialbodytype">CredentialBodyType</a><span>, in §3.2</span>
    <li><a href="#credential-chooser">credential chooser</a><span>, in §5.3</span>
    <li><a href="#dictdef-credentialcreationoptions">CredentialCreationOptions</a><span>, in §2.4</span>
    <li><a href="#dictdef-credentialdata">CredentialData</a><span>, in §2.3</span>
@@ -3413,8 +3458,9 @@ <h3 class="no-num no-ref heading settled" id="index-defined-here"><span class="c
      <li><a href="#concept-credential-store">definition of</a><span>, in §2.1</span>
      <li><a href="#dom-credential-discovery-credential-store">enum-value for Credential/[[discovery]]</a><span>, in §2.2</span>
     </ul>
+   <li><a href="#credential-credential-type">credential type</a><span>, in §2.2</span>
    <li><a href="#credentialuserdata">CredentialUserData</a><span>, in §2.2.2</span>
-   <li><a href="#dom-credential-discoverfromexternalsource-slot">[[DiscoverFromExternalSource]](options, sameOriginWithAncestors)</a><span>, in §2.2.1</span>
+   <li><a href="#dom-credential-discoverfromexternalsource-slot">[[DiscoverFromExternalSource]](origin, options, sameOriginWithAncestors)</a><span>, in §2.2.1.2</span>
    <li><a href="#dom-credential-discovery-slot">[[discovery]]</a><span>, in §2.2</span>
    <li><a href="#credential-effective">effective</a><span>, in §2</span>
    <li>
@@ -3454,6 +3500,12 @@ <h3 class="no-num no-ref heading settled" id="index-defined-here"><span class="c
      <li><a href="#dom-passwordcredentialdata-name">dict-member for PasswordCredentialData</a><span>, in §3.2</span>
     </ul>
    <li><a href="#dom-credentialmediationrequirement-optional">optional</a><span>, in §2.3.2</span>
+   <li>
+    origin
+    <ul>
+     <li><a href="#dom-federatedcredentialinit-origin">dict-member for FederatedCredentialInit</a><span>, in §4.1</span>
+     <li><a href="#dom-passwordcredentialdata-origin">dict-member for PasswordCredentialData</a><span>, in §3.2</span>
+    </ul>
    <li><a href="#dom-credential-origin-slot">[[origin]]</a><span>, in §2.2</span>
    <li><a href="#credential-origin-bound">origin bound</a><span>, in §2.2</span>
    <li>
@@ -3470,8 +3522,8 @@ <h3 class="no-num no-ref heading settled" id="index-defined-here"><span class="c
    <li><a href="#dictdef-passwordcredentialdata">PasswordCredentialData</a><span>, in §3.2</span>
    <li><a href="#dom-passwordcredential-passwordcredential">PasswordCredential(form)</a><span>, in §3.2</span>
    <li><a href="#typedefdef-passwordcredentialinit">PasswordCredentialInit</a><span>, in §3.2</span>
-   <li><a href="#abstract-opdef-prevent-silent-access">Prevent Silent Access</a><span>, in §2.5.5</span>
    <li><a href="#dom-credentialscontainer-preventsilentaccess">preventSilentAccess()</a><span>, in §2.3</span>
+   <li><a href="#abstract-opdef-prevent-silent-access">Prevent Silent Access</a><span>, in §2.5.5</span>
    <li><a href="#origin-prevent-silent-access-flag">prevent silent access flag</a><span>, in §2.1</span>
    <li>
     protocol
@@ -3508,7 +3560,7 @@ <h3 class="no-num no-ref heading settled" id="index-defined-here"><span class="c
    <li>
     [[Store]](credential, sameOriginWithAncestors)
     <ul>
-     <li><a href="#dom-credential-store-slot">method for Credential</a><span>, in §2.2.1</span>
+     <li><a href="#dom-credential-store-slot">method for Credential</a><span>, in §2.2.1.3</span>
      <li><a href="#dom-federatedcredential-store-slot">method for FederatedCredential</a><span>, in §4.2.3</span>
      <li><a href="#dom-passwordcredential-store-slot">method for PasswordCredential</a><span>, in §3.3.3</span>
     </ul>
@@ -3574,6 +3626,12 @@ <h3 class="no-num no-ref heading settled" id="index-defined-here"><span class="c
     Create a PasswordCredential from an HTMLFormElement </a>
    </ul>
   </aside>
+  <aside class="dfn-panel" data-for="term-for-sec-ordinary-object-internal-methods-and-internal-slots">
+   <a href="https://tc39.github.io/ecma262/#sec-ordinary-object-internal-methods-and-internal-slots">https://tc39.github.io/ecma262/#sec-ordinary-object-internal-methods-and-internal-slots</a><b>Referenced in:</b>
+   <ul>
+    <li><a href="#ref-for-sec-ordinary-object-internal-methods-and-internal-slots">2.2.1. Credential Internal Methods</a>
+   </ul>
+  </aside>
   <aside class="dfn-panel" data-for="term-for-response">
    <a href="https://fetch.spec.whatwg.org/#response">https://fetch.spec.whatwg.org/#response</a><b>Referenced in:</b>
    <ul>
@@ -3626,7 +3684,7 @@ <h3 class="no-num no-ref heading settled" id="index-defined-here"><span class="c
     <li><a href="#ref-for-htmlformelement①">3.1.3. Change Password</a>
     <li><a href="#ref-for-htmlformelement②">3.2. The PasswordCredential Interface</a> <a href="#ref-for-htmlformelement③">(2)</a> <a href="#ref-for-htmlformelement④">(3)</a> <a href="#ref-for-htmlformelement⑤">(4)</a>
     <li><a href="#ref-for-htmlformelement⑥">3.3.2. 
-    PasswordCredential's [[Create]](options, sameOriginWithAncestors) </a> <a href="#ref-for-htmlformelement⑦">(2)</a>
+    PasswordCredential's [[Create]](origin, options, sameOriginWithAncestors) </a> <a href="#ref-for-htmlformelement⑦">(2)</a>
     <li><a href="#ref-for-htmlformelement⑧">3.3.4. 
     Create a PasswordCredential from an HTMLFormElement </a>
    </ul>
@@ -3677,17 +3735,10 @@ <h3 class="no-num no-ref heading settled" id="index-defined-here"><span class="c
    <ul>
     <li><a href="#ref-for-current-settings-object">2.3. navigator.credentials</a>
     <li><a href="#ref-for-current-settings-object①">2.3.1. The CredentialRequestOptions Dictionary</a>
-    <li><a href="#ref-for-current-settings-object②">2.5.1. Request a Credential</a>
-    <li><a href="#ref-for-current-settings-object③">2.5.3. Store a Credential</a> <a href="#ref-for-current-settings-object④">(2)</a>
-    <li><a href="#ref-for-current-settings-object⑤">2.5.4. Create a Credential</a> <a href="#ref-for-current-settings-object⑥">(2)</a>
-    <li><a href="#ref-for-current-settings-object⑦">3.3.1. 
-    PasswordCredential's [[CollectFromCredentialStore]](options, sameOriginWithAncestors) </a>
-    <li><a href="#ref-for-current-settings-object⑧">3.3.5. 
-    Create a PasswordCredential from PasswordCredentialData </a>
-    <li><a href="#ref-for-current-settings-object⑨">4.2.1. 
-    FederatedCredential's [[CollectFromCredentialStore]](options, sameOriginWithAncestors) </a>
-    <li><a href="#ref-for-current-settings-object①⓪">4.2.4. 
-    Create a FederatedCredential from FederatedCredentialInit </a>
+    <li><a href="#ref-for-current-settings-object②">2.5.1. Request a Credential</a> <a href="#ref-for-current-settings-object③">(2)</a>
+    <li><a href="#ref-for-current-settings-object④">2.5.3. Store a Credential</a> <a href="#ref-for-current-settings-object⑤">(2)</a>
+    <li><a href="#ref-for-current-settings-object⑥">2.5.4. Create a Credential</a> <a href="#ref-for-current-settings-object⑦">(2)</a>
+    <li><a href="#ref-for-current-settings-object⑧">3.2. The PasswordCredential Interface</a>
    </ul>
   </aside>
   <aside class="dfn-panel" data-for="term-for-attr-fe-autocomplete-current-password">
@@ -3698,11 +3749,20 @@ <h3 class="no-num no-ref heading settled" id="index-defined-here"><span class="c
     Create a PasswordCredential from an HTMLFormElement </a>
    </ul>
   </aside>
+  <aside class="dfn-panel" data-for="term-for-dom-manipulation-task-source">
+   <a href="https://html.spec.whatwg.org/multipage/webappapis.html#dom-manipulation-task-source">https://html.spec.whatwg.org/multipage/webappapis.html#dom-manipulation-task-source</a><b>Referenced in:</b>
+   <ul>
+    <li><a href="#ref-for-dom-manipulation-task-source">2.5.4. Create a Credential</a>
+   </ul>
+  </aside>
   <aside class="dfn-panel" data-for="term-for-environment-settings-object">
    <a href="https://html.spec.whatwg.org/multipage/webappapis.html#environment-settings-object">https://html.spec.whatwg.org/multipage/webappapis.html#environment-settings-object</a><b>Referenced in:</b>
    <ul>
     <li><a href="#ref-for-environment-settings-object">2.1. Infrastructure</a>
-    <li><a href="#ref-for-environment-settings-object①">2.2.1. Credential Internal Methods</a> <a href="#ref-for-environment-settings-object②">(2)</a> <a href="#ref-for-environment-settings-object③">(3)</a> <a href="#ref-for-environment-settings-object④">(4)</a>
+    <li><a href="#ref-for-environment-settings-object①">2.2.1.1. [[CollectFromCredentialStore]] internal method</a>
+    <li><a href="#ref-for-environment-settings-object②">2.2.1.2. [[DiscoverFromExternalSource]] internal method</a>
+    <li><a href="#ref-for-environment-settings-object③">2.2.1.3. [[Store]] internal method</a>
+    <li><a href="#ref-for-environment-settings-object④">2.2.1.4. [[Create]] internal method</a>
     <li><a href="#ref-for-environment-settings-object⑤">2.5.5. Prevent Silent Access</a>
    </ul>
   </aside>
@@ -3723,16 +3783,21 @@ <h3 class="no-num no-ref heading settled" id="index-defined-here"><span class="c
   <aside class="dfn-panel" data-for="term-for-concept-settings-object-global">
    <a href="https://html.spec.whatwg.org/multipage/webappapis.html#concept-settings-object-global">https://html.spec.whatwg.org/multipage/webappapis.html#concept-settings-object-global</a><b>Referenced in:</b>
    <ul>
-    <li><a href="#ref-for-concept-settings-object-global">2.3.1. The CredentialRequestOptions Dictionary</a>
+    <li><a href="#ref-for-concept-settings-object-global">2.2.1.4. [[Create]] internal method</a>
+    <li><a href="#ref-for-concept-settings-object-global①">2.3.1. The CredentialRequestOptions Dictionary</a>
+    <li><a href="#ref-for-concept-settings-object-global②">2.5.4. Create a Credential</a>
    </ul>
   </aside>
   <aside class="dfn-panel" data-for="term-for-in-parallel">
    <a href="https://html.spec.whatwg.org/multipage/infrastructure.html#in-parallel">https://html.spec.whatwg.org/multipage/infrastructure.html#in-parallel</a><b>Referenced in:</b>
    <ul>
-    <li><a href="#ref-for-in-parallel">2.5.1. Request a Credential</a>
-    <li><a href="#ref-for-in-parallel①">2.5.3. Store a Credential</a>
-    <li><a href="#ref-for-in-parallel②">2.5.4. Create a Credential</a>
-    <li><a href="#ref-for-in-parallel③">2.5.5. Prevent Silent Access</a>
+    <li><a href="#ref-for-in-parallel">2.2.1.2. [[DiscoverFromExternalSource]] internal method</a>
+    <li><a href="#ref-for-in-parallel①">2.2.1.3. [[Store]] internal method</a>
+    <li><a href="#ref-for-in-parallel②">2.2.1.4. [[Create]] internal method</a>
+    <li><a href="#ref-for-in-parallel③">2.5.1. Request a Credential</a>
+    <li><a href="#ref-for-in-parallel④">2.5.3. Store a Credential</a>
+    <li><a href="#ref-for-in-parallel⑤">2.5.4. Create a Credential</a>
+    <li><a href="#ref-for-in-parallel⑥">2.5.5. Prevent Silent Access</a>
    </ul>
   </aside>
   <aside class="dfn-panel" data-for="term-for-attr-fe-name">
@@ -3761,16 +3826,15 @@ <h3 class="no-num no-ref heading settled" id="index-defined-here"><span class="c
    <a href="https://html.spec.whatwg.org/multipage/webappapis.html#concept-settings-object-origin">https://html.spec.whatwg.org/multipage/webappapis.html#concept-settings-object-origin</a><b>Referenced in:</b>
    <ul>
     <li><a href="#ref-for-concept-settings-object-origin">2.1. Infrastructure</a>
-    <li><a href="#ref-for-concept-settings-object-origin①">2.5.1. Request a Credential</a>
-    <li><a href="#ref-for-concept-settings-object-origin②">2.5.5. Prevent Silent Access</a>
-    <li><a href="#ref-for-concept-settings-object-origin③">3.3.1. 
-    PasswordCredential's [[CollectFromCredentialStore]](options, sameOriginWithAncestors) </a>
-    <li><a href="#ref-for-concept-settings-object-origin④">3.3.5. 
-    Create a PasswordCredential from PasswordCredentialData </a>
-    <li><a href="#ref-for-concept-settings-object-origin⑤">4.2.1. 
-    FederatedCredential's [[CollectFromCredentialStore]](options, sameOriginWithAncestors) </a>
-    <li><a href="#ref-for-concept-settings-object-origin⑥">4.2.4. 
-    Create a FederatedCredential from FederatedCredentialInit </a>
+    <li><a href="#ref-for-concept-settings-object-origin①">2.2.1.1. [[CollectFromCredentialStore]] internal method</a>
+    <li><a href="#ref-for-concept-settings-object-origin②">2.2.1.2. [[DiscoverFromExternalSource]] internal method</a>
+    <li><a href="#ref-for-concept-settings-object-origin③">2.2.1.4. [[Create]] internal method</a>
+    <li><a href="#ref-for-concept-settings-object-origin④">2.5.1. Request a Credential</a>
+    <li><a href="#ref-for-concept-settings-object-origin⑤">2.5.2. Collect Credentials from the credential store</a>
+    <li><a href="#ref-for-concept-settings-object-origin⑥">2.5.4. Create a Credential</a>
+    <li><a href="#ref-for-concept-settings-object-origin⑦">2.5.5. Prevent Silent Access</a>
+    <li><a href="#ref-for-concept-settings-object-origin⑧">3.2. The PasswordCredential Interface</a>
+    <li><a href="#ref-for-concept-settings-object-origin⑨">7.2. Extension Points</a>
    </ul>
   </aside>
   <aside class="dfn-panel" data-for="term-for-parent-browsing-context">
@@ -3786,6 +3850,12 @@ <h3 class="no-num no-ref heading settled" id="index-defined-here"><span class="c
     Create a PasswordCredential from an HTMLFormElement </a>
    </ul>
   </aside>
+  <aside class="dfn-panel" data-for="term-for-queue-a-task">
+   <a href="https://html.spec.whatwg.org/multipage/webappapis.html#queue-a-task">https://html.spec.whatwg.org/multipage/webappapis.html#queue-a-task</a><b>Referenced in:</b>
+   <ul>
+    <li><a href="#ref-for-queue-a-task">2.5.4. Create a Credential</a>
+   </ul>
+  </aside>
   <aside class="dfn-panel" data-for="term-for-concept-relevant-realm">
    <a href="https://html.spec.whatwg.org/multipage/webappapis.html#concept-relevant-realm">https://html.spec.whatwg.org/multipage/webappapis.html#concept-relevant-realm</a><b>Referenced in:</b>
    <ul>
@@ -3809,11 +3879,11 @@ <h3 class="no-num no-ref heading settled" id="index-defined-here"><span class="c
    <ul>
     <li><a href="#ref-for-same-origin">2.1. Infrastructure</a>
     <li><a href="#ref-for-same-origin①">3.3.1. 
-    PasswordCredential's [[CollectFromCredentialStore]](options, sameOriginWithAncestors) </a>
+    PasswordCredential's [[CollectFromCredentialStore]](origin, options, sameOriginWithAncestors) </a>
     <li><a href="#ref-for-same-origin②">3.3.3. 
     PasswordCredential's [[Store]](credential, sameOriginWithAncestors) </a>
     <li><a href="#ref-for-same-origin③">4.2.1. 
-    FederatedCredential's [[CollectFromCredentialStore]](options, sameOriginWithAncestors) </a>
+    FederatedCredential's [[CollectFromCredentialStore]](origin, options, sameOriginWithAncestors) </a>
     <li><a href="#ref-for-same-origin④">4.2.3. 
     FederatedCredential's [[Store]](credential, sameOriginWithAncestors) </a>
    </ul>
@@ -3832,6 +3902,12 @@ <h3 class="no-num no-ref heading settled" id="index-defined-here"><span class="c
     Create a PasswordCredential from an HTMLFormElement </a>
    </ul>
   </aside>
+  <aside class="dfn-panel" data-for="term-for-concept-task">
+   <a href="https://html.spec.whatwg.org/multipage/webappapis.html#concept-task">https://html.spec.whatwg.org/multipage/webappapis.html#concept-task</a><b>Referenced in:</b>
+   <ul>
+    <li><a href="#ref-for-concept-task">2.2.1.4. [[Create]] internal method</a>
+   </ul>
+  </aside>
   <aside class="dfn-panel" data-for="term-for-top-level-browsing-context">
    <a href="https://html.spec.whatwg.org/multipage/browsers.html#top-level-browsing-context">https://html.spec.whatwg.org/multipage/browsers.html#top-level-browsing-context</a><b>Referenced in:</b>
    <ul>
@@ -3866,7 +3942,7 @@ <h3 class="no-num no-ref heading settled" id="index-defined-here"><span class="c
    <ul>
     <li><a href="#ref-for-list-contain">2.3.1. The CredentialRequestOptions Dictionary</a>
     <li><a href="#ref-for-list-contain①">4.2.1. 
-    FederatedCredential's [[CollectFromCredentialStore]](options, sameOriginWithAncestors) </a> <a href="#ref-for-list-contain②">(2)</a>
+    FederatedCredential's [[CollectFromCredentialStore]](origin, options, sameOriginWithAncestors) </a> <a href="#ref-for-list-contain②">(2)</a>
    </ul>
   </aside>
   <aside class="dfn-panel" data-for="term-for-iteration-continue">
@@ -3880,13 +3956,19 @@ <h3 class="no-num no-ref heading settled" id="index-defined-here"><span class="c
    <ul>
     <li><a href="#ref-for-map-exists">2.3.1. The CredentialRequestOptions Dictionary</a>
     <li><a href="#ref-for-map-exists①">3.3.1. 
-    PasswordCredential's [[CollectFromCredentialStore]](options, sameOriginWithAncestors) </a>
+    PasswordCredential's [[CollectFromCredentialStore]](origin, options, sameOriginWithAncestors) </a>
     <li><a href="#ref-for-map-exists②">3.3.2. 
-    PasswordCredential's [[Create]](options, sameOriginWithAncestors) </a>
+    PasswordCredential's [[Create]](origin, options, sameOriginWithAncestors) </a>
     <li><a href="#ref-for-map-exists③">4.2.1. 
-    FederatedCredential's [[CollectFromCredentialStore]](options, sameOriginWithAncestors) </a> <a href="#ref-for-map-exists④">(2)</a> <a href="#ref-for-map-exists⑤">(3)</a>
+    FederatedCredential's [[CollectFromCredentialStore]](origin, options, sameOriginWithAncestors) </a> <a href="#ref-for-map-exists④">(2)</a> <a href="#ref-for-map-exists⑤">(3)</a>
     <li><a href="#ref-for-map-exists⑥">4.2.2. 
-    FederatedCredential's [[Create]](options, sameOriginWithAncestors) </a>
+    FederatedCredential's [[Create]](origin, options, sameOriginWithAncestors) </a>
+   </ul>
+  </aside>
+  <aside class="dfn-panel" data-for="term-for-ordered-set">
+   <a href="https://infra.spec.whatwg.org/#ordered-set">https://infra.spec.whatwg.org/#ordered-set</a><b>Referenced in:</b>
+   <ul>
+    <li><a href="#ref-for-ordered-set">2.5.4. Create a Credential</a>
    </ul>
   </aside>
   <aside class="dfn-panel" data-for="term-for-list-size">
@@ -3919,6 +4001,12 @@ <h3 class="no-num no-ref heading settled" id="index-defined-here"><span class="c
     <li><a href="#ref-for-a-promise-rejected-with①">2.5.4. Create a Credential</a> <a href="#ref-for-a-promise-rejected-with②">(2)</a>
    </ul>
   </aside>
+  <aside class="dfn-panel" data-for="term-for-promise-calling">
+   <a href="https://www.w3.org/2001/tag/doc/promises-guide/#promise-calling">https://www.w3.org/2001/tag/doc/promises-guide/#promise-calling</a><b>Referenced in:</b>
+   <ul>
+    <li><a href="#ref-for-promise-calling">2.5.4. Create a Credential</a>
+   </ul>
+  </aside>
   <aside class="dfn-panel" data-for="term-for-reject-promise">
    <a href="https://www.w3.org/2001/tag/doc/promises-guide/#reject-promise">https://www.w3.org/2001/tag/doc/promises-guide/#reject-promise</a><b>Referenced in:</b>
    <ul>
@@ -3932,8 +4020,8 @@ <h3 class="no-num no-ref heading settled" id="index-defined-here"><span class="c
    <ul>
     <li><a href="#ref-for-resolve-promise">2.5.1. Request a Credential</a> <a href="#ref-for-resolve-promise①">(2)</a>
     <li><a href="#ref-for-resolve-promise②">2.5.3. Store a Credential</a>
-    <li><a href="#ref-for-resolve-promise③">2.5.4. Create a Credential</a>
-    <li><a href="#ref-for-resolve-promise④">2.5.5. Prevent Silent Access</a>
+    <li><a href="#ref-for-resolve-promise③">2.5.4. Create a Credential</a> <a href="#ref-for-resolve-promise④">(2)</a>
+    <li><a href="#ref-for-resolve-promise⑤">2.5.5. Prevent Silent Access</a>
    </ul>
   </aside>
   <aside class="dfn-panel" data-for="term-for-">
@@ -3952,18 +4040,24 @@ <h3 class="no-num no-ref heading settled" id="index-defined-here"><span class="c
     <li><a href="#ref-for-secure-contexts④">6.3. Insecure Sites</a> <a href="#ref-for-secure-contexts⑤">(2)</a>
    </ul>
   </aside>
-  <aside class="dfn-panel" data-for="term-for-urlsearchparams">
-   <a href="https://url.spec.whatwg.org/#urlsearchparams">https://url.spec.whatwg.org/#urlsearchparams</a><b>Referenced in:</b>
-   <ul>
-    <li><a href="#ref-for-urlsearchparams">3.2. The PasswordCredential Interface</a>
-   </ul>
-  </aside>
   <aside class="dfn-panel" data-for="term-for-publickeycredential">
    <a href="https://w3c.github.io/webauthn/#publickeycredential">https://w3c.github.io/webauthn/#publickeycredential</a><b>Referenced in:</b>
    <ul>
     <li><a href="#ref-for-publickeycredential">7.2. Extension Points</a>
    </ul>
   </aside>
+  <aside class="dfn-panel" data-for="term-for-dom-publickeycredential-create-slot">
+   <a href="https://w3c.github.io/webauthn/#dom-publickeycredential-create-slot">https://w3c.github.io/webauthn/#dom-publickeycredential-create-slot</a><b>Referenced in:</b>
+   <ul>
+    <li><a href="#ref-for-dom-publickeycredential-create-slot">7.2. Extension Points</a>
+   </ul>
+  </aside>
+  <aside class="dfn-panel" data-for="term-for-dom-publickeycredential-discoverfromexternalsource-slot">
+   <a href="https://w3c.github.io/webauthn/#dom-publickeycredential-discoverfromexternalsource-slot">https://w3c.github.io/webauthn/#dom-publickeycredential-discoverfromexternalsource-slot</a><b>Referenced in:</b>
+   <ul>
+    <li><a href="#ref-for-dom-publickeycredential-discoverfromexternalsource-slot">7.2. Extension Points</a>
+   </ul>
+  </aside>
   <aside class="dfn-panel" data-for="term-for-aborterror">
    <a href="https://heycam.github.io/webidl/#aborterror">https://heycam.github.io/webidl/#aborterror</a><b>Referenced in:</b>
    <ul>
@@ -3981,11 +4075,11 @@ <h3 class="no-num no-ref heading settled" id="index-defined-here"><span class="c
     <li><a href="#ref-for-idl-DOMException②">2.5.1. Request a Credential</a>
     <li><a href="#ref-for-idl-DOMException③">2.5.4. Create a Credential</a>
     <li><a href="#ref-for-idl-DOMException④">3.3.1. 
-    PasswordCredential's [[CollectFromCredentialStore]](options, sameOriginWithAncestors) </a>
+    PasswordCredential's [[CollectFromCredentialStore]](origin, options, sameOriginWithAncestors) </a>
     <li><a href="#ref-for-idl-DOMException⑤">3.3.3. 
     PasswordCredential's [[Store]](credential, sameOriginWithAncestors) </a>
     <li><a href="#ref-for-idl-DOMException⑥">4.2.1. 
