Do not timeout, no need for |conditionalFlow|

index.bs

@@ -2112,34 +2112,34 @@ When this method is invoked, the user agent MUST execute the following algorithm
 
 1. Let |options| be the value of <code>|options|.{{CredentialRequestOptions/publicKey}}</code>.
 
-1. If <code>|options|.{{CredentialRequestOptions/mediation}}</code>
-    <dl class="switch">
-        :   is present with the value "conditional"
-        ::  If <code>|options|.{{PublicKeyCredentialRequestOptions/allowCredentials}}</code> is empty then let |conditionalFlow| be [TRUE], otherwise return a {{DOMException}} whose name is "{{NotAllowedError}}", and terminate this algorithm.
+1. If <code>|options|.{{CredentialRequestOptions/mediation}}</code> is present with the value
+    {{CredentialMediationRequirement/conditional}}:
 
-        :   is present with a value other than "conditional" or is not present
-        ::  let |conditionalFlow| be [FALSE].
-    </dl>
+    1. If and <code>|options|.{{PublicKeyCredentialRequestOptions/allowCredentials}}</code> is not [=list/empty=],
+        return a {{DOMException}} whose name is "{{NotAllowedError}}", and terminate this algorithm.
 
+    1. Set a timer |lifetimeTimer| to a value of infinity.
 
-1. If the {{PublicKeyCredentialRequestOptions/timeout}} member of |options| is present, check if its value lies
-    within a reasonable range as defined by the [=client=] and if not, correct it to the closest value lying within that range.
-    Set a timer |lifetimeTimer| to this adjusted value. If the {{PublicKeyCredentialRequestOptions/timeout}} member of
-    |options| is not present, then set |lifetimeTimer| to a [=client=]-specific default.
+1. Else:
 
-        Recommended ranges and defaults