-    FederatedCredential's [[CollectFromCredentialStore]](options, sameOriginWithAncestors) </a>
+    FederatedCredential's [[CollectFromCredentialStore]](origin, options, sameOriginWithAncestors) </a>
     <li><a href="#ref-for-idl-DOMException⑦">4.2.3. 
     FederatedCredential's [[Store]](credential, sameOriginWithAncestors) </a>
    </ul>
@@ -4010,11 +4104,11 @@ <h3 class="no-num no-ref heading settled" id="index-defined-here"><span class="c
    <a href="https://heycam.github.io/webidl/#notallowederror">https://heycam.github.io/webidl/#notallowederror</a><b>Referenced in:</b>
    <ul>
     <li><a href="#ref-for-notallowederror">3.3.1. 
-    PasswordCredential's [[CollectFromCredentialStore]](options, sameOriginWithAncestors) </a>
+    PasswordCredential's [[CollectFromCredentialStore]](origin, options, sameOriginWithAncestors) </a>
     <li><a href="#ref-for-notallowederror①">3.3.3. 
     PasswordCredential's [[Store]](credential, sameOriginWithAncestors) </a>
     <li><a href="#ref-for-notallowederror②">4.2.1. 
-    FederatedCredential's [[CollectFromCredentialStore]](options, sameOriginWithAncestors) </a>
+    FederatedCredential's [[CollectFromCredentialStore]](origin, options, sameOriginWithAncestors) </a>
     <li><a href="#ref-for-notallowederror③">4.2.3. 
     FederatedCredential's [[Store]](credential, sameOriginWithAncestors) </a>
    </ul>
@@ -4047,9 +4141,10 @@ <h3 class="no-num no-ref heading settled" id="index-defined-here"><span class="c
   <aside class="dfn-panel" data-for="term-for-exceptiondef-typeerror">
    <a href="https://heycam.github.io/webidl/#exceptiondef-typeerror">https://heycam.github.io/webidl/#exceptiondef-typeerror</a><b>Referenced in:</b>
    <ul>
-    <li><a href="#ref-for-exceptiondef-typeerror">2.2.1. Credential Internal Methods</a> <a href="#ref-for-exceptiondef-typeerror①">(2)</a>
+    <li><a href="#ref-for-exceptiondef-typeerror">2.2.1.2. [[DiscoverFromExternalSource]] internal method</a>
+    <li><a href="#ref-for-exceptiondef-typeerror①">2.2.1.4. [[Create]] internal method</a>
     <li><a href="#ref-for-exceptiondef-typeerror②">3.3.2. 
-    PasswordCredential's [[Create]](options, sameOriginWithAncestors) </a> <a href="#ref-for-exceptiondef-typeerror③">(2)</a>
+    PasswordCredential's [[Create]](origin, options, sameOriginWithAncestors) </a> <a href="#ref-for-exceptiondef-typeerror③">(2)</a>
     <li><a href="#ref-for-exceptiondef-typeerror④">3.3.5. 
     Create a PasswordCredential from PasswordCredentialData </a>
     <li><a href="#ref-for-exceptiondef-typeerror⑤">4.2.4. 
@@ -4062,8 +4157,8 @@ <h3 class="no-num no-ref heading settled" id="index-defined-here"><span class="c
     <li><a href="#ref-for-idl-USVString">2.2. The Credential Interface</a> <a href="#ref-for-idl-USVString①">(2)</a>
     <li><a href="#ref-for-idl-USVString②">2.2.2. CredentialUserData Mixin</a> <a href="#ref-for-idl-USVString③">(2)</a> <a href="#ref-for-idl-USVString④">(3)</a> <a href="#ref-for-idl-USVString⑤">(4)</a>
     <li><a href="#ref-for-idl-USVString⑥">2.3. navigator.credentials</a>
-    <li><a href="#ref-for-idl-USVString⑦">3.2. The PasswordCredential Interface</a> <a href="#ref-for-idl-USVString⑧">(2)</a> <a href="#ref-for-idl-USVString⑨">(3)</a> <a href="#ref-for-idl-USVString①⓪">(4)</a> <a href="#ref-for-idl-USVString①①">(5)</a>
-    <li><a href="#ref-for-idl-USVString①②">4.1. The FederatedCredential Interface</a> <a href="#ref-for-idl-USVString①③">(2)</a> <a href="#ref-for-idl-USVString①④">(3)</a> <a href="#ref-for-idl-USVString①⑤">(4)</a> <a href="#ref-for-idl-USVString①⑥">(5)</a> <a href="#ref-for-idl-USVString①⑦">(6)</a>
+    <li><a href="#ref-for-idl-USVString⑦">3.2. The PasswordCredential Interface</a> <a href="#ref-for-idl-USVString⑧">(2)</a> <a href="#ref-for-idl-USVString⑨">(3)</a> <a href="#ref-for-idl-USVString①⓪">(4)</a> <a href="#ref-for-idl-USVString①①">(5)</a> <a href="#ref-for-idl-USVString①②">(6)</a>
+    <li><a href="#ref-for-idl-USVString①③">4.1. The FederatedCredential Interface</a> <a href="#ref-for-idl-USVString①④">(2)</a> <a href="#ref-for-idl-USVString①⑤">(3)</a> <a href="#ref-for-idl-USVString①⑥">(4)</a> <a href="#ref-for-idl-USVString①⑦">(5)</a> <a href="#ref-for-idl-USVString①⑧">(6)</a> <a href="#ref-for-idl-USVString①⑨">(7)</a>
    </ul>
   </aside>
   <aside class="dfn-panel" data-for="term-for-idl-boolean">
@@ -4081,14 +4176,14 @@ <h3 class="no-num no-ref heading settled" id="index-defined-here"><span class="c
     <li><a href="#ref-for-dfn-exception③">2.5.4. Create a Credential</a>
     <li><a href="#ref-for-dfn-exception④">3.2. The PasswordCredential Interface</a> <a href="#ref-for-dfn-exception⑤">(2)</a>
     <li><a href="#ref-for-dfn-exception⑥">3.3.2. 
-    PasswordCredential's [[Create]](options, sameOriginWithAncestors) </a> <a href="#ref-for-dfn-exception⑦">(2)</a>
+    PasswordCredential's [[Create]](origin, options, sameOriginWithAncestors) </a> <a href="#ref-for-dfn-exception⑦">(2)</a>
     <li><a href="#ref-for-dfn-exception⑧">3.3.4. 
     Create a PasswordCredential from an HTMLFormElement </a>
     <li><a href="#ref-for-dfn-exception⑨">3.3.5. 
     Create a PasswordCredential from PasswordCredentialData </a>
     <li><a href="#ref-for-dfn-exception①⓪">4.1. The FederatedCredential Interface</a>
     <li><a href="#ref-for-dfn-exception①①">4.2.2. 
-    FederatedCredential's [[Create]](options, sameOriginWithAncestors) </a>
+    FederatedCredential's [[Create]](origin, options, sameOriginWithAncestors) </a>
     <li><a href="#ref-for-dfn-exception①②">4.2.4. 
     Create a FederatedCredential from FederatedCredentialInit </a>
    </ul>
@@ -4097,7 +4192,7 @@ <h3 class="no-num no-ref heading settled" id="index-defined-here"><span class="c
    <a href="https://heycam.github.io/webidl/#dfn-inherit">https://heycam.github.io/webidl/#dfn-inherit</a><b>Referenced in:</b>
    <ul>
     <li><a href="#ref-for-dfn-inherit">2. Core API</a>
-    <li><a href="#ref-for-dfn-inherit①">2.2.1. Credential Internal Methods</a> <a href="#ref-for-dfn-inherit②">(2)</a>
+    <li><a href="#ref-for-dfn-inherit①">2.2.1. Credential Internal Methods</a>
    </ul>
   </aside>
   <aside class="dfn-panel" data-for="term-for-dfn-inherited-interfaces">
@@ -4106,25 +4201,20 @@ <h3 class="no-num no-ref heading settled" id="index-defined-here"><span class="c
     <li><a href="#ref-for-dfn-inherited-interfaces">2.3.1. The CredentialRequestOptions Dictionary</a>
    </ul>
   </aside>
-  <aside class="dfn-panel" data-for="term-for-dfn-interface">
-   <a href="https://heycam.github.io/webidl/#dfn-interface">https://heycam.github.io/webidl/#dfn-interface</a><b>Referenced in:</b>
-   <ul>
-    <li><a href="#ref-for-dfn-interface">2.2.1. Credential Internal Methods</a>
-   </ul>
-  </aside>
   <aside class="dfn-panel" data-for="term-for-dfn-interface-object">
    <a href="https://heycam.github.io/webidl/#dfn-interface-object">https://heycam.github.io/webidl/#dfn-interface-object</a><b>Referenced in:</b>
    <ul>
     <li><a href="#ref-for-dfn-interface-object">2.2. The Credential Interface</a> <a href="#ref-for-dfn-interface-object①">(2)</a> <a href="#ref-for-dfn-interface-object②">(3)</a> <a href="#ref-for-dfn-interface-object③">(4)</a>
     <li><a href="#ref-for-dfn-interface-object④">2.2.1. Credential Internal Methods</a> <a href="#ref-for-dfn-interface-object⑤">(2)</a>
-    <li><a href="#ref-for-dfn-interface-object⑥">2.3.1. The CredentialRequestOptions Dictionary</a> <a href="#ref-for-dfn-interface-object⑦">(2)</a>
-    <li><a href="#ref-for-dfn-interface-object⑧">2.5.1. Request a Credential</a>
-    <li><a href="#ref-for-dfn-interface-object⑨">2.5.2. Collect Credentials from the credential store</a>
-    <li><a href="#ref-for-dfn-interface-object①⓪">2.5.3. Store a Credential</a>
-    <li><a href="#ref-for-dfn-interface-object①①">3.2. The PasswordCredential Interface</a> <a href="#ref-for-dfn-interface-object①②">(2)</a> <a href="#ref-for-dfn-interface-object①③">(3)</a>
-    <li><a href="#ref-for-dfn-interface-object①④">4.1. The FederatedCredential Interface</a> <a href="#ref-for-dfn-interface-object①⑤">(2)</a> <a href="#ref-for-dfn-interface-object①⑥">(3)</a>
-    <li><a href="#ref-for-dfn-interface-object①⑦">5.3. Credential Selection</a>
-    <li><a href="#ref-for-dfn-interface-object①⑧">7.2. Extension Points</a> <a href="#ref-for-dfn-interface-object①⑨">(2)</a> <a href="#ref-for-dfn-interface-object②⓪">(3)</a> <a href="#ref-for-dfn-interface-object②①">(4)</a> <a href="#ref-for-dfn-interface-object②②">(5)</a>
+    <li><a href="#ref-for-dfn-interface-object⑥">2.2.1.4. [[Create]] internal method</a>
+    <li><a href="#ref-for-dfn-interface-object⑦">2.3.1. The CredentialRequestOptions Dictionary</a> <a href="#ref-for-dfn-interface-object⑧">(2)</a>
+    <li><a href="#ref-for-dfn-interface-object⑨">2.5.1. Request a Credential</a>
+    <li><a href="#ref-for-dfn-interface-object①⓪">2.5.2. Collect Credentials from the credential store</a>
+    <li><a href="#ref-for-dfn-interface-object①①">2.5.3. Store a Credential</a>
+    <li><a href="#ref-for-dfn-interface-object①②">3.2. The PasswordCredential Interface</a> <a href="#ref-for-dfn-interface-object①③">(2)</a> <a href="#ref-for-dfn-interface-object①④">(3)</a>
+    <li><a href="#ref-for-dfn-interface-object①⑤">4.1. The FederatedCredential Interface</a> <a href="#ref-for-dfn-interface-object①⑥">(2)</a> <a href="#ref-for-dfn-interface-object①⑦">(3)</a>
+    <li><a href="#ref-for-dfn-interface-object①⑧">5.3. Credential Selection</a>
+    <li><a href="#ref-for-dfn-interface-object①⑨">7.2. Extension Points</a> <a href="#ref-for-dfn-interface-object②⓪">(2)</a> <a href="#ref-for-dfn-interface-object②①">(3)</a> <a href="#ref-for-dfn-interface-object②②">(4)</a> <a href="#ref-for-dfn-interface-object②③">(5)</a>
    </ul>
   </aside>
   <aside class="dfn-panel" data-for="term-for-dfn-interface-prototype-object">
@@ -4143,10 +4233,9 @@ <h3 class="no-num no-ref heading settled" id="index-defined-here"><span class="c
   <aside class="dfn-panel" data-for="term-for-interface-formdata">
    <a href="https://xhr.spec.whatwg.org/#interface-formdata">https://xhr.spec.whatwg.org/#interface-formdata</a><b>Referenced in:</b>
    <ul>
-    <li><a href="#ref-for-interface-formdata">3.2. The PasswordCredential Interface</a>
-    <li><a href="#ref-for-interface-formdata①">3.3.4. 
+    <li><a href="#ref-for-interface-formdata">3.3.4. 
     Create a PasswordCredential from an HTMLFormElement </a>
-    <li><a href="#ref-for-interface-formdata②">7.1. Website Authors</a>
+    <li><a href="#ref-for-interface-formdata①">7.1. Website Authors</a>
    </ul>
   </aside>
   <aside class="dfn-panel" data-for="term-for-xmlhttprequest">
@@ -4189,6 +4278,11 @@ <h3 class="no-num no-ref heading settled" id="index-defined-elsewhere"><span cla
      <li><span class="dfn-paneled" id="term-for-context-object" style="color:initial">context object</span>
      <li><span class="dfn-paneled" id="term-for-concept-tree-order" style="color:initial">tree order</span>
     </ul>
+   <li>
+    <a data-link-type="biblio">[ecma262]</a> defines the following terms:
+    <ul>
+     <li><span class="dfn-paneled" id="term-for-sec-ordinary-object-internal-methods-and-internal-slots" style="color:initial">internal method</span>
+    </ul>
    <li>
     <a data-link-type="biblio">[FETCH]</a> defines the following terms:
     <ul>
@@ -4212,6 +4306,7 @@ <h3 class="no-num no-ref heading settled" id="index-defined-elsewhere"><span cla
      <li><span class="dfn-paneled" id="term-for-autofill-detail-tokens" style="color:initial">autofill detail tokens</span>
      <li><span class="dfn-paneled" id="term-for-current-settings-object" style="color:initial">current settings object</span>
      <li><span class="dfn-paneled" id="term-for-attr-fe-autocomplete-current-password" style="color:initial">current-password</span>
+     <li><span class="dfn-paneled" id="term-for-dom-manipulation-task-source" style="color:initial">dom manipulation task source</span>
      <li><span class="dfn-paneled" id="term-for-environment-settings-object" style="color:initial">environment settings object</span>
      <li><span class="dfn-paneled" id="term-for-the-form-element" style="color:initial">form</span>
      <li><span class="dfn-paneled" id="term-for-form-owner" style="color:initial">form owner</span>
@@ -4223,12 +4318,14 @@ <h3 class="no-num no-ref heading settled" id="index-defined-elsewhere"><span cla
      <li><span class="dfn-paneled" id="term-for-concept-settings-object-origin" style="color:initial">origin <small>(for environment settings object)</small></span>
      <li><span class="dfn-paneled" id="term-for-parent-browsing-context" style="color:initial">parent browsing context</span>
      <li><span class="dfn-paneled" id="term-for-attr-fe-autocomplete-photo" style="color:initial">photo</span>
+     <li><span class="dfn-paneled" id="term-for-queue-a-task" style="color:initial">queue a task</span>
      <li><span class="dfn-paneled" id="term-for-concept-relevant-realm" style="color:initial">relevant realm</span>
      <li><span class="dfn-paneled" id="term-for-responsible-browsing-context" style="color:initial">responsible browsing context</span>
      <li><span class="dfn-paneled" id="term-for-responsible-document" style="color:initial">responsible document</span>
      <li><span class="dfn-paneled" id="term-for-same-origin" style="color:initial">same origin</span>
      <li><span class="dfn-paneled" id="term-for-dom-form-submit" style="color:initial">submit()</span>
      <li><span class="dfn-paneled" id="term-for-category-submit" style="color:initial">submittable elements</span>
+     <li><span class="dfn-paneled" id="term-for-concept-task" style="color:initial">task</span>
      <li><span class="dfn-paneled" id="term-for-top-level-browsing-context" style="color:initial">top-level browsing context</span>
      <li><span class="dfn-paneled" id="term-for-attr-fe-autocomplete-username" style="color:initial">username</span>
     </ul>
@@ -4240,6 +4337,7 @@ <h3 class="no-num no-ref heading settled" id="index-defined-elsewhere"><span cla
      <li><span class="dfn-paneled" id="term-for-list-contain" style="color:initial">contain</span>
      <li><span class="dfn-paneled" id="term-for-iteration-continue" style="color:initial">continue</span>
      <li><span class="dfn-paneled" id="term-for-map-exists" style="color:initial">exist</span>
+     <li><span class="dfn-paneled" id="term-for-ordered-set" style="color:initial">set</span>
      <li><span class="dfn-paneled" id="term-for-list-size" style="color:initial">size</span>
     </ul>
    <li>
@@ -4252,6 +4350,7 @@ <h3 class="no-num no-ref heading settled" id="index-defined-elsewhere"><span cla
     <ul>
      <li><span class="dfn-paneled" id="term-for-a-new-promise" style="color:initial">a new promise</span>
      <li><span class="dfn-paneled" id="term-for-a-promise-rejected-with" style="color:initial">a promise rejected with</span>
+     <li><span class="dfn-paneled" id="term-for-promise-calling" style="color:initial">promise-calling</span>
      <li><span class="dfn-paneled" id="term-for-reject-promise" style="color:initial">reject</span>
      <li><span class="dfn-paneled" id="term-for-resolve-promise" style="color:initial">resolve</span>
     </ul>
@@ -4265,15 +4364,12 @@ <h3 class="no-num no-ref heading settled" id="index-defined-elsewhere"><span cla
     <ul>
      <li><span class="dfn-paneled" id="term-for-secure-contexts" style="color:initial">secure contexts</span>
     </ul>
-   <li>
-    <a data-link-type="biblio">[URL]</a> defines the following terms:
-    <ul>
-     <li><span class="dfn-paneled" id="term-for-urlsearchparams" style="color:initial">URLSearchParams</span>
-    </ul>
    <li>
     <a data-link-type="biblio">[WEBAUTHN]</a> defines the following terms:
     <ul>
      <li><span class="dfn-paneled" id="term-for-publickeycredential" style="color:initial">PublicKeyCredential</span>
+     <li><span class="dfn-paneled" id="term-for-dom-publickeycredential-create-slot" style="color:initial">[[Create]](origin, options, sameOriginWithAncestors)</span>
+     <li><span class="dfn-paneled" id="term-for-dom-publickeycredential-discoverfromexternalsource-slot" style="color:initial">[[DiscoverFromExternalSource]](origin, options, sameOriginWithAncestors)</span>
     </ul>
    <li>
     <a data-link-type="biblio">[WebIDL]</a> defines the following terms:
@@ -4292,7 +4388,6 @@ <h3 class="no-num no-ref heading settled" id="index-defined-elsewhere"><span cla
      <li><span class="dfn-paneled" id="term-for-dfn-exception" style="color:initial">exception</span>
      <li><span class="dfn-paneled" id="term-for-dfn-inherit" style="color:initial">inherit</span>
      <li><span class="dfn-paneled" id="term-for-dfn-inherited-interfaces" style="color:initial">inherited interfaces</span>
-     <li><span class="dfn-paneled" id="term-for-dfn-interface" style="color:initial">interface</span>
      <li><span class="dfn-paneled" id="term-for-dfn-interface-object" style="color:initial">interface object</span>
      <li><span class="dfn-paneled" id="term-for-dfn-interface-prototype-object" style="color:initial">interface prototype object</span>
      <li><span class="dfn-paneled" id="term-for-dfn-throw" style="color:initial">throw</span>
@@ -4329,8 +4424,6 @@ <h3 class="no-num no-ref heading settled" id="normative"><span class="content">N
    <dd>S. Bradner. <a href="https://tools.ietf.org/html/rfc2119">Key words for use in RFCs to Indicate Requirement Levels</a>. March 1997. Best Current Practice. URL: <a href="https://tools.ietf.org/html/rfc2119">https://tools.ietf.org/html/rfc2119</a>
    <dt id="biblio-secure-contexts">[SECURE-CONTEXTS]
    <dd>Mike West. <a href="https://www.w3.org/TR/secure-contexts/">Secure Contexts</a>. 15 September 2016. CR. URL: <a href="https://www.w3.org/TR/secure-contexts/">https://www.w3.org/TR/secure-contexts/</a>
-   <dt id="biblio-url">[URL]
-   <dd>Anne van Kesteren. <a href="https://url.spec.whatwg.org/">URL Standard</a>. Living Standard. URL: <a href="https://url.spec.whatwg.org/">https://url.spec.whatwg.org/</a>
    <dt id="biblio-webidl">[WebIDL]
    <dd>Cameron McCormack; Boris Zbarsky; Tobie Langel. <a href="https://heycam.github.io/webidl/">Web IDL</a>. 15 December 2016. ED. URL: <a href="https://heycam.github.io/webidl/">https://heycam.github.io/webidl/</a>
    <dt id="biblio-xhr">[XHR]
@@ -4345,110 +4438,110 @@ <h3 class="no-num no-ref heading settled" id="informative"><span class="content"
    <dt id="biblio-web-login">[WEB-LOGIN]
    <dd>Jason Denizac; Robin Berjon; Anne van Kesteren. <a href="https://github.com/jden/web-login">web-login</a>. URL: <a href="https://github.com/jden/web-login">https://github.com/jden/web-login</a>
    <dt id="biblio-webauthn">[WEBAUTHN]
-   <dd>Dirk Balfanz; et al. <a href="https://www.w3.org/TR/webauthn/">Web Authentication: An API for accessing Public Key Credentials Level 1</a>. 20 March 2018. CR. URL: <a href="https://www.w3.org/TR/webauthn/">https://www.w3.org/TR/webauthn/</a>
+   <dd>Dirk Balfanz; et al. <a href="https://www.w3.org/TR/webauthn/">Web Authentication: An API for accessing Public Key Credentials Level 1</a>. 7 August 2018. CR. URL: <a href="https://www.w3.org/TR/webauthn/">https://www.w3.org/TR/webauthn/</a>
    <dt id="biblio-webmessaging">[WEBMESSAGING]
    <dd>Ian Hickson. <a href="https://www.w3.org/TR/webmessaging/">HTML5 Web Messaging</a>. 19 May 2015. REC. URL: <a href="https://www.w3.org/TR/webmessaging/">https://www.w3.org/TR/webmessaging/</a>
    <dt id="biblio-xmlhttprequest">[XMLHTTPREQUEST]
    <dd>Anne van Kesteren; et al. <a href="https://www.w3.org/TR/XMLHttpRequest/">XMLHttpRequest Level 1</a>. 6 October 2016. NOTE. URL: <a href="https://www.w3.org/TR/XMLHttpRequest/">https://www.w3.org/TR/XMLHttpRequest/</a>
   </dl>
   <h2 class="no-num no-ref heading settled" id="idl-index"><span class="content">IDL Index</span><a class="self-link" href="#idl-index"></a></h2>
-<pre class="idl highlight def">[<a class="nv idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#Exposed" id="ref-for-Exposed④">Exposed</a>=<span class="n">Window</span>, <a class="nv idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#SecureContext" id="ref-for-SecureContext⑥">SecureContext</a>]
-<span class="kt">interface</span> <a class="nv" href="#credential"><code>Credential</code></a> {
-  <span class="kt">readonly</span> <span class="kt">attribute</span> <a class="n idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-USVString" id="ref-for-idl-USVString①⑧"><span class="kt">USVString</span></a> <a class="nv idl-code" data-link-type="attribute" data-readonly="" data-type="USVString" href="#dom-credential-id" id="ref-for-dom-credential-id①①">id</a>;
-  <span class="kt">readonly</span> <span class="kt">attribute</span> <a class="n idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-DOMString" id="ref-for-idl-DOMString⑥"><span class="kt">DOMString</span></a> <a class="nv idl-code" data-link-type="attribute" data-readonly="" data-type="DOMString" href="#dom-credential-type" id="ref-for-dom-credential-type③">type</a>;
+<pre class="idl highlight def">[<a class="idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#Exposed" id="ref-for-Exposed④"><c- g>Exposed</c-></a>=<c- n>Window</c->, <a class="idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#SecureContext" id="ref-for-SecureContext⑥"><c- g>SecureContext</c-></a>]
+<c- b>interface</c-> <a href="#credential"><code><c- g>Credential</c-></code></a> {
+  <c- b>readonly</c-> <c- b>attribute</c-> <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-USVString" id="ref-for-idl-USVString②⓪"><c- b>USVString</c-></a> <a class="idl-code" data-link-type="attribute" data-readonly data-type="USVString" href="#dom-credential-id" id="ref-for-dom-credential-id①①"><c- g>id</c-></a>;
+  <c- b>readonly</c-> <c- b>attribute</c-> <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-DOMString" id="ref-for-idl-DOMString⑥"><c- b>DOMString</c-></a> <a class="idl-code" data-link-type="attribute" data-readonly data-type="DOMString" href="#dom-credential-type" id="ref-for-dom-credential-type③"><c- g>type</c-></a>;
 };
 
-[<a class="nv idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#SecureContext" id="ref-for-SecureContext①①">SecureContext</a>]
-<span class="kt">interface</span> <span class="kt">mixin</span> <a class="nv" href="#credentialuserdata"><code>CredentialUserData</code></a> {
-  <span class="kt">readonly</span> <span class="kt">attribute</span> <a class="n idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-USVString" id="ref-for-idl-USVString②①"><span class="kt">USVString</span></a> <a class="nv idl-code" data-link-type="attribute" data-readonly="" data-type="USVString" href="#dom-credentialuserdata-name" id="ref-for-dom-credentialuserdata-name①①">name</a>;
-  <span class="kt">readonly</span> <span class="kt">attribute</span> <a class="n idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-USVString" id="ref-for-idl-USVString③①"><span class="kt">USVString</span></a> <a class="nv idl-code" data-link-type="attribute" data-readonly="" data-type="USVString" href="#dom-credentialuserdata-iconurl" id="ref-for-dom-credentialuserdata-iconurl①①">iconURL</a>;
+[<a class="idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#SecureContext" id="ref-for-SecureContext①①"><c- g>SecureContext</c-></a>]
+<c- b>interface</c-> <c- b>mixin</c-> <a href="#credentialuserdata"><code><c- g>CredentialUserData</c-></code></a> {
+  <c- b>readonly</c-> <c- b>attribute</c-> <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-USVString" id="ref-for-idl-USVString②①"><c- b>USVString</c-></a> <a class="idl-code" data-link-type="attribute" data-readonly data-type="USVString" href="#dom-credentialuserdata-name" id="ref-for-dom-credentialuserdata-name①①"><c- g>name</c-></a>;
+  <c- b>readonly</c-> <c- b>attribute</c-> <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-USVString" id="ref-for-idl-USVString③①"><c- b>USVString</c-></a> <a class="idl-code" data-link-type="attribute" data-readonly data-type="USVString" href="#dom-credentialuserdata-iconurl" id="ref-for-dom-credentialuserdata-iconurl①①"><c- g>iconURL</c-></a>;
 };
 
-<span class="kt">partial</span> <span class="kt">interface</span> <a class="nv idl-code" data-link-type="interface" href="https://html.spec.whatwg.org/multipage/system-state.html#navigator" id="ref-for-navigator①①">Navigator</a> {
-  [<a class="nv idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#SecureContext" id="ref-for-SecureContext②①">SecureContext</a>, <a class="nv idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#SameObject" id="ref-for-SameObject①">SameObject</a>] <span class="kt">readonly</span> <span class="kt">attribute</span> <a class="n" data-link-type="idl-name" href="#credentialscontainer" id="ref-for-credentialscontainer②①">CredentialsContainer</a> <a class="nv idl-code" data-link-type="attribute" data-readonly="" data-type="CredentialsContainer" href="#dom-navigator-credentials" id="ref-for-dom-navigator-credentials①①">credentials</a>;
+<c- b>partial</c-> <c- b>interface</c-> <a class="idl-code" data-link-type="interface" href="https://html.spec.whatwg.org/multipage/system-state.html#navigator" id="ref-for-navigator①①"><c- g>Navigator</c-></a> {
+  [<a class="idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#SecureContext" id="ref-for-SecureContext②①"><c- g>SecureContext</c-></a>, <a class="idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#SameObject" id="ref-for-SameObject①"><c- g>SameObject</c-></a>] <c- b>readonly</c-> <c- b>attribute</c-> <a class="n" data-link-type="idl-name" href="#credentialscontainer" id="ref-for-credentialscontainer②①"><c- n>CredentialsContainer</c-></a> <a class="idl-code" data-link-type="attribute" data-readonly data-type="CredentialsContainer" href="#dom-navigator-credentials" id="ref-for-dom-navigator-credentials①①"><c- g>credentials</c-></a>;
 };
 
-[<a class="nv idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#Exposed" id="ref-for-Exposed①①">Exposed</a>=<span class="n">Window</span>, <a class="nv idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#SecureContext" id="ref-for-SecureContext③①">SecureContext</a>]
-<span class="kt">interface</span> <a class="nv" href="#credentialscontainer"><code>CredentialsContainer</code></a> {
-  <span class="kt">Promise</span>&lt;<a class="n" data-link-type="idl-name" href="#credential" id="ref-for-credential②⓪①">Credential</a>?> <a class="nv idl-code" data-link-type="method" href="#dom-credentialscontainer-get" id="ref-for-dom-credentialscontainer-get②⑦">get</a>(<span class="kt">optional</span> <a class="n" data-link-type="idl-name" href="#dictdef-credentialrequestoptions" id="ref-for-dictdef-credentialrequestoptions②①">CredentialRequestOptions</a> <a class="nv idl-code" data-link-type="argument" href="#dom-credentialscontainer-get-options-options" id="ref-for-dom-credentialscontainer-get-options-options②">options</a>);
-  <span class="kt">Promise</span>&lt;<a class="n" data-link-type="idl-name" href="#credential" id="ref-for-credential②①①">Credential</a>> <a class="nv idl-code" data-link-type="method" href="#dom-credentialscontainer-store" id="ref-for-dom-credentialscontainer-store①④">store</a>(<a class="n" data-link-type="idl-name" href="#credential" id="ref-for-credential②②①">Credential</a> <a class="nv idl-code" data-link-type="argument" href="#dom-credentialscontainer-store-credential-credential" id="ref-for-dom-credentialscontainer-store-credential-credential②">credential</a>);
-  <span class="kt">Promise</span>&lt;<a class="n" data-link-type="idl-name" href="#credential" id="ref-for-credential②③①">Credential</a>?> <a class="nv idl-code" data-link-type="method" href="#dom-credentialscontainer-create" id="ref-for-dom-credentialscontainer-create⑧">create</a>(<span class="kt">optional</span> <a class="n" data-link-type="idl-name" href="#dictdef-credentialcreationoptions" id="ref-for-dictdef-credentialcreationoptions①①">CredentialCreationOptions</a> <a class="nv idl-code" data-link-type="argument" href="#dom-credentialscontainer-create-options-options" id="ref-for-dom-credentialscontainer-create-options-options②">options</a>);
-  <span class="kt">Promise</span>&lt;<span class="kt">void</span>> <a class="nv idl-code" data-link-type="method" href="#dom-credentialscontainer-preventsilentaccess" id="ref-for-dom-credentialscontainer-preventsilentaccess④">preventSilentAccess</a>();
+[<a class="idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#Exposed" id="ref-for-Exposed①①"><c- g>Exposed</c-></a>=<c- n>Window</c->, <a class="idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#SecureContext" id="ref-for-SecureContext③①"><c- g>SecureContext</c-></a>]
+<c- b>interface</c-> <a href="#credentialscontainer"><code><c- g>CredentialsContainer</c-></code></a> {
+  <c- b>Promise</c->&lt;<a class="n" data-link-type="idl-name" href="#credential" id="ref-for-credential②⑥①"><c- n>Credential</c-></a>?> <a class="idl-code" data-link-type="method" href="#dom-credentialscontainer-get" id="ref-for-dom-credentialscontainer-get②⑦"><c- g>get</c-></a>(<c- b>optional</c-> <a class="n" data-link-type="idl-name" href="#dictdef-credentialrequestoptions" id="ref-for-dictdef-credentialrequestoptions②①"><c- n>CredentialRequestOptions</c-></a> <a class="idl-code" data-link-type="argument" href="#dom-credentialscontainer-get-options-options" id="ref-for-dom-credentialscontainer-get-options-options②"><c- g>options</c-></a>);
+  <c- b>Promise</c->&lt;<a class="n" data-link-type="idl-name" href="#credential" id="ref-for-credential②⑦①"><c- n>Credential</c-></a>> <a class="idl-code" data-link-type="method" href="#dom-credentialscontainer-store" id="ref-for-dom-credentialscontainer-store①④"><c- g>store</c-></a>(<a class="n" data-link-type="idl-name" href="#credential" id="ref-for-credential②⑧①"><c- n>Credential</c-></a> <a class="idl-code" data-link-type="argument" href="#dom-credentialscontainer-store-credential-credential" id="ref-for-dom-credentialscontainer-store-credential-credential②"><c- g>credential</c-></a>);
+  <c- b>Promise</c->&lt;<a class="n" data-link-type="idl-name" href="#credential" id="ref-for-credential②⑨①"><c- n>Credential</c-></a>?> <a class="idl-code" data-link-type="method" href="#dom-credentialscontainer-create" id="ref-for-dom-credentialscontainer-create⑧"><c- g>create</c-></a>(<c- b>optional</c-> <a class="n" data-link-type="idl-name" href="#dictdef-credentialcreationoptions" id="ref-for-dictdef-credentialcreationoptions①①"><c- n>CredentialCreationOptions</c-></a> <a class="idl-code" data-link-type="argument" href="#dom-credentialscontainer-create-options-options" id="ref-for-dom-credentialscontainer-create-options-options②"><c- g>options</c-></a>);
+  <c- b>Promise</c->&lt;<c- b>void</c->> <a class="idl-code" data-link-type="method" href="#dom-credentialscontainer-preventsilentaccess" id="ref-for-dom-credentialscontainer-preventsilentaccess④"><c- g>preventSilentAccess</c-></a>();
 };
 
-<span class="kt">dictionary</span> <a class="nv" href="#dictdef-credentialdata"><code>CredentialData</code></a> {
-  <span class="kt">required</span> <a class="n idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-USVString" id="ref-for-idl-USVString⑥①"><span class="kt">USVString</span></a> <a class="nv" data-type="USVString " href="#dom-credentialdata-id"><code>id</code></a>;
+<c- b>dictionary</c-> <a href="#dictdef-credentialdata"><code><c- g>CredentialData</c-></code></a> {
+  <c- b>required</c-> <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-USVString" id="ref-for-idl-USVString⑥①"><c- b>USVString</c-></a> <a data-type="USVString " href="#dom-credentialdata-id"><code><c- g>id</c-></code></a>;
 };
 
-<span class="kt">dictionary</span> <a class="nv" href="#dictdef-credentialrequestoptions"><code>CredentialRequestOptions</code></a> {
-  <a class="n" data-link-type="idl-name" href="#enumdef-credentialmediationrequirement" id="ref-for-enumdef-credentialmediationrequirement④">CredentialMediationRequirement</a> <a class="nv idl-code" data-default="&quot;optional&quot;" data-link-type="dict-member" data-type="CredentialMediationRequirement " href="#dom-credentialrequestoptions-mediation" id="ref-for-dom-credentialrequestoptions-mediation①⑤">mediation</a> = "optional";
-  <a class="n" data-link-type="idl-name" href="https://dom.spec.whatwg.org/#abortsignal" id="ref-for-abortsignal④">AbortSignal</a> <a class="nv idl-code" data-link-type="dict-member" data-type="AbortSignal " href="#dom-credentialrequestoptions-signal" id="ref-for-dom-credentialrequestoptions-signal②">signal</a>;
+<c- b>dictionary</c-> <a href="#dictdef-credentialrequestoptions"><code><c- g>CredentialRequestOptions</c-></code></a> {
+  <a class="n" data-link-type="idl-name" href="#enumdef-credentialmediationrequirement" id="ref-for-enumdef-credentialmediationrequirement④"><c- n>CredentialMediationRequirement</c-></a> <a class="idl-code" data-default="&quot;optional&quot;" data-link-type="dict-member" data-type="CredentialMediationRequirement " href="#dom-credentialrequestoptions-mediation" id="ref-for-dom-credentialrequestoptions-mediation①⑤"><c- g>mediation</c-></a> = "optional";
+  <a class="n" data-link-type="idl-name" href="https://dom.spec.whatwg.org/#abortsignal" id="ref-for-abortsignal④"><c- n>AbortSignal</c-></a> <a class="idl-code" data-link-type="dict-member" data-type="AbortSignal " href="#dom-credentialrequestoptions-signal" id="ref-for-dom-credentialrequestoptions-signal②"><c- g>signal</c-></a>;
 };
 
-<span class="kt">enum</span> <a class="nv" href="#enumdef-credentialmediationrequirement"><code>CredentialMediationRequirement</code></a> {
-  <a class="s idl-code" data-link-type="enum-value" href="#dom-credentialmediationrequirement-silent" id="ref-for-dom-credentialmediationrequirement-silent①①">"silent"</a>,
-  <a class="s idl-code" data-link-type="enum-value" href="#dom-credentialmediationrequirement-optional" id="ref-for-dom-credentialmediationrequirement-optional①①">"optional"</a>,
-  <a class="s idl-code" data-link-type="enum-value" href="#dom-credentialmediationrequirement-required" id="ref-for-dom-credentialmediationrequirement-required⑥">"required"</a>
+<c- b>enum</c-> <a href="#enumdef-credentialmediationrequirement"><code><c- g>CredentialMediationRequirement</c-></code></a> {
+  <a class="idl-code" data-link-type="enum-value" href="#dom-credentialmediationrequirement-silent" id="ref-for-dom-credentialmediationrequirement-silent①①"><c- s>"silent"</c-></a>,
+  <a class="idl-code" data-link-type="enum-value" href="#dom-credentialmediationrequirement-optional" id="ref-for-dom-credentialmediationrequirement-optional①①"><c- s>"optional"</c-></a>,
+  <a class="idl-code" data-link-type="enum-value" href="#dom-credentialmediationrequirement-required" id="ref-for-dom-credentialmediationrequirement-required⑥"><c- s>"required"</c-></a>
 };
 
-<span class="kt">dictionary</span> <a class="nv" href="#dictdef-credentialcreationoptions"><code>CredentialCreationOptions</code></a> {
-  <a class="n" data-link-type="idl-name" href="https://dom.spec.whatwg.org/#abortsignal" id="ref-for-abortsignal②①">AbortSignal</a> <a class="nv idl-code" data-link-type="dict-member" data-type="AbortSignal " href="#dom-credentialcreationoptions-signal" id="ref-for-dom-credentialcreationoptions-signal②">signal</a>;
+<c- b>dictionary</c-> <a href="#dictdef-credentialcreationoptions"><code><c- g>CredentialCreationOptions</c-></code></a> {
+  <a class="n" data-link-type="idl-name" href="https://dom.spec.whatwg.org/#abortsignal" id="ref-for-abortsignal②①"><c- n>AbortSignal</c-></a> <a class="idl-code" data-link-type="dict-member" data-type="AbortSignal " href="#dom-credentialcreationoptions-signal" id="ref-for-dom-credentialcreationoptions-signal②"><c- g>signal</c-></a>;
 };
 
-<span class="kt">typedef</span> (<a class="n" data-link-type="idl-name" href="https://xhr.spec.whatwg.org/#interface-formdata" id="ref-for-interface-formdata③">FormData</a> <span class="kt">or</span> <a class="n" data-link-type="idl-name" href="https://url.spec.whatwg.org/#urlsearchparams" id="ref-for-urlsearchparams①">URLSearchParams</a>) <a class="nv" href="#typedefdef-credentialbodytype"><code>CredentialBodyType</code></a>;
-
-[<a class="nv idl-code" data-link-type="constructor" href="#dom-passwordcredential-passwordcredential" id="ref-for-dom-passwordcredential-passwordcredential②①">Constructor</a>(<a class="n" data-link-type="idl-name" href="https://html.spec.whatwg.org/multipage/forms.html#htmlformelement" id="ref-for-htmlformelement②①">HTMLFormElement</a> <a class="nv" href="#dom-passwordcredential-passwordcredential-form-form"><code>form</code></a>),
- <a class="nv idl-code" data-link-type="constructor" href="#dom-passwordcredential-passwordcredential-data" id="ref-for-dom-passwordcredential-passwordcredential-data①">Constructor</a>(<a class="n" data-link-type="idl-name" href="#dictdef-passwordcredentialdata" id="ref-for-dictdef-passwordcredentialdata⑧">PasswordCredentialData</a> <a class="nv" href="#dom-passwordcredential-passwordcredential-data-data"><code>data</code></a>),
- <a class="nv idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#Exposed" id="ref-for-Exposed②①">Exposed</a>=<span class="n">Window</span>,
- <a class="nv idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#SecureContext" id="ref-for-SecureContext④①">SecureContext</a>]
-<span class="kt">interface</span> <a class="nv" href="#passwordcredential"><code>PasswordCredential</code></a> : <a class="n" data-link-type="idl-name" href="#credential" id="ref-for-credential③⑤①">Credential</a> {
-  <span class="kt">readonly</span> <span class="kt">attribute</span> <a class="n idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-USVString" id="ref-for-idl-USVString⑦①"><span class="kt">USVString</span></a> <a class="nv idl-code" data-link-type="attribute" data-readonly="" data-type="USVString" href="#dom-passwordcredential-password" id="ref-for-dom-passwordcredential-password⑥">password</a>;
+[<a class="idl-code" data-link-type="constructor" href="#dom-passwordcredential-passwordcredential" id="ref-for-dom-passwordcredential-passwordcredential②①"><c- g>Constructor</c-></a>(<a class="n" data-link-type="idl-name" href="https://html.spec.whatwg.org/multipage/forms.html#htmlformelement" id="ref-for-htmlformelement②①"><c- n>HTMLFormElement</c-></a> <a href="#dom-passwordcredential-passwordcredential-form-form"><code><c- g>form</c-></code></a>),
+ <a class="idl-code" data-link-type="constructor" href="#dom-passwordcredential-passwordcredential-data" id="ref-for-dom-passwordcredential-passwordcredential-data①"><c- g>Constructor</c-></a>(<a class="n" data-link-type="idl-name" href="#dictdef-passwordcredentialdata" id="ref-for-dictdef-passwordcredentialdata⑧"><c- n>PasswordCredentialData</c-></a> <a href="#dom-passwordcredential-passwordcredential-data-data"><code><c- g>data</c-></code></a>),
+ <a class="idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#Exposed" id="ref-for-Exposed②①"><c- g>Exposed</c-></a>=<c- n>Window</c->,
+ <a class="idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#SecureContext" id="ref-for-SecureContext④①"><c- g>SecureContext</c-></a>]
+<c- b>interface</c-> <a href="#passwordcredential"><code><c- g>PasswordCredential</c-></code></a> : <a class="n" data-link-type="idl-name" href="#credential" id="ref-for-credential④②①"><c- n>Credential</c-></a> {
+  <c- b>readonly</c-> <c- b>attribute</c-> <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-USVString" id="ref-for-idl-USVString⑦①"><c- b>USVString</c-></a> <a class="idl-code" data-link-type="attribute" data-readonly data-type="USVString" href="#dom-passwordcredential-password" id="ref-for-dom-passwordcredential-password⑥"><c- g>password</c-></a>;
 };
-<a class="n" data-link-type="idl-name" href="#passwordcredential" id="ref-for-passwordcredential⑥①">PasswordCredential</a> <span class="kt">includes</span> <a class="n" data-link-type="idl-name" href="#credentialuserdata" id="ref-for-credentialuserdata②">CredentialUserData</a>;
+<a class="n" data-link-type="idl-name" href="#passwordcredential" id="ref-for-passwordcredential⑥①"><c- n>PasswordCredential</c-></a> <c- b>includes</c-> <a class="n" data-link-type="idl-name" href="#credentialuserdata" id="ref-for-credentialuserdata②"><c- n>CredentialUserData</c-></a>;
 
-<span class="kt">partial</span> <span class="kt">dictionary</span> <a class="nv idl-code" data-link-type="dictionary" href="#dictdef-credentialrequestoptions" id="ref-for-dictdef-credentialrequestoptions①⓪①">CredentialRequestOptions</a> {
-  <a class="n idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-boolean" id="ref-for-idl-boolean①"><span class="kt">boolean</span></a> <a class="nv" data-default="false" data-type="boolean " href="#dom-credentialrequestoptions-password"><code>password</code></a> = <span class="kt">false</span>;
+<c- b>partial</c-> <c- b>dictionary</c-> <a class="idl-code" data-link-type="dictionary" href="#dictdef-credentialrequestoptions" id="ref-for-dictdef-credentialrequestoptions①⓪①"><c- g>CredentialRequestOptions</c-></a> {
+  <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-boolean" id="ref-for-idl-boolean①"><c- b>boolean</c-></a> <a data-default="false" data-type="boolean " href="#dom-credentialrequestoptions-password"><code><c- g>password</c-></code></a> = <c- b>false</c->;
 };
 
-<span class="kt">dictionary</span> <a class="nv" href="#dictdef-passwordcredentialdata"><code>PasswordCredentialData</code></a> : <a class="n" data-link-type="idl-name" href="#dictdef-credentialdata" id="ref-for-dictdef-credentialdata②">CredentialData</a> {
-  <a class="n idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-USVString" id="ref-for-idl-USVString⑨①"><span class="kt">USVString</span></a> <a class="nv" data-type="USVString " href="#dom-passwordcredentialdata-name"><code>name</code></a>;
-  <a class="n idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-USVString" id="ref-for-idl-USVString①⓪①"><span class="kt">USVString</span></a> <a class="nv" data-type="USVString " href="#dom-passwordcredentialdata-iconurl"><code>iconURL</code></a>;
-  <span class="kt">required</span> <a class="n idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-USVString" id="ref-for-idl-USVString①①①"><span class="kt">USVString</span></a> <a class="nv" data-type="USVString " href="#dom-passwordcredentialdata-password"><code>password</code></a>;
+<c- b>dictionary</c-> <a href="#dictdef-passwordcredentialdata"><code><c- g>PasswordCredentialData</c-></code></a> : <a class="n" data-link-type="idl-name" href="#dictdef-credentialdata" id="ref-for-dictdef-credentialdata②"><c- n>CredentialData</c-></a> {
+  <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-USVString" id="ref-for-idl-USVString⑨①"><c- b>USVString</c-></a> <a data-type="USVString " href="#dom-passwordcredentialdata-name"><code><c- g>name</c-></code></a>;
+  <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-USVString" id="ref-for-idl-USVString①⓪①"><c- b>USVString</c-></a> <a data-type="USVString " href="#dom-passwordcredentialdata-iconurl"><code><c- g>iconURL</c-></code></a>;
+  <c- b>required</c-> <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-USVString" id="ref-for-idl-USVString①①①"><c- b>USVString</c-></a> <a data-type="USVString " href="#dom-passwordcredentialdata-origin"><code><c- g>origin</c-></code></a>;
+  <c- b>required</c-> <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-USVString" id="ref-for-idl-USVString①②①"><c- b>USVString</c-></a> <a data-type="USVString " href="#dom-passwordcredentialdata-password"><code><c- g>password</c-></code></a>;
 };
 
-<span class="kt">typedef</span> (<a class="n" data-link-type="idl-name" href="#dictdef-passwordcredentialdata" id="ref-for-dictdef-passwordcredentialdata③①">PasswordCredentialData</a> <span class="kt">or</span> <a class="n" data-link-type="idl-name" href="https://html.spec.whatwg.org/multipage/forms.html#htmlformelement" id="ref-for-htmlformelement⑤①">HTMLFormElement</a>) <a class="nv" href="#typedefdef-passwordcredentialinit"><code>PasswordCredentialInit</code></a>;
+<c- b>typedef</c-> (<a class="n" data-link-type="idl-name" href="#dictdef-passwordcredentialdata" id="ref-for-dictdef-passwordcredentialdata③①"><c- n>PasswordCredentialData</c-></a> <c- b>or</c-> <a class="n" data-link-type="idl-name" href="https://html.spec.whatwg.org/multipage/forms.html#htmlformelement" id="ref-for-htmlformelement⑤①"><c- n>HTMLFormElement</c-></a>) <a href="#typedefdef-passwordcredentialinit"><code><c- g>PasswordCredentialInit</c-></code></a>;
 
-<span class="kt">partial</span> <span class="kt">dictionary</span> <a class="nv idl-code" data-link-type="dictionary" href="#dictdef-credentialcreationoptions" id="ref-for-dictdef-credentialcreationoptions⑤①">CredentialCreationOptions</a> {
-  <a class="n" data-link-type="idl-name" href="#typedefdef-passwordcredentialinit" id="ref-for-typedefdef-passwordcredentialinit①">PasswordCredentialInit</a> <a class="nv" data-type="PasswordCredentialInit " href="#dom-credentialcreationoptions-password"><code>password</code></a>;
+<c- b>partial</c-> <c- b>dictionary</c-> <a class="idl-code" data-link-type="dictionary" href="#dictdef-credentialcreationoptions" id="ref-for-dictdef-credentialcreationoptions⑤①"><c- g>CredentialCreationOptions</c-></a> {
+  <a class="n" data-link-type="idl-name" href="#typedefdef-passwordcredentialinit" id="ref-for-typedefdef-passwordcredentialinit①"><c- n>PasswordCredentialInit</c-></a> <a data-type="PasswordCredentialInit " href="#dom-credentialcreationoptions-password"><code><c- g>password</c-></code></a>;
 };
 
-[<a class="nv idl-code" data-link-type="constructor" href="#dom-federatedcredential-federatedcredential" id="ref-for-dom-federatedcredential-federatedcredential①">Constructor</a>(<a class="n" data-link-type="idl-name" href="#dictdef-federatedcredentialinit" id="ref-for-dictdef-federatedcredentialinit⑤">FederatedCredentialInit</a> <a class="nv" href="#dom-federatedcredential-federatedcredential-data-data"><code>data</code></a>),
- <a class="nv idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#Exposed" id="ref-for-Exposed③①">Exposed</a>=<span class="n">Window</span>,
- <a class="nv idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#SecureContext" id="ref-for-SecureContext⑤①">SecureContext</a>]
-<span class="kt">interface</span> <a class="nv" href="#federatedcredential"><code>FederatedCredential</code></a> : <a class="n" data-link-type="idl-name" href="#credential" id="ref-for-credential③⑨①">Credential</a> {
-  <span class="kt">readonly</span> <span class="kt">attribute</span> <a class="n idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-USVString" id="ref-for-idl-USVString①②①"><span class="kt">USVString</span></a> <a class="nv idl-code" data-link-type="attribute" data-readonly="" data-type="USVString" href="#dom-federatedcredential-provider" id="ref-for-dom-federatedcredential-provider⑨">provider</a>;
-  <span class="kt">readonly</span> <span class="kt">attribute</span> <a class="n idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-DOMString" id="ref-for-idl-DOMString②①"><span class="kt">DOMString</span></a>? <a class="nv idl-code" data-link-type="attribute" data-readonly="" data-type="DOMString?" href="#dom-federatedcredential-protocol" id="ref-for-dom-federatedcredential-protocol④">protocol</a>;
+[<a class="idl-code" data-link-type="constructor" href="#dom-federatedcredential-federatedcredential" id="ref-for-dom-federatedcredential-federatedcredential①"><c- g>Constructor</c-></a>(<a class="n" data-link-type="idl-name" href="#dictdef-federatedcredentialinit" id="ref-for-dictdef-federatedcredentialinit⑤"><c- n>FederatedCredentialInit</c-></a> <a href="#dom-federatedcredential-federatedcredential-data-data"><code><c- g>data</c-></code></a>),
+ <a class="idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#Exposed" id="ref-for-Exposed③①"><c- g>Exposed</c-></a>=<c- n>Window</c->,
+ <a class="idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#SecureContext" id="ref-for-SecureContext⑤①"><c- g>SecureContext</c-></a>]
+<c- b>interface</c-> <a href="#federatedcredential"><code><c- g>FederatedCredential</c-></code></a> : <a class="n" data-link-type="idl-name" href="#credential" id="ref-for-credential④⑥①"><c- n>Credential</c-></a> {
+  <c- b>readonly</c-> <c- b>attribute</c-> <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-USVString" id="ref-for-idl-USVString①③①"><c- b>USVString</c-></a> <a class="idl-code" data-link-type="attribute" data-readonly data-type="USVString" href="#dom-federatedcredential-provider" id="ref-for-dom-federatedcredential-provider⑨"><c- g>provider</c-></a>;
+  <c- b>readonly</c-> <c- b>attribute</c-> <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-DOMString" id="ref-for-idl-DOMString②①"><c- b>DOMString</c-></a>? <a class="idl-code" data-link-type="attribute" data-readonly data-type="DOMString?" href="#dom-federatedcredential-protocol" id="ref-for-dom-federatedcredential-protocol④"><c- g>protocol</c-></a>;
 };
-<a class="n" data-link-type="idl-name" href="#federatedcredential" id="ref-for-federatedcredential①⑤">FederatedCredential</a> <span class="kt">includes</span> <a class="n" data-link-type="idl-name" href="#credentialuserdata" id="ref-for-credentialuserdata①①">CredentialUserData</a>;
+<a class="n" data-link-type="idl-name" href="#federatedcredential" id="ref-for-federatedcredential①⑤"><c- n>FederatedCredential</c-></a> <c- b>includes</c-> <a class="n" data-link-type="idl-name" href="#credentialuserdata" id="ref-for-credentialuserdata①①"><c- n>CredentialUserData</c-></a>;
 
-<span class="kt">dictionary</span> <a class="nv" href="#dictdef-federatedcredentialrequestoptions"><code>FederatedCredentialRequestOptions</code></a> {
-  <span class="kt">sequence</span>&lt;<a class="n idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-USVString" id="ref-for-idl-USVString①③①"><span class="kt">USVString</span></a>> <a class="nv" data-type="sequence<USVString> " href="#dom-federatedcredentialrequestoptions-providers"><code>providers</code></a>;
-  <span class="kt">sequence</span>&lt;<a class="n idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-DOMString" id="ref-for-idl-DOMString③①"><span class="kt">DOMString</span></a>> <a class="nv" data-type="sequence<DOMString> " href="#dom-federatedcredentialrequestoptions-protocols"><code>protocols</code></a>;
+<c- b>dictionary</c-> <a href="#dictdef-federatedcredentialrequestoptions"><code><c- g>FederatedCredentialRequestOptions</c-></code></a> {
+  <c- b>sequence</c->&lt;<a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-USVString" id="ref-for-idl-USVString①④①"><c- b>USVString</c-></a>> <a data-type="sequence<USVString> " href="#dom-federatedcredentialrequestoptions-providers"><code><c- g>providers</c-></code></a>;
+  <c- b>sequence</c->&lt;<a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-DOMString" id="ref-for-idl-DOMString③①"><c- b>DOMString</c-></a>> <a data-type="sequence<DOMString> " href="#dom-federatedcredentialrequestoptions-protocols"><code><c- g>protocols</c-></code></a>;
 };
 
-<span class="kt">partial</span> <span class="kt">dictionary</span> <a class="nv idl-code" data-link-type="dictionary" href="#dictdef-credentialrequestoptions" id="ref-for-dictdef-credentialrequestoptions①③①">CredentialRequestOptions</a> {
-  <a class="n" data-link-type="idl-name" href="#dictdef-federatedcredentialrequestoptions" id="ref-for-dictdef-federatedcredentialrequestoptions②">FederatedCredentialRequestOptions</a> <a class="nv" data-type="FederatedCredentialRequestOptions " href="#dom-credentialrequestoptions-federated"><code>federated</code></a>;
+<c- b>partial</c-> <c- b>dictionary</c-> <a class="idl-code" data-link-type="dictionary" href="#dictdef-credentialrequestoptions" id="ref-for-dictdef-credentialrequestoptions①③①"><c- g>CredentialRequestOptions</c-></a> {
+  <a class="n" data-link-type="idl-name" href="#dictdef-federatedcredentialrequestoptions" id="ref-for-dictdef-federatedcredentialrequestoptions②"><c- n>FederatedCredentialRequestOptions</c-></a> <a data-type="FederatedCredentialRequestOptions " href="#dom-credentialrequestoptions-federated"><code><c- g>federated</c-></code></a>;
 };
 
-<span class="kt">dictionary</span> <a class="nv" href="#dictdef-federatedcredentialinit"><code>FederatedCredentialInit</code></a> : <a class="n" data-link-type="idl-name" href="#dictdef-credentialdata" id="ref-for-dictdef-credentialdata①①">CredentialData</a> {
-  <a class="n idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-USVString" id="ref-for-idl-USVString①⑤①"><span class="kt">USVString</span></a> <a class="nv" data-type="USVString " href="#dom-federatedcredentialinit-name"><code>name</code></a>;
-  <a class="n idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-USVString" id="ref-for-idl-USVString①⑥①"><span class="kt">USVString</span></a> <a class="nv" data-type="USVString " href="#dom-federatedcredentialinit-iconurl"><code>iconURL</code></a>;
-  <span class="kt">required</span> <a class="n idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-USVString" id="ref-for-idl-USVString①⑦①"><span class="kt">USVString</span></a> <a class="nv" data-type="USVString " href="#dom-federatedcredentialinit-provider"><code>provider</code></a>;
-  <a class="n idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-DOMString" id="ref-for-idl-DOMString⑤①"><span class="kt">DOMString</span></a> <a class="nv" data-type="DOMString " href="#dom-federatedcredentialinit-protocol"><code>protocol</code></a>;
+<c- b>dictionary</c-> <a href="#dictdef-federatedcredentialinit"><code><c- g>FederatedCredentialInit</c-></code></a> : <a class="n" data-link-type="idl-name" href="#dictdef-credentialdata" id="ref-for-dictdef-credentialdata①①"><c- n>CredentialData</c-></a> {
+  <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-USVString" id="ref-for-idl-USVString①⑥①"><c- b>USVString</c-></a> <a data-type="USVString " href="#dom-federatedcredentialinit-name"><code><c- g>name</c-></code></a>;
+  <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-USVString" id="ref-for-idl-USVString①⑦①"><c- b>USVString</c-></a> <a data-type="USVString " href="#dom-federatedcredentialinit-iconurl"><code><c- g>iconURL</c-></code></a>;
+  <c- b>required</c-> <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-USVString" id="ref-for-idl-USVString①⑧①"><c- b>USVString</c-></a> <a data-type="USVString " href="#dom-federatedcredentialinit-origin"><code><c- g>origin</c-></code></a>;
+  <c- b>required</c-> <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-USVString" id="ref-for-idl-USVString①⑨①"><c- b>USVString</c-></a> <a data-type="USVString " href="#dom-federatedcredentialinit-provider"><code><c- g>provider</c-></code></a>;
+  <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-DOMString" id="ref-for-idl-DOMString⑤①"><c- b>DOMString</c-></a> <a data-type="DOMString " href="#dom-federatedcredentialinit-protocol"><code><c- g>protocol</c-></code></a>;
 };
 
-<span class="kt">partial</span> <span class="kt">dictionary</span> <a class="nv idl-code" data-link-type="dictionary" href="#dictdef-credentialcreationoptions" id="ref-for-dictdef-credentialcreationoptions⑧①">CredentialCreationOptions</a> {
-  <a class="n" data-link-type="idl-name" href="#dictdef-federatedcredentialinit" id="ref-for-dictdef-federatedcredentialinit③①">FederatedCredentialInit</a> <a class="nv" data-type="FederatedCredentialInit " href="#dom-credentialcreationoptions-federated"><code>federated</code></a>;
+<c- b>partial</c-> <c- b>dictionary</c-> <a class="idl-code" data-link-type="dictionary" href="#dictdef-credentialcreationoptions" id="ref-for-dictdef-credentialcreationoptions⑧①"><c- g>CredentialCreationOptions</c-></a> {
+  <a class="n" data-link-type="idl-name" href="#dictdef-federatedcredentialinit" id="ref-for-dictdef-federatedcredentialinit③①"><c- n>FederatedCredentialInit</c-></a> <a data-type="FederatedCredentialInit " href="#dom-credentialcreationoptions-federated"><code><c- g>federated</c-></code></a>;
 };
 
 </pre>
@@ -4475,8 +4568,9 @@ <h2 class="no-num no-ref heading settled" id="issues-index"><span class="content
     <li><a href="#ref-for-concept-credential⑥">2.1. Infrastructure</a> <a href="#ref-for-concept-credential⑦">(2)</a> <a href="#ref-for-concept-credential⑧">(3)</a> <a href="#ref-for-concept-credential⑨">(4)</a> <a href="#ref-for-concept-credential①⓪">(5)</a> <a href="#ref-for-concept-credential①①">(6)</a> <a href="#ref-for-concept-credential①②">(7)</a>
     <li><a href="#ref-for-concept-credential①③">2.2. The Credential Interface</a>
     <li><a href="#ref-for-concept-credential①④">2.2.1. Credential Internal Methods</a>
-    <li><a href="#ref-for-concept-credential①⑤">3. Password Credentials</a>
-    <li><a href="#ref-for-concept-credential①⑥">7.2. Extension Points</a> <a href="#ref-for-concept-credential①⑦">(2)</a> <a href="#ref-for-concept-credential①⑧">(3)</a>
+    <li><a href="#ref-for-concept-credential①⑤">2.2.1.2. [[DiscoverFromExternalSource]] internal method</a>
+    <li><a href="#ref-for-concept-credential①⑥">3. Password Credentials</a>
+    <li><a href="#ref-for-concept-credential①⑦">7.2. Extension Points</a> <a href="#ref-for-concept-credential①⑧">(2)</a> <a href="#ref-for-concept-credential①⑨">(3)</a>
    </ul>
   </aside>
   <aside class="dfn-panel" data-for="credential-effective">
@@ -4484,14 +4578,14 @@ <h2 class="no-num no-ref heading settled" id="issues-index"><span class="content
    <ul>
     <li><a href="#ref-for-credential-effective">2.1. Infrastructure</a>
     <li><a href="#ref-for-credential-effective①">2.2. The Credential Interface</a>
-    <li><a href="#ref-for-credential-effective②">2.2.1. Credential Internal Methods</a>
+    <li><a href="#ref-for-credential-effective②">2.2.1.2. [[DiscoverFromExternalSource]] internal method</a>
     <li><a href="#ref-for-credential-effective③">7.2. Extension Points</a>
    </ul>
   </aside>
   <aside class="dfn-panel" data-for="credential-source">
    <b><a href="#credential-source">#credential-source</a></b><b>Referenced in:</b>
    <ul>
-    <li><a href="#ref-for-credential-source">2.2.1. Credential Internal Methods</a>
+    <li><a href="#ref-for-credential-source">2.2.1.2. [[DiscoverFromExternalSource]] internal method</a>
     <li><a href="#ref-for-credential-source①">7.2. Extension Points</a>
    </ul>
   </aside>
@@ -4500,17 +4594,18 @@ <h2 class="no-num no-ref heading settled" id="issues-index"><span class="content
    <ul>
     <li><a href="#ref-for-concept-credential-store">2.1. Infrastructure</a> <a href="#ref-for-concept-credential-store①">(2)</a> <a href="#ref-for-concept-credential-store②">(3)</a> <a href="#ref-for-concept-credential-store③">(4)</a>
     <li><a href="#ref-for-concept-credential-store④">2.2. The Credential Interface</a> <a href="#ref-for-concept-credential-store⑤">(2)</a>
-    <li><a href="#ref-for-concept-credential-store⑥">2.2.1. Credential Internal Methods</a> <a href="#ref-for-concept-credential-store⑦">(2)</a>
+    <li><a href="#ref-for-concept-credential-store⑥">2.2.1.1. [[CollectFromCredentialStore]] internal method</a>
+    <li><a href="#ref-for-concept-credential-store⑦">2.2.1.3. [[Store]] internal method</a>
     <li><a href="#ref-for-concept-credential-store⑧">2.3. navigator.credentials</a>
     <li><a href="#ref-for-concept-credential-store⑨">2.5.3. Store a Credential</a>
     <li><a href="#ref-for-concept-credential-store①⓪">2.5.5. Prevent Silent Access</a> <a href="#ref-for-concept-credential-store①①">(2)</a>
     <li><a href="#ref-for-concept-credential-store①②">3.1.1. Password-based Sign-in</a>
     <li><a href="#ref-for-concept-credential-store①③">3.3.1. 
-    PasswordCredential's [[CollectFromCredentialStore]](options, sameOriginWithAncestors) </a> <a href="#ref-for-concept-credential-store①④">(2)</a>
+    PasswordCredential's [[CollectFromCredentialStore]](origin, options, sameOriginWithAncestors) </a> <a href="#ref-for-concept-credential-store①④">(2)</a>
     <li><a href="#ref-for-concept-credential-store①⑤">3.3.3. 
     PasswordCredential's [[Store]](credential, sameOriginWithAncestors) </a> <a href="#ref-for-concept-credential-store①⑥">(2)</a> <a href="#ref-for-concept-credential-store①⑦">(3)</a> <a href="#ref-for-concept-credential-store①⑧">(4)</a>
     <li><a href="#ref-for-concept-credential-store①⑨">4.2.1. 
-    FederatedCredential's [[CollectFromCredentialStore]](options, sameOriginWithAncestors) </a> <a href="#ref-for-concept-credential-store②⓪">(2)</a>
+    FederatedCredential's [[CollectFromCredentialStore]](origin, options, sameOriginWithAncestors) </a> <a href="#ref-for-concept-credential-store②⓪">(2)</a>
     <li><a href="#ref-for-concept-credential-store②①">4.2.3. 
     FederatedCredential's [[Store]](credential, sameOriginWithAncestors) </a> <a href="#ref-for-concept-credential-store②②">(2)</a> <a href="#ref-for-concept-credential-store②③">(3)</a> <a href="#ref-for-concept-credential-store②④">(4)</a>
     <li><a href="#ref-for-concept-credential-store②⑤">5.2. Requiring User Mediation</a>
@@ -4523,9 +4618,9 @@ <h2 class="no-num no-ref heading settled" id="issues-index"><span class="content
    <b><a href="#abstract-opdef-credential-store-retrieve-a-list-of-credentials">#abstract-opdef-credential-store-retrieve-a-list-of-credentials</a></b><b>Referenced in:</b>
    <ul>
     <li><a href="#ref-for-abstract-opdef-credential-store-retrieve-a-list-of-credentials">3.3.1. 
-    PasswordCredential's [[CollectFromCredentialStore]](options, sameOriginWithAncestors) </a>
+    PasswordCredential's [[CollectFromCredentialStore]](origin, options, sameOriginWithAncestors) </a>
     <li><a href="#ref-for-abstract-opdef-credential-store-retrieve-a-list-of-credentials①">4.2.1. 
-    FederatedCredential's [[CollectFromCredentialStore]](options, sameOriginWithAncestors) </a>
+    FederatedCredential's [[CollectFromCredentialStore]](origin, options, sameOriginWithAncestors) </a>
    </ul>
   </aside>
   <aside class="dfn-panel" data-for="origin-prevent-silent-access-flag">
@@ -4548,21 +4643,24 @@ <h2 class="no-num no-ref heading settled" id="issues-index"><span class="content
   <aside class="dfn-panel" data-for="same-origin-with-its-ancestors">
    <b><a href="#same-origin-with-its-ancestors">#same-origin-with-its-ancestors</a></b><b>Referenced in:</b>
    <ul>
-    <li><a href="#ref-for-same-origin-with-its-ancestors">2.2.1. Credential Internal Methods</a> <a href="#ref-for-same-origin-with-its-ancestors①">(2)</a> <a href="#ref-for-same-origin-with-its-ancestors②">(3)</a> <a href="#ref-for-same-origin-with-its-ancestors③">(4)</a>
+    <li><a href="#ref-for-same-origin-with-its-ancestors">2.2.1.1. [[CollectFromCredentialStore]] internal method</a>
+    <li><a href="#ref-for-same-origin-with-its-ancestors①">2.2.1.2. [[DiscoverFromExternalSource]] internal method</a>
+    <li><a href="#ref-for-same-origin-with-its-ancestors②">2.2.1.3. [[Store]] internal method</a>
+    <li><a href="#ref-for-same-origin-with-its-ancestors③">2.2.1.4. [[Create]] internal method</a>
     <li><a href="#ref-for-same-origin-with-its-ancestors④">2.5.1. Request a Credential</a>
     <li><a href="#ref-for-same-origin-with-its-ancestors⑤">2.5.2. Collect Credentials from the credential store</a>
     <li><a href="#ref-for-same-origin-with-its-ancestors⑥">2.5.3. Store a Credential</a>
     <li><a href="#ref-for-same-origin-with-its-ancestors⑦">2.5.4. Create a Credential</a>
     <li><a href="#ref-for-same-origin-with-its-ancestors⑧">3.3.1. 
-    PasswordCredential's [[CollectFromCredentialStore]](options, sameOriginWithAncestors) </a>
+    PasswordCredential's [[CollectFromCredentialStore]](origin, options, sameOriginWithAncestors) </a>
     <li><a href="#ref-for-same-origin-with-its-ancestors⑨">3.3.2. 
-    PasswordCredential's [[Create]](options, sameOriginWithAncestors) </a>
+    PasswordCredential's [[Create]](origin, options, sameOriginWithAncestors) </a>
     <li><a href="#ref-for-same-origin-with-its-ancestors①⓪">3.3.3. 
     PasswordCredential's [[Store]](credential, sameOriginWithAncestors) </a>
     <li><a href="#ref-for-same-origin-with-its-ancestors①①">4.2.1. 
-    FederatedCredential's [[CollectFromCredentialStore]](options, sameOriginWithAncestors) </a>
+    FederatedCredential's [[CollectFromCredentialStore]](origin, options, sameOriginWithAncestors) </a>
     <li><a href="#ref-for-same-origin-with-its-ancestors①②">4.2.2. 
-    FederatedCredential's [[Create]](options, sameOriginWithAncestors) </a>
+    FederatedCredential's [[Create]](origin, options, sameOriginWithAncestors) </a>
     <li><a href="#ref-for-same-origin-with-its-ancestors①③">4.2.3. 
     FederatedCredential's [[Store]](credential, sameOriginWithAncestors) </a>
     <li><a href="#ref-for-same-origin-with-its-ancestors①④">7.2. Extension Points</a>
@@ -4573,26 +4671,30 @@ <h2 class="no-num no-ref heading settled" id="issues-index"><span class="content
    <ul>
     <li><a href="#ref-for-credential">2. Core API</a> <a href="#ref-for-credential①">(2)</a>
     <li><a href="#ref-for-credential②">2.2. The Credential Interface</a> <a href="#ref-for-credential③">(2)</a> <a href="#ref-for-credential④">(3)</a> <a href="#ref-for-credential⑤">(4)</a> <a href="#ref-for-credential⑥">(5)</a>
-    <li><a href="#ref-for-credential⑦">2.2.1. Credential Internal Methods</a> <a href="#ref-for-credential⑧">(2)</a> <a href="#ref-for-credential⑨">(3)</a> <a href="#ref-for-credential①⓪">(4)</a> <a href="#ref-for-credential①①">(5)</a> <a href="#ref-for-credential①②">(6)</a> <a href="#ref-for-credential①③">(7)</a> <a href="#ref-for-credential①④">(8)</a> <a href="#ref-for-credential①⑤">(9)</a> <a href="#ref-for-credential①⑥">(10)</a> <a href="#ref-for-credential①⑦">(11)</a>
-    <li><a href="#ref-for-credential①⑧">2.2.2. CredentialUserData Mixin</a>
-    <li><a href="#ref-for-credential①⑨">2.3. navigator.credentials</a> <a href="#ref-for-credential②⓪">(2)</a> <a href="#ref-for-credential②①">(3)</a> <a href="#ref-for-credential②②">(4)</a> <a href="#ref-for-credential②③">(5)</a>
-    <li><a href="#ref-for-credential②④">2.3.1. The CredentialRequestOptions Dictionary</a> <a href="#ref-for-credential②⑤">(2)</a>
-    <li><a href="#ref-for-credential②⑥">2.4. The CredentialCreationOptions Dictionary</a>
-    <li><a href="#ref-for-credential②⑦">2.5.1. Request a Credential</a> <a href="#ref-for-credential②⑧">(2)</a> <a href="#ref-for-credential②⑨">(3)</a>
-    <li><a href="#ref-for-credential③⓪">2.5.2. Collect Credentials from the credential store</a> <a href="#ref-for-credential③①">(2)</a>
-    <li><a href="#ref-for-credential③②">2.5.3. Store a Credential</a>
-    <li><a href="#ref-for-credential③③">2.5.4. Create a Credential</a> <a href="#ref-for-credential③④">(2)</a>
-    <li><a href="#ref-for-credential③⑤">3.2. The PasswordCredential Interface</a> <a href="#ref-for-credential③⑥">(2)</a>
-    <li><a href="#ref-for-credential③⑦">3.3.1. 
-    PasswordCredential's [[CollectFromCredentialStore]](options, sameOriginWithAncestors) </a> <a href="#ref-for-credential③⑧">(2)</a>
-    <li><a href="#ref-for-credential③⑨">4.1. The FederatedCredential Interface</a> <a href="#ref-for-credential④⓪">(2)</a>
-    <li><a href="#ref-for-credential④①">4.2.1. 
-    FederatedCredential's [[CollectFromCredentialStore]](options, sameOriginWithAncestors) </a> <a href="#ref-for-credential④②">(2)</a>
-    <li><a href="#ref-for-credential④③">5.3. Credential Selection</a> <a href="#ref-for-credential④④">(2)</a> <a href="#ref-for-credential④⑤">(3)</a> <a href="#ref-for-credential④⑥">(4)</a> <a href="#ref-for-credential④⑦">(5)</a>
-    <li><a href="#ref-for-credential④⑧">6.1. Cross-domain credential access</a>
-    <li><a href="#ref-for-credential④⑨">6.7. Chooser Leakage</a> <a href="#ref-for-credential⑤⓪">(2)</a> <a href="#ref-for-credential⑤①">(3)</a>
-    <li><a href="#ref-for-credential⑤②">7.1. Website Authors</a>
-    <li><a href="#ref-for-credential⑤③">7.2. Extension Points</a> <a href="#ref-for-credential⑤④">(2)</a> <a href="#ref-for-credential⑤⑤">(3)</a> <a href="#ref-for-credential⑤⑥">(4)</a>
+    <li><a href="#ref-for-credential⑦">2.2.1. Credential Internal Methods</a> <a href="#ref-for-credential⑧">(2)</a> <a href="#ref-for-credential⑨">(3)</a> <a href="#ref-for-credential①⓪">(4)</a>
+    <li><a href="#ref-for-credential①①">2.2.1.1. [[CollectFromCredentialStore]] internal method</a> <a href="#ref-for-credential①②">(2)</a> <a href="#ref-for-credential①③">(3)</a>
+    <li><a href="#ref-for-credential①④">2.2.1.2. [[DiscoverFromExternalSource]] internal method</a> <a href="#ref-for-credential①⑤">(2)</a> <a href="#ref-for-credential①⑥">(3)</a>
+    <li><a href="#ref-for-credential①⑦">2.2.1.3. [[Store]] internal method</a> <a href="#ref-for-credential①⑧">(2)</a> <a href="#ref-for-credential①⑨">(3)</a>
+    <li><a href="#ref-for-credential②⓪">2.2.1.4. [[Create]] internal method</a> <a href="#ref-for-credential②①">(2)</a> <a href="#ref-for-credential②②">(3)</a> <a href="#ref-for-credential②③">(4)</a>
+    <li><a href="#ref-for-credential②④">2.2.2. CredentialUserData Mixin</a>
+    <li><a href="#ref-for-credential②⑤">2.3. navigator.credentials</a> <a href="#ref-for-credential②⑥">(2)</a> <a href="#ref-for-credential②⑦">(3)</a> <a href="#ref-for-credential②⑧">(4)</a> <a href="#ref-for-credential②⑨">(5)</a>
+    <li><a href="#ref-for-credential③⓪">2.3.1. The CredentialRequestOptions Dictionary</a> <a href="#ref-for-credential③①">(2)</a>
+    <li><a href="#ref-for-credential③②">2.4. The CredentialCreationOptions Dictionary</a>
+    <li><a href="#ref-for-credential③③">2.5.1. Request a Credential</a> <a href="#ref-for-credential③④">(2)</a> <a href="#ref-for-credential③⑤">(3)</a>
+    <li><a href="#ref-for-credential③⑥">2.5.2. Collect Credentials from the credential store</a> <a href="#ref-for-credential③⑦">(2)</a>
+    <li><a href="#ref-for-credential③⑧">2.5.3. Store a Credential</a>
+    <li><a href="#ref-for-credential③⑨">2.5.4. Create a Credential</a> <a href="#ref-for-credential④⓪">(2)</a> <a href="#ref-for-credential④①">(3)</a>
+    <li><a href="#ref-for-credential④②">3.2. The PasswordCredential Interface</a> <a href="#ref-for-credential④③">(2)</a>
+    <li><a href="#ref-for-credential④④">3.3.1. 
+    PasswordCredential's [[CollectFromCredentialStore]](origin, options, sameOriginWithAncestors) </a> <a href="#ref-for-credential④⑤">(2)</a>
+    <li><a href="#ref-for-credential④⑥">4.1. The FederatedCredential Interface</a> <a href="#ref-for-credential④⑦">(2)</a>
+    <li><a href="#ref-for-credential④⑧">4.2.1. 
+    FederatedCredential's [[CollectFromCredentialStore]](origin, options, sameOriginWithAncestors) </a> <a href="#ref-for-credential④⑨">(2)</a>
+    <li><a href="#ref-for-credential⑤⓪">5.3. Credential Selection</a> <a href="#ref-for-credential⑤①">(2)</a> <a href="#ref-for-credential⑤②">(3)</a> <a href="#ref-for-credential⑤③">(4)</a> <a href="#ref-for-credential⑤④">(5)</a>
+    <li><a href="#ref-for-credential⑤⑤">6.1. Cross-domain credential access</a>
+    <li><a href="#ref-for-credential⑤⑥">6.7. Chooser Leakage</a> <a href="#ref-for-credential⑤⑦">(2)</a> <a href="#ref-for-credential⑤⑧">(3)</a>
+    <li><a href="#ref-for-credential⑤⑨">7.1. Website Authors</a>
+    <li><a href="#ref-for-credential⑥⓪">7.2. Extension Points</a> <a href="#ref-for-credential⑥①">(2)</a> <a href="#ref-for-credential⑥②">(3)</a> <a href="#ref-for-credential⑥③">(4)</a>
    </ul>
   </aside>
   <aside class="dfn-panel" data-for="dom-credential-id">
@@ -4626,6 +4728,13 @@ <h2 class="no-num no-ref heading settled" id="issues-index"><span class="content
     <li><a href="#ref-for-dom-credential-type-slot⑤">7.2. Extension Points</a>
    </ul>
   </aside>
+  <aside class="dfn-panel" data-for="credential-credential-type">
+   <b><a href="#credential-credential-type">#credential-credential-type</a></b><b>Referenced in:</b>
+   <ul>
+    <li><a href="#ref-for-credential-credential-type">2.2. The Credential Interface</a>
+    <li><a href="#ref-for-credential-credential-type①">2.2.1.4. [[Create]] internal method</a>
+   </ul>
+  </aside>
   <aside class="dfn-panel" data-for="dom-credential-discovery-slot">
    <b><a href="#dom-credential-discovery-slot">#dom-credential-discovery-slot</a></b><b>Referenced in:</b>
    <ul>
@@ -4655,13 +4764,13 @@ <h2 class="no-num no-ref heading settled" id="issues-index"><span class="content
    <b><a href="#dom-credential-origin-slot">#dom-credential-origin-slot</a></b><b>Referenced in:</b>
    <ul>
     <li><a href="#ref-for-dom-credential-origin-slot">3.3.1. 
-    PasswordCredential's [[CollectFromCredentialStore]](options, sameOriginWithAncestors) </a>
+    PasswordCredential's [[CollectFromCredentialStore]](origin, options, sameOriginWithAncestors) </a>
     <li><a href="#ref-for-dom-credential-origin-slot①">3.3.3. 
     PasswordCredential's [[Store]](credential, sameOriginWithAncestors) </a> <a href="#ref-for-dom-credential-origin-slot②">(2)</a> <a href="#ref-for-dom-credential-origin-slot③">(3)</a> <a href="#ref-for-dom-credential-origin-slot④">(4)</a>
     <li><a href="#ref-for-dom-credential-origin-slot⑤">3.3.5. 
     Create a PasswordCredential from PasswordCredentialData </a>
     <li><a href="#ref-for-dom-credential-origin-slot⑥">4.2.1. 
-    FederatedCredential's [[CollectFromCredentialStore]](options, sameOriginWithAncestors) </a>
+    FederatedCredential's [[CollectFromCredentialStore]](origin, options, sameOriginWithAncestors) </a>
     <li><a href="#ref-for-dom-credential-origin-slot⑦">4.2.3. 
     FederatedCredential's [[Store]](credential, sameOriginWithAncestors) </a> <a href="#ref-for-dom-credential-origin-slot⑧">(2)</a> <a href="#ref-for-dom-credential-origin-slot⑨">(3)</a> <a href="#ref-for-dom-credential-origin-slot①⓪">(4)</a>
     <li><a href="#ref-for-dom-credential-origin-slot①①">4.2.4. 
@@ -4672,35 +4781,39 @@ <h2 class="no-num no-ref heading settled" id="issues-index"><span class="content
   <aside class="dfn-panel" data-for="dom-credential-collectfromcredentialstore-slot">
    <b><a href="#dom-credential-collectfromcredentialstore-slot">#dom-credential-collectfromcredentialstore-slot</a></b><b>Referenced in:</b>
    <ul>
-    <li><a href="#ref-for-dom-credential-collectfromcredentialstore-slot">2.5.2. Collect Credentials from the credential store</a>
-    <li><a href="#ref-for-dom-credential-collectfromcredentialstore-slot①">6.4. Origin Confusion</a>
-    <li><a href="#ref-for-dom-credential-collectfromcredentialstore-slot②">7.2. Extension Points</a> <a href="#ref-for-dom-credential-collectfromcredentialstore-slot③">(2)</a>
+    <li><a href="#ref-for-dom-credential-collectfromcredentialstore-slot">2.2.1.1. [[CollectFromCredentialStore]] internal method</a>
+    <li><a href="#ref-for-dom-credential-collectfromcredentialstore-slot①">2.5.2. Collect Credentials from the credential store</a>
+    <li><a href="#ref-for-dom-credential-collectfromcredentialstore-slot②">6.4. Origin Confusion</a>
+    <li><a href="#ref-for-dom-credential-collectfromcredentialstore-slot③">7.2. Extension Points</a> <a href="#ref-for-dom-credential-collectfromcredentialstore-slot④">(2)</a>
    </ul>
   </aside>
   <aside class="dfn-panel" data-for="dom-credential-discoverfromexternalsource-slot">
    <b><a href="#dom-credential-discoverfromexternalsource-slot">#dom-credential-discoverfromexternalsource-slot</a></b><b>Referenced in:</b>
    <ul>
-    <li><a href="#ref-for-dom-credential-discoverfromexternalsource-slot">2.5.1. Request a Credential</a>
-    <li><a href="#ref-for-dom-credential-discoverfromexternalsource-slot①">3.2. The PasswordCredential Interface</a>
-    <li><a href="#ref-for-dom-credential-discoverfromexternalsource-slot②">4.1. The FederatedCredential Interface</a>
-    <li><a href="#ref-for-dom-credential-discoverfromexternalsource-slot③">6.4. Origin Confusion</a>
-    <li><a href="#ref-for-dom-credential-discoverfromexternalsource-slot④">7.2. Extension Points</a> <a href="#ref-for-dom-credential-discoverfromexternalsource-slot⑤">(2)</a>
+    <li><a href="#ref-for-dom-credential-discoverfromexternalsource-slot">2.2.1.2. [[DiscoverFromExternalSource]] internal method</a>
+    <li><a href="#ref-for-dom-credential-discoverfromexternalsource-slot①">2.5.1. Request a Credential</a>
+    <li><a href="#ref-for-dom-credential-discoverfromexternalsource-slot②">3.2. The PasswordCredential Interface</a>
+    <li><a href="#ref-for-dom-credential-discoverfromexternalsource-slot③">4.1. The FederatedCredential Interface</a>
+    <li><a href="#ref-for-dom-credential-discoverfromexternalsource-slot④">6.4. Origin Confusion</a>
+    <li><a href="#ref-for-dom-credential-discoverfromexternalsource-slot⑤">7.2. Extension Points</a> <a href="#ref-for-dom-credential-discoverfromexternalsource-slot⑥">(2)</a>
    </ul>
   </aside>
   <aside class="dfn-panel" data-for="dom-credential-store-slot">
    <b><a href="#dom-credential-store-slot">#dom-credential-store-slot</a></b><b>Referenced in:</b>
    <ul>
-    <li><a href="#ref-for-dom-credential-store-slot">2.5.3. Store a Credential</a>
-    <li><a href="#ref-for-dom-credential-store-slot①">6.4. Origin Confusion</a>
-    <li><a href="#ref-for-dom-credential-store-slot②">7.2. Extension Points</a>
+    <li><a href="#ref-for-dom-credential-store-slot">2.2.1.3. [[Store]] internal method</a>
+    <li><a href="#ref-for-dom-credential-store-slot①">2.5.3. Store a Credential</a>
+    <li><a href="#ref-for-dom-credential-store-slot②">6.4. Origin Confusion</a>
+    <li><a href="#ref-for-dom-credential-store-slot③">7.2. Extension Points</a>
    </ul>
   </aside>
   <aside class="dfn-panel" data-for="dom-credential-create-slot">
    <b><a href="#dom-credential-create-slot">#dom-credential-create-slot</a></b><b>Referenced in:</b>
    <ul>
-    <li><a href="#ref-for-dom-credential-create-slot">2.5.4. Create a Credential</a>
-    <li><a href="#ref-for-dom-credential-create-slot①">6.4. Origin Confusion</a>
-    <li><a href="#ref-for-dom-credential-create-slot②">7.2. Extension Points</a>
+    <li><a href="#ref-for-dom-credential-create-slot">2.2.1.4. [[Create]] internal method</a>
+    <li><a href="#ref-for-dom-credential-create-slot①">2.5.4. Create a Credential</a>
+    <li><a href="#ref-for-dom-credential-create-slot②">6.4. Origin Confusion</a>
+    <li><a href="#ref-for-dom-credential-create-slot③">7.2. Extension Points</a>
    </ul>
   </aside>
   <aside class="dfn-panel" data-for="credentialuserdata">
@@ -4845,19 +4958,20 @@ <h2 class="no-num no-ref heading settled" id="issues-index"><span class="content
   <aside class="dfn-panel" data-for="dictdef-credentialrequestoptions">
    <b><a href="#dictdef-credentialrequestoptions">#dictdef-credentialrequestoptions</a></b><b>Referenced in:</b>
    <ul>
-    <li><a href="#ref-for-dictdef-credentialrequestoptions">2.2.1. Credential Internal Methods</a> <a href="#ref-for-dictdef-credentialrequestoptions①">(2)</a>
+    <li><a href="#ref-for-dictdef-credentialrequestoptions">2.2.1.1. [[CollectFromCredentialStore]] internal method</a>
+    <li><a href="#ref-for-dictdef-credentialrequestoptions①">2.2.1.2. [[DiscoverFromExternalSource]] internal method</a>
     <li><a href="#ref-for-dictdef-credentialrequestoptions②">2.3. navigator.credentials</a>
     <li><a href="#ref-for-dictdef-credentialrequestoptions③">2.3.1. The CredentialRequestOptions Dictionary</a> <a href="#ref-for-dictdef-credentialrequestoptions④">(2)</a> <a href="#ref-for-dictdef-credentialrequestoptions⑤">(3)</a> <a href="#ref-for-dictdef-credentialrequestoptions⑥">(4)</a> <a href="#ref-for-dictdef-credentialrequestoptions⑦">(5)</a>
     <li><a href="#ref-for-dictdef-credentialrequestoptions⑧">2.5.1. Request a Credential</a>
     <li><a href="#ref-for-dictdef-credentialrequestoptions⑨">2.5.2. Collect Credentials from the credential store</a>
     <li><a href="#ref-for-dictdef-credentialrequestoptions①⓪">3.2. The PasswordCredential Interface</a>
     <li><a href="#ref-for-dictdef-credentialrequestoptions①①">3.3.1. 
-    PasswordCredential's [[CollectFromCredentialStore]](options, sameOriginWithAncestors) </a>
+    PasswordCredential's [[CollectFromCredentialStore]](origin, options, sameOriginWithAncestors) </a>
     <li><a href="#ref-for-dictdef-credentialrequestoptions①②">3.3.6. 
     CredentialRequestOptions Matching for PasswordCredential </a>
     <li><a href="#ref-for-dictdef-credentialrequestoptions①③">4.1. The FederatedCredential Interface</a>
     <li><a href="#ref-for-dictdef-credentialrequestoptions①④">4.2.1. 
-    FederatedCredential's [[CollectFromCredentialStore]](options, sameOriginWithAncestors) </a>
+    FederatedCredential's [[CollectFromCredentialStore]](origin, options, sameOriginWithAncestors) </a>
     <li><a href="#ref-for-dictdef-credentialrequestoptions①⑤">5.3. Credential Selection</a>
     <li><a href="#ref-for-dictdef-credentialrequestoptions①⑥">7.2. Extension Points</a>
    </ul>
@@ -4930,16 +5044,16 @@ <h2 class="no-num no-ref heading settled" id="issues-index"><span class="content
   <aside class="dfn-panel" data-for="dictdef-credentialcreationoptions">
    <b><a href="#dictdef-credentialcreationoptions">#dictdef-credentialcreationoptions</a></b><b>Referenced in:</b>
    <ul>
-    <li><a href="#ref-for-dictdef-credentialcreationoptions">2.2.1. Credential Internal Methods</a>
+    <li><a href="#ref-for-dictdef-credentialcreationoptions">2.2.1.4. [[Create]] internal method</a>
     <li><a href="#ref-for-dictdef-credentialcreationoptions①">2.3. navigator.credentials</a>
     <li><a href="#ref-for-dictdef-credentialcreationoptions②">2.4. The CredentialCreationOptions Dictionary</a> <a href="#ref-for-dictdef-credentialcreationoptions③">(2)</a>
     <li><a href="#ref-for-dictdef-credentialcreationoptions④">2.5.4. Create a Credential</a>
     <li><a href="#ref-for-dictdef-credentialcreationoptions⑤">3.2. The PasswordCredential Interface</a>
     <li><a href="#ref-for-dictdef-credentialcreationoptions⑥">3.3.2. 
-    PasswordCredential's [[Create]](options, sameOriginWithAncestors) </a> <a href="#ref-for-dictdef-credentialcreationoptions⑦">(2)</a>
+    PasswordCredential's [[Create]](origin, options, sameOriginWithAncestors) </a> <a href="#ref-for-dictdef-credentialcreationoptions⑦">(2)</a>
     <li><a href="#ref-for-dictdef-credentialcreationoptions⑧">4.1. The FederatedCredential Interface</a>
     <li><a href="#ref-for-dictdef-credentialcreationoptions⑨">4.2.2. 
-    FederatedCredential's [[Create]](options, sameOriginWithAncestors) </a>
+    FederatedCredential's [[Create]](origin, options, sameOriginWithAncestors) </a>
     <li><a href="#ref-for-dictdef-credentialcreationoptions①⓪">7.2. Extension Points</a>
    </ul>
   </aside>
@@ -4989,9 +5103,9 @@ <h2 class="no-num no-ref heading settled" id="issues-index"><span class="content
     <li><a href="#ref-for-passwordcredential④">3.1.3. Change Password</a> <a href="#ref-for-passwordcredential⑤">(2)</a>
     <li><a href="#ref-for-passwordcredential⑥">3.2. The PasswordCredential Interface</a> <a href="#ref-for-passwordcredential⑦">(2)</a> <a href="#ref-for-passwordcredential⑧">(3)</a> <a href="#ref-for-passwordcredential⑨">(4)</a> <a href="#ref-for-passwordcredential①⓪">(5)</a> <a href="#ref-for-passwordcredential①①">(6)</a>
     <li><a href="#ref-for-passwordcredential①②">3.3.1. 
-    PasswordCredential's [[CollectFromCredentialStore]](options, sameOriginWithAncestors) </a>
+    PasswordCredential's [[CollectFromCredentialStore]](origin, options, sameOriginWithAncestors) </a>
     <li><a href="#ref-for-passwordcredential①③">3.3.2. 
-    PasswordCredential's [[Create]](options, sameOriginWithAncestors) </a> <a href="#ref-for-passwordcredential①④">(2)</a>
+    PasswordCredential's [[Create]](origin, options, sameOriginWithAncestors) </a> <a href="#ref-for-passwordcredential①④">(2)</a>
     <li><a href="#ref-for-passwordcredential①⑤">3.3.3. 
     PasswordCredential's [[Store]](credential, sameOriginWithAncestors) </a> <a href="#ref-for-passwordcredential①⑥">(2)</a> <a href="#ref-for-passwordcredential①⑦">(3)</a>
     <li><a href="#ref-for-passwordcredential①⑧">3.3.4. 
@@ -5008,7 +5122,7 @@ <h2 class="no-num no-ref heading settled" id="issues-index"><span class="content
    <ul>
     <li><a href="#ref-for-dom-credentialrequestoptions-password">3.1.1. Password-based Sign-in</a> <a href="#ref-for-dom-credentialrequestoptions-password①">(2)</a>
     <li><a href="#ref-for-dom-credentialrequestoptions-password②">3.3.1. 
-    PasswordCredential's [[CollectFromCredentialStore]](options, sameOriginWithAncestors) </a> <a href="#ref-for-dom-credentialrequestoptions-password③">(2)</a>
+    PasswordCredential's [[CollectFromCredentialStore]](origin, options, sameOriginWithAncestors) </a> <a href="#ref-for-dom-credentialrequestoptions-password③">(2)</a>
     <li><a href="#ref-for-dom-credentialrequestoptions-password④">3.3.6. 
     CredentialRequestOptions Matching for PasswordCredential </a>
    </ul>
@@ -5048,7 +5162,7 @@ <h2 class="no-num no-ref heading settled" id="issues-index"><span class="content
    <ul>
     <li><a href="#ref-for-dictdef-passwordcredentialdata">3.2. The PasswordCredential Interface</a> <a href="#ref-for-dictdef-passwordcredentialdata①">(2)</a> <a href="#ref-for-dictdef-passwordcredentialdata②">(3)</a> <a href="#ref-for-dictdef-passwordcredentialdata③">(4)</a>
     <li><a href="#ref-for-dictdef-passwordcredentialdata④">3.3.2. 
-    PasswordCredential's [[Create]](options, sameOriginWithAncestors) </a> <a href="#ref-for-dictdef-passwordcredentialdata⑤">(2)</a>
+    PasswordCredential's [[Create]](origin, options, sameOriginWithAncestors) </a> <a href="#ref-for-dictdef-passwordcredentialdata⑤">(2)</a>
     <li><a href="#ref-for-dictdef-passwordcredentialdata⑥">3.3.4. 
     Create a PasswordCredential from an HTMLFormElement </a>
     <li><a href="#ref-for-dictdef-passwordcredentialdata⑦">3.3.5. 
@@ -5069,6 +5183,15 @@ <h2 class="no-num no-ref heading settled" id="issues-index"><span class="content
     Create a PasswordCredential from PasswordCredentialData </a>
    </ul>
   </aside>
+  <aside class="dfn-panel" data-for="dom-passwordcredentialdata-origin">
+   <b><a href="#dom-passwordcredentialdata-origin">#dom-passwordcredentialdata-origin</a></b><b>Referenced in:</b>
+   <ul>
+    <li><a href="#ref-for-dom-passwordcredentialdata-origin">3.3.4. 
+    Create a PasswordCredential from an HTMLFormElement </a>
+    <li><a href="#ref-for-dom-passwordcredentialdata-origin①">3.3.5. 
+    Create a PasswordCredential from PasswordCredentialData </a> <a href="#ref-for-dom-passwordcredentialdata-origin②">(2)</a>
+   </ul>
+  </aside>
   <aside class="dfn-panel" data-for="dom-passwordcredentialdata-password">
    <b><a href="#dom-passwordcredentialdata-password">#dom-passwordcredentialdata-password</a></b><b>Referenced in:</b>
    <ul>
@@ -5088,7 +5211,7 @@ <h2 class="no-num no-ref heading settled" id="issues-index"><span class="content
    <b><a href="#dom-credentialcreationoptions-password">#dom-credentialcreationoptions-password</a></b><b>Referenced in:</b>
    <ul>
     <li><a href="#ref-for-dom-credentialcreationoptions-password">3.3.2. 
-    PasswordCredential's [[Create]](options, sameOriginWithAncestors) </a> <a href="#ref-for-dom-credentialcreationoptions-password①">(2)</a> <a href="#ref-for-dom-credentialcreationoptions-password②">(3)</a> <a href="#ref-for-dom-credentialcreationoptions-password③">(4)</a> <a href="#ref-for-dom-credentialcreationoptions-password④">(5)</a>
+    PasswordCredential's [[Create]](origin, options, sameOriginWithAncestors) </a> <a href="#ref-for-dom-credentialcreationoptions-password①">(2)</a> <a href="#ref-for-dom-credentialcreationoptions-password②">(3)</a> <a href="#ref-for-dom-credentialcreationoptions-password③">(4)</a> <a href="#ref-for-dom-credentialcreationoptions-password④">(5)</a>
    </ul>
   </aside>
   <aside class="dfn-panel" data-for="dom-passwordcredential-collectfromcredentialstore-slot">
@@ -5115,7 +5238,7 @@ <h2 class="no-num no-ref heading settled" id="issues-index"><span class="content
    <ul>
     <li><a href="#ref-for-abstract-opdef-create-a-passwordcredential-from-an-htmlformelement">3.2. The PasswordCredential Interface</a>
     <li><a href="#ref-for-abstract-opdef-create-a-passwordcredential-from-an-htmlformelement①">3.3.2. 
-    PasswordCredential's [[Create]](options, sameOriginWithAncestors) </a>
+    PasswordCredential's [[Create]](origin, options, sameOriginWithAncestors) </a>
    </ul>
   </aside>
   <aside class="dfn-panel" data-for="abstract-opdef-create-a-passwordcredential-from-passwordcredentialdata">
@@ -5123,7 +5246,7 @@ <h2 class="no-num no-ref heading settled" id="issues-index"><span class="content
    <ul>
     <li><a href="#ref-for-abstract-opdef-create-a-passwordcredential-from-passwordcredentialdata">3.2. The PasswordCredential Interface</a>
     <li><a href="#ref-for-abstract-opdef-create-a-passwordcredential-from-passwordcredentialdata①">3.3.2. 
-    PasswordCredential's [[Create]](options, sameOriginWithAncestors) </a>
+    PasswordCredential's [[Create]](origin, options, sameOriginWithAncestors) </a>
     <li><a href="#ref-for-abstract-opdef-create-a-passwordcredential-from-passwordcredentialdata②">3.3.4. 
     Create a PasswordCredential from an HTMLFormElement </a>
    </ul>
@@ -5135,9 +5258,9 @@ <h2 class="no-num no-ref heading settled" id="issues-index"><span class="content
     <li><a href="#ref-for-federatedcredential①">4.1. The FederatedCredential Interface</a> <a href="#ref-for-federatedcredential②">(2)</a> <a href="#ref-for-federatedcredential③">(3)</a> <a href="#ref-for-federatedcredential④">(4)</a> <a href="#ref-for-federatedcredential⑤">(5)</a> <a href="#ref-for-federatedcredential⑥">(6)</a>
     <li><a href="#ref-for-federatedcredential⑦">4.1.1. Identifying Providers</a>
     <li><a href="#ref-for-federatedcredential⑧">4.2.1. 
-    FederatedCredential's [[CollectFromCredentialStore]](options, sameOriginWithAncestors) </a>
+    FederatedCredential's [[CollectFromCredentialStore]](origin, options, sameOriginWithAncestors) </a>
     <li><a href="#ref-for-federatedcredential⑨">4.2.2. 
-    FederatedCredential's [[Create]](options, sameOriginWithAncestors) </a>
+    FederatedCredential's [[Create]](origin, options, sameOriginWithAncestors) </a>
     <li><a href="#ref-for-federatedcredential①⓪">4.2.3. 
     FederatedCredential's [[Store]](credential, sameOriginWithAncestors) </a> <a href="#ref-for-federatedcredential①①">(2)</a> <a href="#ref-for-federatedcredential①②">(3)</a>
     <li><a href="#ref-for-federatedcredential①③">4.2.4. 
@@ -5157,21 +5280,21 @@ <h2 class="no-num no-ref heading settled" id="issues-index"><span class="content
    <ul>
     <li><a href="#ref-for-dom-federatedcredentialrequestoptions-providers">4.1.1. Identifying Providers</a>
     <li><a href="#ref-for-dom-federatedcredentialrequestoptions-providers①">4.2.1. 
-    FederatedCredential's [[CollectFromCredentialStore]](options, sameOriginWithAncestors) </a>
+    FederatedCredential's [[CollectFromCredentialStore]](origin, options, sameOriginWithAncestors) </a>
    </ul>
   </aside>
   <aside class="dfn-panel" data-for="dom-federatedcredentialrequestoptions-protocols">
    <b><a href="#dom-federatedcredentialrequestoptions-protocols">#dom-federatedcredentialrequestoptions-protocols</a></b><b>Referenced in:</b>
    <ul>
     <li><a href="#ref-for-dom-federatedcredentialrequestoptions-protocols">4.2.1. 
-    FederatedCredential's [[CollectFromCredentialStore]](options, sameOriginWithAncestors) </a>
+    FederatedCredential's [[CollectFromCredentialStore]](origin, options, sameOriginWithAncestors) </a>
    </ul>
   </aside>
   <aside class="dfn-panel" data-for="dom-credentialrequestoptions-federated">
    <b><a href="#dom-credentialrequestoptions-federated">#dom-credentialrequestoptions-federated</a></b><b>Referenced in:</b>
    <ul>
     <li><a href="#ref-for-dom-credentialrequestoptions-federated">4.2.1. 
-    FederatedCredential's [[CollectFromCredentialStore]](options, sameOriginWithAncestors) </a> <a href="#ref-for-dom-credentialrequestoptions-federated①">(2)</a> <a href="#ref-for-dom-credentialrequestoptions-federated②">(3)</a> <a href="#ref-for-dom-credentialrequestoptions-federated③">(4)</a>
+    FederatedCredential's [[CollectFromCredentialStore]](origin, options, sameOriginWithAncestors) </a> <a href="#ref-for-dom-credentialrequestoptions-federated①">(2)</a> <a href="#ref-for-dom-credentialrequestoptions-federated②">(3)</a> <a href="#ref-for-dom-credentialrequestoptions-federated③">(4)</a>
    </ul>
   </aside>
   <aside class="dfn-panel" data-for="dom-federatedcredential-provider">
@@ -5180,7 +5303,7 @@ <h2 class="no-num no-ref heading settled" id="issues-index"><span class="content
     <li><a href="#ref-for-dom-federatedcredential-provider">4.1. The FederatedCredential Interface</a> <a href="#ref-for-dom-federatedcredential-provider①">(2)</a>
     <li><a href="#ref-for-dom-federatedcredential-provider②">4.1.1. Identifying Providers</a>
     <li><a href="#ref-for-dom-federatedcredential-provider③">4.2.1. 
-    FederatedCredential's [[CollectFromCredentialStore]](options, sameOriginWithAncestors) </a>
+    FederatedCredential's [[CollectFromCredentialStore]](origin, options, sameOriginWithAncestors) </a>
     <li><a href="#ref-for-dom-federatedcredential-provider④">4.2.3. 
     FederatedCredential's [[Store]](credential, sameOriginWithAncestors) </a> <a href="#ref-for-dom-federatedcredential-provider⑤">(2)</a> <a href="#ref-for-dom-federatedcredential-provider⑥">(3)</a> <a href="#ref-for-dom-federatedcredential-provider⑦">(4)</a>
     <li><a href="#ref-for-dom-federatedcredential-provider⑧">4.2.4. 
@@ -5192,7 +5315,7 @@ <h2 class="no-num no-ref heading settled" id="issues-index"><span class="content
    <ul>
     <li><a href="#ref-for-dom-federatedcredential-protocol">4.1. The FederatedCredential Interface</a>
     <li><a href="#ref-for-dom-federatedcredential-protocol①">4.2.1. 
-    FederatedCredential's [[CollectFromCredentialStore]](options, sameOriginWithAncestors) </a>
+    FederatedCredential's [[CollectFromCredentialStore]](origin, options, sameOriginWithAncestors) </a>
     <li><a href="#ref-for-dom-federatedcredential-protocol②">4.2.3. 
     FederatedCredential's [[Store]](credential, sameOriginWithAncestors) </a> <a href="#ref-for-dom-federatedcredential-protocol③">(2)</a>
    </ul>
@@ -5211,6 +5334,15 @@ <h2 class="no-num no-ref heading settled" id="issues-index"><span class="content
     Create a FederatedCredential from FederatedCredentialInit </a>
    </ul>
   </aside>
+  <aside class="dfn-panel" data-for="dom-federatedcredentialinit-origin">
+   <b><a href="#dom-federatedcredentialinit-origin">#dom-federatedcredentialinit-origin</a></b><b>Referenced in:</b>
+   <ul>
+    <li><a href="#ref-for-dom-federatedcredentialinit-origin">4.2.2. 
+    FederatedCredential's [[Create]](origin, options, sameOriginWithAncestors) </a>
+    <li><a href="#ref-for-dom-federatedcredentialinit-origin①">4.2.4. 
+    Create a FederatedCredential from FederatedCredentialInit </a>
+   </ul>
+  </aside>
   <aside class="dfn-panel" data-for="dom-federatedcredentialinit-provider">
    <b><a href="#dom-federatedcredentialinit-provider">#dom-federatedcredentialinit-provider</a></b><b>Referenced in:</b>
    <ul>
@@ -5222,7 +5354,7 @@ <h2 class="no-num no-ref heading settled" id="issues-index"><span class="content
    <b><a href="#dom-credentialcreationoptions-federated">#dom-credentialcreationoptions-federated</a></b><b>Referenced in:</b>
    <ul>
     <li><a href="#ref-for-dom-credentialcreationoptions-federated">4.2.2. 
-    FederatedCredential's [[Create]](options, sameOriginWithAncestors) </a> <a href="#ref-for-dom-credentialcreationoptions-federated①">(2)</a>
+    FederatedCredential's [[Create]](origin, options, sameOriginWithAncestors) </a> <a href="#ref-for-dom-credentialcreationoptions-federated①">(2)</a> <a href="#ref-for-dom-credentialcreationoptions-federated②">(3)</a>
    </ul>
   </aside>
   <aside class="dfn-panel" data-for="dom-federatedcredential-collectfromcredentialstore-slot">
@@ -5248,7 +5380,7 @@ <h2 class="no-num no-ref heading settled" id="issues-index"><span class="content
    <ul>
     <li><a href="#ref-for-abstract-opdef-create-a-federatedcredential-from-federatedcredentialinit">4.1. The FederatedCredential Interface</a>
     <li><a href="#ref-for-abstract-opdef-create-a-federatedcredential-from-federatedcredentialinit①">4.2.2. 
-    FederatedCredential's [[Create]](options, sameOriginWithAncestors) </a>
+    FederatedCredential's [[Create]](origin, options, sameOriginWithAncestors) </a>
    </ul>
   </aside>
   <aside class="dfn-panel" data-for="user-mediated">
diff --git a/index.src.html b/index.src.html
index 05bad7d..1481a34 100644
--- a/index.src.html
+++ b/index.src.html
@@ -18,10 +18,12 @@ <h1>Credential Management Level 1</h1>
 !Participate: <a href="https://github.com/w3c/webappsec-credential-management/issues/new">File an issue</a> (<a href="https://github.com/w3c/webappsec-credential-management/issues">open issues</a>)
 Markup Shorthands: css off, markdown on
 </pre>
+
 <pre class="anchors">
 spec: ECMA262; urlPrefix: https://tc39.github.io/ecma262/
   type: dfn
     text: JavaScript realm; url: sec-code-realms
+    text: internal method; url: sec-ordinary-object-internal-methods-and-internal-slots
 spec: HTML; urlPrefix: https://html.spec.whatwg.org/multipage/
   urlPrefix: forms.html
     type: element-attr
@@ -51,12 +53,17 @@ <h1>Credential Management Level 1</h1>
     text: public suffix; url: #
 spec: FETCH; urlPrefix: https://fetch.spec.whatwg.org/
   type: dfn
-    text: http-network-or-cache fetch; url: http-network-or-cache-fetch 
+    text: http-network-or-cache fetch; url: http-network-or-cache-fetch
 </pre>
+
 <pre class="link-defaults">
 spec:html; type:dfn; for:/; text:origin
+spec:html; type:dfn; for:environment settings object; text:global object
 spec:fetch; type:dfn; for:/; text:request
 spec:fetch; type:dictionary; for:/; text:RequestInit
+spec:infra; type:dfn; for:/; text:set
+spec:infra; type:dfn; for:struct; text:item
+spec:webidl; type:idl; for:/; text:Function
 spec:webidl; type:interface; text:Promise
 spec:promises-guide-1; type:dfn; text:resolve
 
@@ -66,6 +73,9 @@ <h1>Credential Management Level 1</h1>
 spec:html; type:dfn; text:autofill detail tokens
 spec:url; type:dfn; text:urlencoded byte serializer
 </pre>
+<pre class='ignored-specs'>
+spec:css-syntax-3;
+</pre>
 <pre class="biblio">
 {
   "WEB-LOGIN": {
@@ -268,11 +278,11 @@ <h1>Credential Management Level 1</h1>
 
     :   <dfn attribute>type</dfn>
     ::  This attribute's getter returns the value of the object's [=interface object=]'s
-        {{[[type]]}} slot, which specifies the kind of credential represented by this object.
+        {{[[type]]}} slot, which specifies the [=credential type=] represented by this object.
 
     :   <dfn attribute>\[[type]]</dfn>
     ::  The {{Credential}} [=interface object=] has an internal slot named `[[type]]`, which
-        unsurprisingly contains a string representing the type of the credential. The slot's value
+        unsurprisingly contains a string representing the <dfn>credential type</dfn>. The slot's value
         is the empty string unless otherwise specified.
 
         Note: The {{[[type]]}} slot's value will be the same for all credentials implementing a
@@ -300,64 +310,86 @@ <h1>Credential Management Level 1</h1>
   for which the {{Credential}} may be [=effective=].
 
   ### `Credential` Internal Methods ### {#credential-internal-methods}
-
-  Each [=interface object=] created for interfaces which [=interface/inherit=] from {{Credential}}
-  defines several internal methods that allow retrieval and storage of {{Credential}} objects:
-
-  <section algorithm="'collect credentials' internal method">
-    <dfn for="Credential" method export>\[[CollectFromCredentialStore]](options, sameOriginWithAncestors)</dfn>
-    is called with a {{CredentialRequestOptions}} and a boolean which is true iff the caller's
-    [=environment settings object=] is [=same-origin with its ancestors=]. The algorithm returns a
-    set of {{Credential}} objects from the user agent's [=credential store=] that match the options
-    provided. If no matching {{Credential}} objects are available, the returned set will be empty.
+  
+  The {{Credential}} [=interface object=] features several [=internal methods=] facilitating 
+  retrieval and storage of {{Credential}} objects, with default "no-op" implementations
+  as specified in this section, below.
+
+  Unless otherwise specified, each [=interface object=] created for interfaces which [=interface/inherit=] 
+  from {{Credential}} MUST provide implementations for at least one of these internal methods, overriding
+  {{Credential}}'s default implementations, as appropriate for the [=credential=] type. E.g.,
+  [[#passwordcredential-interface]], [[#federatedcredential-interface]], and [[WEBAUTHN]].
+
+  <h5 id="algorithm-collect-creds" algorithm>`[[CollectFromCredentialStore]]` internal method</h5>
+    <dfn for="Credential" method export>\[[CollectFromCredentialStore]](origin, options, sameOriginWithAncestors)</dfn>
+    is called with an [=environment settings object/origin=], a {{CredentialRequestOptions}}, and a boolean which
+    is true iff the caller's [=environment settings object=] is [=same-origin with its ancestors=].
+    The algorithm returns a set of {{Credential}} objects from the user agent's [=credential store=] that
+    match the options provided. If no matching {{Credential}} objects are available, the
+    returned set will be empty.
+
+    {{Credential}}'s default implementation of
+    {{Credential/[[CollectFromCredentialStore]](origin, options, sameOriginWithAncestors)}}:
 
     <ol class="algorithm">
       1.  Return an empty set.
     </ol>
-  </section>
 
-  <section algorithm="'discover credentials' internal method">
-    <dfn for="Credential" method export>\[[DiscoverFromExternalSource]](options, sameOriginWithAncestors)</dfn>
-    is called with a {{CredentialRequestOptions}} object, and a boolean which is true iff the
-    caller's [=environment settings object=] is [=same-origin with its ancestors=]. It returns a
-    {{Credential}} if one can be returned given the options provided, `null` if no credential is
-    available, or an error if discovery fails (for example, incorrect options could produce a
-    {{TypeError}}). If this kind of {{Credential}} is only [=effective=] for a single use or a
-    limited time, this method is responsible for generating new [=credentials=] using a
-    [=credential source=].
+
+  <h5 id="algorithm-discover-creds" algorithm>`[[DiscoverFromExternalSource]]` internal method</h5>
+    <dfn for="Credential" method export>\[[DiscoverFromExternalSource]](origin, options, sameOriginWithAncestors)</dfn>
+    is called [=in parallel=] with an [=environment settings object/origin=], a {{CredentialRequestOptions}} object,
+    and a boolean which is true iff the caller's [=environment settings object=] is
+    [=same-origin with its ancestors=].
+    It returns a {{Credential}} if one can be
+    returned given the options provided, `null` if no credential is available, or an error if
+    discovery fails (for example, incorrect options could produce a {{TypeError}}). If this
+    kind of {{Credential}} is only [=effective=] for a single use or a limited time, this
+    method is responsible for generating new [=credentials=] using a [=credential source=].
+
+    {{Credential}}'s default implementation of
+    {{Credential/[[DiscoverFromExternalSource]](origin, options, sameOriginWithAncestors)}}:
 
     <ol class="algorithm">
       1.  Return `null`.
     </ol>
-  </section>
-  
-  <section algorithm="'store a credential' internal method">
-    <dfn for="Credential" method export>\[[Store]](credential, sameOriginWithAncestors)</dfn> is
-    called with a {{Credential}}, and a boolean which is true iff the caller's [=environment
-    settings object=] is [=same-origin with its ancestors=]. The algorithm returns once
-    {{Credential}} is persisted to the [=credential store=]:
+
+  <h5 id="algorithm-store-cred" algorithm>`[[Store]]` internal method</h5>
+    <dfn for="Credential" method export>\[[Store]](credential, sameOriginWithAncestors)</dfn>
+    is called [=in parallel=] with a {{Credential}}, and a boolean which is true iff the caller's
+    [=environment settings object=] is [=same-origin with its ancestors=].
+    The algorithm returns once {{Credential}} is persisted to the [=credential store=].
+
+    {{Credential}}'s default implementation of {{Credential/[[Store]](credential, sameOriginWithAncestors)}}:
 
     <ol class="algorithm">
       1.  Return `undefined`.
     </ol>
-  </section>
 
-  <section algorithm="'create a credential' internal method">
-    <dfn for="Credential" method export>\[[Create]](options, sameOriginWithAncestors)</dfn> is
-    called with a {{CredentialCreationOptions}}, and a boolean which is true iff the caller's
-    [=environment settings object=] is [=same-origin with its ancestors=]. The algorithm returns
-    either a {{Credential}}, if one can be created, `null` if no credential was created, or an
-    error if creation fails due to exceptional situations (for example, incorrect options could
-    produce a {{TypeError}}):
+  <h5 id="algorithm-create-cred" algorithm>`[[Create]]` internal method</h5>
+    <dfn for="Credential" method export>\[[Create]](origin, options, sameOriginWithAncestors)</dfn>
+    is called [=in parallel=] with an [=environment settings object/origin=], a {{CredentialCreationOptions}},
+    and a boolean which is true iff the caller's
+    [=environment settings object=] is [=same-origin with its ancestors=].
+    The algorithm either:
 
-    <ol class="algorithm">
+    * creates a {{Credential}}, or
+    * does not create a credential and returns `null`, or
+    * returns an error if creation fails due to exceptional situations
+        (for example, incorrect options could produce a {{TypeError}}).
+
+    When creating a {{Credential}}, it will return an algorithm that takes a [=global object=]
+        and returns an [=interface object=]
+        inheriting from {{Credential}}. This algorithm MUST be invoked from a [=task=].
+
+    Note: This algorithm's steps are defined on a per-[=credential type=] basis.
+
+    {{Credential}}'s default implementation of {{Credential/[[Create]](origin, options, sameOriginWithAncestors)}}:
+
+     <ol class="algorithm">
       1.  Return `null`.
     </ol>
-  </section>
 
-  Unless otherwise specified, the [=interface objects=] for [=interfaces=] which [=interface/inherit=] from
-  {{Credential}} will alias {{Credential}}'s implementation of these three internal methods. Since that
-  implementation isn't particularly useful, derived interfaces MUST override one or the other.
 
   ### `CredentialUserData` Mixin ### {#credentialuserdata-mixin}
 
@@ -426,7 +458,7 @@ <h1>Credential Management Level 1</h1>
 
     :   <dfn method lt="store(credential)|store()">store(credential)</dfn>
     ::  When {{CredentialsContainer/store()}} is called, the user agent MUST return the result of
-        executing <a abstract-op>Store a `Credential`</a> on 
+        executing <a abstract-op>Store a `Credential`</a> on
         {{CredentialsContainer/store(credential)/credential}}.
 
         <pre class="argumentdef" for="CredentialsContainer/store(credential)">
@@ -441,7 +473,7 @@ <h1>Credential Management Level 1</h1>
         <pre class="argumentdef" for="CredentialsContainer/create(options)">
           options: The options used to create a `Credential`.
         </pre>
-    
+
     :   <dfn method>preventSilentAccess()</dfn>
     ::  When {{CredentialsContainer/preventSilentAccess()}} is called, the user agent MUST return
         the result of executing <a abstract-op>Prevent Silent Access</a> on the <a>current settings
@@ -727,13 +759,15 @@ <h4 id="algorithm-request" algorithm>Request a `Credential`</h4>
 
     4.  Let |p| be [=a new promise=].
 
-    5.  Let |sameOriginWithAncestors| be `true` if |settings| is [=same-origin with its
+    5.  Let |origin| be the [=current settings object=]'s [=environment settings object/origin=].
+
+    6.  Let |sameOriginWithAncestors| be `true` if |settings| is [=same-origin with its
         ancestors=], and `false` otherwise.
-   
-    6.  Run the following steps [=in parallel=]: 
+
+    7.  Run the following steps [=in parallel=]:
 
         1.  Let |credentials| be the result of <a abstract-op lt="collect local">collecting
-            `Credential`s from the credential store</a>, given |options| and
+            `Credential`s from the credential store</a>, given |origin|, |options|, and
             |sameOriginWithAncestors|.
 
         2.  If |credentials| is an [=exception=], [=reject=] |p| with |credentials|.
@@ -743,8 +777,7 @@ <h4 id="algorithm-request" algorithm>Request a `Credential`</h4>
 
             1.  |credentials|' [=set/size=] is 1
 
-            2.  |settings|' [=environment settings object/origin=] does not
-                [=origin/requires user mediation|require user mediation=]
+            2.  |origin| does not [=origin/requires user mediation|require user mediation=]
 
             3.  |options| is <a>matchable <i lang="la">a priori</i></a>.
 
@@ -768,8 +801,8 @@ <h4 id="algorithm-request" algorithm>Request a `Credential`</h4>
         7.  Assert: |choice| is an [=interface object=].
 
         8.  Let |result| be the result of executing |choice|'s
-            {{[[DiscoverFromExternalSource]](options, sameOriginWithAncestors)}}, given |options|
-            and |sameOriginWithAncestors|.
+            {{[[DiscoverFromExternalSource]](origin, options, sameOriginWithAncestors)}},
+            given |origin|, |options|, and |sameOriginWithAncestors|.
 
         9.  If |result| is a {{Credential}} or `null`, resolve |p| with |result|.
 
@@ -780,7 +813,8 @@ <h4 id="algorithm-request" algorithm>Request a `Credential`</h4>
 
   <h4 id="algorithm-collect-known" algorithm>Collect `Credential`s from the credential store</h4>
 
-  Given a {{CredentialRequestOptions}} (|options|) and a boolean which is `true` iff the calling
+  Given an [=environment settings object/origin=] (|origin|),
+  a {{CredentialRequestOptions}} (|options|), and a boolean which is `true` iff the calling
   context is [=same-origin with its ancestors=] (|sameOriginWithAncestors|), the user agent may
   <dfn abstract-op local-lt="collect local">collect `Credential`s from the credential store</dfn>,
   returning a set of {{Credential}} objects stored by the user agent locally that match |options|'
@@ -792,15 +826,15 @@ <h4 id="algorithm-collect-known" algorithm>Collect `Credential`s from the creden
     2.  For each |interface| in |options|' <a>relevant credential interface objects</a>:
 
         1.  Let |r| be the result of executing |interface|'s
-            {{Credential/[[CollectFromCredentialStore]](options, sameOriginWithAncestors)}} internal
-            method on |options| and |sameOriginWithAncestors|.
+            {{Credential/[[CollectFromCredentialStore]](origin, options, sameOriginWithAncestors)}} internal method on
+            |origin|, |options|, and |sameOriginWithAncestors|.
 
         2.  If |r| is an [=exception=], return |r|.
 
         3.  Assert: |r| is a list of [=interface objects=].
 
         4.  For each |c| in |r|:
-       
+
             1.  <a for="set">Append</a> |c| to |possible matches|.
 
     3.  Return |possible matches|.
@@ -844,16 +878,18 @@ <h4 id="algorithm-create" algorithm>Create a `Credential`</h4>
   circumstances, the {{Promise}} may reject with an appropriate exception:
 
   <ol class="algorithm">
-    1.  Let |settings| be the <a>current settings object</a>
+    1.  Let |settings| be the <a>current settings object</a>.
 
     2.  Assert: |settings| is a [=secure context=].
 
-    3.  Let |sameOriginWithAncestors| be `true` if the [=current settings object=] is [=same-origin
+    3.  Let |global| be |settings|' [=environment settings object/global object=].
+
+    4.  Let |sameOriginWithAncestors| be `true` if the [=current settings object=] is [=same-origin
         with its ancestors=], and `false` otherwise.
 
-    4.  Let |interfaces| be the set of |options|' <a>relevant credential interface objects</a>.
+    5.  Let |interfaces| be the [=set=] of |options|' <a>relevant credential interface objects</a>.
 
-    5.  Return [=a promise rejected with=] `NotSupportedError` if any of the following statements
+    6.  Return [=a promise rejected with=] `NotSupportedError` if any of the following statements
         are true:
 
         1.  |settings| does not have a [=environment settings object/responsible document=].
@@ -865,22 +901,30 @@ <h4 id="algorithm-create" algorithm>Create a `Credential`</h4>
             types in order to support a "sign-up" use case. For the moment, though, we're punting
             on that by restricting the dictionary to a single entry.
 
-    6.  If <code>|options|.{{CredentialCreationOptions/signal}}</code>'s [=AbortSignal/aborted
+    7.  If <code>|options|.{{CredentialCreationOptions/signal}}</code>'s [=AbortSignal/aborted
         flag=] is set, then return [=a promise rejected with=] an "{{AbortError}}" {{DOMException}}.
 
-    7.  Let |p| be [=a new promise=].
+    8.  Let |p| be [=a new promise=].
 
-    8.  Run the following steps [=in parallel=]:
+    9.  Let |origin| be |settings|'s [=environment settings object/origin=].
 
-        1.  Let |r| be the result of executing |interfaces|[0]
-            {{Credential/[[Create]](options, sameOriginWithAncestors)}} internal method on |options|
-            and |sameOriginWithAncestors|.
+    10.  Run the following steps [=in parallel=]:
 
-        2.  If |r| is an [=exception=], [=reject=] |p| with |r|.
+        1.  Let |r| be the result of executing |interfaces|[0]'s
+            {{Credential/[[Create]](origin, options, sameOriginWithAncestors)}} internal method on
+            |origin|, |options|, and |sameOriginWithAncestors|.
 
-            Otherwise, [=resolve=] |p| with |r|.
+        2.  If |r| is an [=exception=], [=reject=] |p| with |r|, and terminate these substeps.
+
+        3.  If |r| is a {{Credential}} or `null`, [=resolve=] |p| with |r|, and terminate these substeps.
+
+        4.  Assert: |r| is a algorithm (as defined in [[#algorithm-create-cred]]).
+
+        5.  [=Queue a task=] on |global|'s [=DOM manipulation task source=] to run the following substeps:
 
-    9.  Return |p|.
+            1. [=Resolve=] |p| with the result of [=promise-calling=] |r| given |global|.
+
+    11.  Return |p|.
   </ol>
 
   <h4 id="algorithm-prevent-silent-access" algorithm>Prevent Silent Access</h4>
@@ -902,6 +946,8 @@ <h4 id="algorithm-prevent-silent-access" algorithm>Prevent Silent Access</h4>
 
     4.  Retun |p|.
   </ol>
+
+
 </section>
 
 <!--
@@ -1135,10 +1181,12 @@ <h4 id="algorithm-prevent-silent-access" algorithm>Prevent Silent Access</h4>
     :   <dfn constructor>PasswordCredential(form)</dfn>
     ::  This constructor accepts an {{HTMLFormElement}} (|form|), and runs the following steps:
 
-        1.  Let |r| be the result of executing <a abstract-op>Create a `PasswordCredential` from
-            an `HTMLFormElement`</a> on |form|.
+        1.  Let |origin| be the [=current settings object=]'s [=environment settings object/origin=].
 
-        2.  If |r| is an [=exception=], [=throw=] |r|.
+        2.  Let |r| be the result of executing <a abstract-op>Create a `PasswordCredential` from
+            an `HTMLFormElement`</a> given |form| and |origin|.
+
+        3.  If |r| is an [=exception=], [=throw=] |r|.
 
             Otherwise, return |r|.
 
@@ -1162,6 +1210,7 @@ <h4 id="algorithm-prevent-silent-access" algorithm>Prevent Silent Access</h4>
     dictionary PasswordCredentialData : CredentialData {
       USVString name;
       USVString iconURL;
+      required USVString origin;
       required USVString password;
     };
 
@@ -1175,23 +1224,24 @@ <h4 id="algorithm-prevent-silent-access" algorithm>Prevent Silent Access</h4>
   {{PasswordCredential}} objects are [=Credential/origin bound=].
 
   {{PasswordCredential}}'s [=interface object=] inherits {{Credential}}'s implementation of
-  {{Credential/[[DiscoverFromExternalSource]](options, sameOriginWithAncestors)}}, and defines its
-  own implementation of
-  {{PasswordCredential/[[CollectFromCredentialStore]](options, sameOriginWithAncestors)}},
-  {{PasswordCredential/[[Create]](options, sameOriginWithAncestors)}}, and
+  {{Credential/[[DiscoverFromExternalSource]](origin, options, sameOriginWithAncestors)}}, and defines
+  its own implementation of
+  {{PasswordCredential/[[CollectFromCredentialStore]](origin, options, sameOriginWithAncestors)}},
+  {{PasswordCredential/[[Create]](origin, options, sameOriginWithAncestors)}}, and
   {{PasswordCredential/[[Store]](credential, sameOriginWithAncestors)}}.
 
   ## Algorithms ## {#passwordcredential-algorithms}
 
   <h4 algorithm id="collectfromcredentialstore-passwordcredential">
-    `PasswordCredential`'s `[[CollectFromCredentialStore]](options, sameOriginWithAncestors)`
+    `PasswordCredential`'s `[[CollectFromCredentialStore]](origin, options, sameOriginWithAncestors)`
   </h4>
 
-  <dfn for="PasswordCredential" method>\[[CollectFromCredentialStore]](options, sameOriginWithAncestors)</dfn>
-  is called with a {{CredentialRequestOptions}} (|options|), and a boolean which is `true` iff the
-  calling context is [=same-origin with its ancestors=] (|sameOriginWithAncestors|). The algorithm
-  returns a set of {{Credential}} objects from the [=credential store=]. If no matching
-  {{Credential}} objects are available, or |sameOriginWithAncestors| is `false`, the returned set
+  <dfn for="PasswordCredential" method>\[[CollectFromCredentialStore]](origin, options, sameOriginWithAncestors)</dfn>
+  is called with an [=origin=] (|origin|), a {{CredentialRequestOptions}} (|options|),
+  and a boolean which is `true` iff the calling context is [=same-origin with its ancestors=]
+  (|sameOriginWithAncestors|).
+  The algorithm returns a set of {{Credential}} objects from
+  the [=credential store=]. If no matching {{Credential}} objects are available, the returned set
   will be empty.
 
   The algorithm will return a `NotAllowedError` if |sameOriginWithAncestors| is not `true`.
@@ -1209,20 +1259,20 @@ <h4 algorithm id="collectfromcredentialstore-passwordcredential">
         credentials from the [=credential store=] that match the following filter:
 
         1.  The credential is a {{PasswordCredential}}
-        2.  The credential's {{Credential/[[origin]]}} is the [=same origin=] as the
-            [=current settings object=]'s [=environment settings object/origin=].
+        2.  The credential's {{Credential/[[origin]]}} is the [=same origin=] as |origin|.
   </ol>
 
   <h4 algorithm id="create-passwordcredential">
-    `PasswordCredential`'s `[[Create]](options, sameOriginWithAncestors)`
+    `PasswordCredential`'s `[[Create]](origin, options, sameOriginWithAncestors)`
   </h4>
 
-  <dfn for="PasswordCredential" method>\[[Create]](options, sameOriginWithAncestors)</dfn> is called
-  with a {{CredentialCreationOptions}} (|options|), and a boolean which is `true` iff the calling
-  context is [=same-origin with its ancestors=] (|sameOriginWithAncestors|). The algorithm returns a
-  {{PasswordCredential}} if one can be created, and `null` otherwise. The
-  {{CredentialCreationOptions}} dictionary must have a `password` member which holds either an
-  {{HTMLFormElement}} or a {{PasswordCredentialData}}. If that member's value cannot be
+  <dfn for="PasswordCredential" method>\[[Create]](origin, options, sameOriginWithAncestors)</dfn>
+  is called with an [=origin=] (|origin|), a
+  {{CredentialCreationOptions}} (|options|), and a boolean which is `true` iff the calling
+  context is [=same-origin with its ancestors=] (|sameOriginWithAncestors|).
+  The algorithm returns a {{PasswordCredential}} if one can be created,
+  `null` otherwise. The {{CredentialCreationOptions}} dictionary must have a `password` member which
+  holds either an {{HTMLFormElement}} or a {{PasswordCredentialData}}. If that member's value cannot be
   used to create a {{PasswordCredential}}, this algorithm will return a {{TypeError}} [=exception=].
 
   <ol class="algorithm">
@@ -1231,11 +1281,11 @@ <h4 algorithm id="create-passwordcredential">
 
     2.  If |options|["{{CredentialCreationOptions/password}}"] is an {{HTMLFormElement}}, return the
         result of executing <a abstract-op>Create a `PasswordCredential` from an
-        `HTMLFormElement`</a> on |options|["{{CredentialCreationOptions/password}}"].
+        `HTMLFormElement`</a> given |options|["{{CredentialCreationOptions/password}}"] and |origin|.
 
     3.  If |options|["{{CredentialCreationOptions/password}}"] is a {{PasswordCredentialData}}, return
         the result of executing <a abstract-op>Create a `PasswordCredential` from
-        `PasswordCredentialData`</a> on |options|["{{CredentialCreationOptions/password}}"].
+        `PasswordCredentialData`</a> given |options|["{{CredentialCreationOptions/password}}"].
 
     4.  Return a {{TypeError}} [=exception=].
   </ol>
@@ -1300,7 +1350,7 @@ <h4 algorithm id="construct-passwordcredential-form">
   </h4>
 
   To <dfn abstract-op>Create a `PasswordCredential` from an `HTMLFormElement`</dfn>, given an
-  {{HTMLFormElement}} (|form|), run these steps.
+  {{HTMLFormElement}} (|form|) and an [=origin=] (|origin|), run these steps.
   
   Note: [[#examples-post-signin]] and [[#examples-change-password]] provide examples of the intended
   usage.
@@ -1308,14 +1358,16 @@ <h4 algorithm id="construct-passwordcredential-form">
   <ol class="algorithm">
     1.  Let |data| be a new {{PasswordCredentialData}} dictionary.
 
-    2.  Let |formData| be the result of executing the {{FormData}} constructor
+    2.  Set |data|'s {{PasswordCredentialData/origin}} member's value to |origin|'s value.
+
+    3.  Let |formData| be the result of executing the {{FormData}} constructor
         on |form|.
 
-    3.  Let |elements| be a list of all the [=submittable elements=] whose [=form owner=] is |form|, in [=tree order=].
+    4.  Let |elements| be a list of all the [=submittable elements=] whose [=form owner=] is |form|, in [=tree order=].
 
-    4.  Let |newPasswordObserved| be `false`.
+    5.  Let |newPasswordObserved| be `false`.
 
-    5.  For each |field| in |elements|, run the following steps:
+    6.  For each |field| in |elements|, run the following steps:
 
         1.  If |field| does not have an <{input/autocomplete}> attribute, then skip to the next
             |field|.
@@ -1364,14 +1416,14 @@ <h4 algorithm id="construct-passwordcredential-form">
                         result of executing |formData|'s {{FormData/get()}} method
                         on |name|.
 
-    6.  Let |c| be the result of executing <a abstract-op>Create a `PasswordCredential` from
+    7.  Let |c| be the result of executing <a abstract-op>Create a `PasswordCredential` from
         `PasswordCredentialData`</a> on |data|.
      
-    7.  If |c| is an [=exception=], return |c|.
+    8.  If |c| is an [=exception=], return |c|.
 
-    8.  Assert: |c| is a {{PasswordCredential}}.
+    9.  Assert: |c| is a {{PasswordCredential}}.
 
-    9.  Return |c|.
+    10.  Return |c|.
   </ol>
 
   <h4 algorithm id="construct-passwordcredential-data">
@@ -1387,6 +1439,7 @@ <h4 algorithm id="construct-passwordcredential-data">
     2.  If any of the following are the empty string, return a {{TypeError}} [=exception=]:
 
         *   |data|'s {{CredentialData/id}} member's value
+        *   |data|'s {{PasswordCredentialData/origin}} member's value
         *   |data|'s {{PasswordCredentialData/password}} member's value
 
     3.  Set |c|'s properties as follows:
@@ -1400,7 +1453,7 @@ <h4 algorithm id="construct-passwordcredential-data">
         :   {{CredentialUserData/name}}
         ::  |data|'s {{PasswordCredentialData/name}} member's value
         :   {{Credential/[[origin]]}}
-        ::  The [=environment settings object/origin=] of the [=current settings object=].
+        ::  |data|'s {{PasswordCredentialData/origin}} member's value.
 
     4.  Return |c|.
   </ol>
@@ -1489,6 +1542,7 @@ <h4 algorithm id="passwordcredential-matching">
     dictionary FederatedCredentialInit : CredentialData {
       USVString name;
       USVString iconURL;
+      required USVString origin;
       required USVString provider;
       DOMString protocol;
     };
@@ -1501,15 +1555,15 @@ <h4 algorithm id="passwordcredential-matching">
   {{FederatedCredential}} objects are [=Credential/origin bound=].
 
   {{FederatedCredential}}'s [=interface object=] inherits {{Credential}}'s implementation of
-  {{Credential/[[DiscoverFromExternalSource]](options, sameOriginWithAncestors)}}, and defines
-  its own implementation of
-  {{FederatedCredential/[[CollectFromCredentialStore]](options, sameOriginWithAncestors)}},
-  {{FederatedCredential/[[Create]](options, sameOriginWithAncestors)}}, and
+  {{Credential/[[DiscoverFromExternalSource]](origin, options, sameOriginWithAncestors)}},
+  and defines its own implementation of
+  {{FederatedCredential/[[CollectFromCredentialStore]](origin, options, sameOriginWithAncestors)}},
+  {{FederatedCredential/[[Create]](origin, options, sameOriginWithAncestors)}}, and
   {{FederatedCredential/[[Store]](credential, sameOriginWithAncestors)}}.
 
   Note: If, in the future, we teach the user agent to obtain authentication tokens on a user's
   behalf, we could do so by building an implementation of
-  `[[DiscoverFromExternalSource]](options, sameOriginWithAncestors)`.
+  `[[DiscoverFromExternalSource]](origin, options, sameOriginWithAncestors)`.
 
   ### Identifying Providers ### {#provider-identification}
 
@@ -1534,21 +1588,20 @@ <h4 algorithm id="passwordcredential-matching">
   ## Algorithms ## {#federatedcredential-algorithms}
 
   <h4 algorithm id="collectfromcredentialstore-federatedcredential">
-    `FederatedCredential`'s `[[CollectFromCredentialStore]](options, sameOriginWithAncestors)`
+    `FederatedCredential`'s `[[CollectFromCredentialStore]](origin, options, sameOriginWithAncestors)`
   </h4>
 
-  <dfn for="FederatedCredential" method>\[[CollectFromCredentialStore]](options, sameOriginWithAncestors)</dfn> is called
-  with a {{CredentialRequestOptions}} (|options|), and a boolean which is `true` iff the calling
-  context is [=same-origin with its ancestors=] (|sameOriginWithAncestors|). The algorithm returns
-  a set of {{Credential}} objects from the [=credential store=]. If no matching {{Credential}}
-  objects are available, the returned set will be empty.
-
-  The algorithm will return a `NotAllowedError` if |sameOriginWithAncestors| is not `true`.
+  <dfn for="FederatedCredential" method>\[[CollectFromCredentialStore]](origin, options, sameOriginWithAncestors)</dfn>
+  is called with an [=origin=] (|origin|), a {{CredentialRequestOptions}} (|options|),
+  and a boolean which is `true` iff the calling context is [=same-origin with its ancestors=] (|sameOriginWithAncestors|).
+  The algorithm returns a set of {{Credential}} objects from
+  the [=credential store=]. If no matching {{Credential}} objects are available, the returned set
+  will be empty.
 
   <ol class="algorithm">
     1.  Assert: |options|["{{CredentialRequestOptions/federated}}"] [=map/exists=].
 
-    2.  If |sameOriginWithAncestors is `false`, return a "{{NotAllowedError}}" {{DOMException}}.
+    2.  If <var ignore>sameOriginWithAncestors</var> is `false`, return a "{{NotAllowedError}}" {{DOMException}}.
 
         Note: This restriction aims to address the concern raised in [[#security-origin-confusion]].
 
@@ -1558,8 +1611,7 @@ <h4 algorithm id="collectfromcredentialstore-federatedcredential">
         credentials from the [=credential store=] that match the following filter:
 
         1.  The credential is a {{FederatedCredential}}
-        2.  The credential's {{Credential/[[origin]]}} is the [=same origin=] as the
-            [=current settings object=]'s [=environment settings object/origin=].
+        2.  The credential's {{Credential/[[origin]]}} is the [=same origin=] as |origin|.
         3.  If |options|["{{CredentialRequestOptions/federated}}"]["{{FederatedCredentialRequestOptions/providers}}"]
             [=map/exists=], its value [=list/contains=] the credentials's {{FederatedCredential/provider}}.
         4.  If |options|["{{CredentialRequestOptions/federated}}"]["{{FederatedCredentialRequestOptions/protocols}}"]
@@ -1567,21 +1619,25 @@ <h4 algorithm id="collectfromcredentialstore-federatedcredential">
   </ol>
 
   <h4 algorithm id="create-federatedcredential">
-    `FederatedCredential`'s `[[Create]](options, sameOriginWithAncestors)`
+    `FederatedCredential`'s `[[Create]](origin, options, sameOriginWithAncestors)`
   </h4>
 
-  <dfn for="FederatedCredential" method>\[[Create]](options, sameOriginWithAncestors)</dfn> is
-  called with a {{CredentialCreationOptions}} (|options|), and a boolean which is `true` iff the
-  calling context is [=same-origin with its ancestors=] (|sameOriginWithAncestors|). The algorithm
-  returns a {{FederatedCredential}} if one can be created, `null` otherwise, or an [=exception=] in
-  exceptional circumstances:
+  <dfn for="FederatedCredential" method>\[[Create]](origin, options, sameOriginWithAncestors)</dfn>
+  is called with an [=origin=] (|origin|), a
+  {{CredentialCreationOptions}} (|options|), and a boolean which is `true` iff the
+  calling context is [=same-origin with its ancestors=] (|sameOriginWithAncestors|).
+  The algorithm returns a {{FederatedCredential}} if one can be created,
+  `null` otherwise, or an [=exception=] in exceptional circumstances:
 
   <ol class="algorithm">
     1.  Assert: |options|["{{CredentialCreationOptions/federated}}"] [=map/exists=], and
-        |sameOriginWithAncestors| is unused.
+        <var ignore>sameOriginWithAncestors</var> is unused.
+
+    2.  Set |options|["{{CredentialCreationOptions/federated}}"]'s {{FederatedCredentialInit/origin}}
+        member's value to |origin|'s value.
 
-    2.  Return the result of executing <a abstract-op>Create a `FederatedCredential` from
-        `FederatedCredentialInit`</a> on |options|["{{CredentialCreationOptions/federated}}"].
+    3.  Return the result of executing <a abstract-op>Create a `FederatedCredential` from
+        `FederatedCredentialInit`</a> given |options|["{{CredentialCreationOptions/federated}}"].
   </ol>
 
   <h4 algorithm id="store-federatedcredential">
@@ -1597,7 +1653,7 @@ <h4 algorithm id="store-federatedcredential">
 
   <ol class="algorithm">
     1.  Return a "{{NotAllowedError}}" {{DOMException}} without altering the user agent's
-        [=credential store=] if |sameOriginWithAncestors| is `false`.
+        [=credential store=] if <var ignore>sameOriginWithAncestors</var> is `false`.
 
         Note: This restriction aims to address the concern raised in [[#security-origin-confusion]].
 
@@ -1654,7 +1710,7 @@ <h4 algorithm id="construct-federatedcredential-data">
         :   {{CredentialUserData/name}}
         ::  |init|.{{CredentialUserData/name}}'s value
         :   {{Credential/[[origin]]}}
-        ::  The [=environment settings object/origin=] of the [=current settings object=].
+        ::  |init|.{{FederatedCredentialInit/origin}}'s value.
 
     4.  Return |c|.
   </ol>
@@ -1884,14 +1940,14 @@ <h4 algorithm id="construct-federatedcredential-data">
 
   Specific credential types, however, will be difficult to expose in those contexts without risk.
   Those credential types are restricted via checks in their
-  {{Credential/[[Create]](options, sameOriginWithAncestors)}},
-  {{Credential/[[CollectFromCredentialStore]](options, sameOriginWithAncestors)}},
-  {{Credential/[[DiscoverFromExternalSource]](options, sameOriginWithAncestors)}}, and
+  {{Credential/[[Create]](origin, options, sameOriginWithAncestors)}},
+  {{Credential/[[CollectFromCredentialStore]](origin, options, sameOriginWithAncestors)}},
+  {{Credential/[[DiscoverFromExternalSource]](origin, options, sameOriginWithAncestors)}}, and
   {{Credential/[[Store]](credential, sameOriginWithAncestors)}}
   methods, as appropriate.
 
   For example {{PasswordCredential}}'s
-  {{PasswordCredential/[[CollectFromCredentialStore]](options, sameOriginWithAncestors)}} method
+  {{PasswordCredential/[[CollectFromCredentialStore]](origin, options, sameOriginWithAncestors)}} method
   will immedietely return an empty set if called from inside a {{Worker}}, or a non-[=top-level
   browsing context=].
 
@@ -1999,29 +2055,30 @@ <h4 algorithm id="construct-federatedcredential-data">
         </pre>
       </div>
 
-  2.  Define appropriate {{Credential/[[Create]](options, sameOriginWithAncestors)}},
-      {{Credential/[[CollectFromCredentialStore]](options, sameOriginWithAncestors)}},
-      {{Credential/[[DiscoverFromExternalSource]](options, sameOriginWithAncestors)}}, and
+  2.  Define appropriate {{Credential/[[Create]](origin, options, sameOriginWithAncestors)}},
+      {{Credential/[[CollectFromCredentialStore]](origin, options, sameOriginWithAncestors)}},
+      {{Credential/[[DiscoverFromExternalSource]](origin, options, sameOriginWithAncestors)}}, and
       {{Credential/[[Store]](credential, sameOriginWithAncestors)}} methods on `ExampleCredential`'s
-      [=interface object=].
-      {{Credential/[[CollectFromCredentialStore]](options, sameOriginWithAncestors)}}
+      [=interface object=]. {{Credential/[[CollectFromCredentialStore]](origin, options, sameOriginWithAncestors)}}
       is appropriate for [=credentials=] that remain [=effective=] forever and
       can therefore simply be copied out of the [=credential store=], while
-      {{Credential/[[DiscoverFromExternalSource]](options, sameOriginWithAncestors)}} is
-      appropriate for [=credentials=] that need to be re-generated from a [=credential source=].
+      {{Credential/[[DiscoverFromExternalSource]](origin, options, sameOriginWithAncestors)}} is appropriate for
+      [=credentials=] that need to be re-generated from a [=credential source=].
 
       Long-running operations, like those in {{PublicKeyCredential}}'s
-      {{PublicKeyCredential/[[Create]](options, sameOriginWithAncestors)}} and
-      {{PublicKeyCredential/[[DiscoverFromExternalSource]](options, sameOriginWithAncestors)}}
+      {{PublicKeyCredential/[[Create]](origin, options, sameOriginWithAncestors)}} and
+      {{PublicKeyCredential/[[DiscoverFromExternalSource]](origin, options, sameOriginWithAncestors)}}
       operations are encouraged to use <code>options.signal</code> to allow developers to abort
       the operation. See [[dom#abortcontroller-api-integration]] for detailed instructions.
 
       <div class="example">
-        `ExampleCredential`'s `[[CollectFromCredentialStore]](options, sameOriginWithAncestors)`
-        internal method is called with a CredentialRequestOptions object (`options`), and a boolean
-        which is `true` iff the calling context is [=same-origin with its ancestors=]. The algorithm
-        returns a set of {{Credential}} objects that match the options provided. If no matching
-        {{Credential}} objects are available, the returned set will be empty.
+        `ExampleCredential`'s `[[CollectFromCredentialStore]](origin, options, sameOriginWithAncestors)`
+        internal method is called
+        with an [=environment settings object/origin=] (`origin`), a CredentialRequestOptions
+        object (`options`), and a boolean which is `true` iff the calling context is [=same-origin with its ancestors=].
+        The algorithm returns a set of {{Credential}}
+        objects that match the options provided. If no matching {{Credential}} objects are
+        available, the returned set will be empty.
 
         1.  Assert: `options`[`example`] exists.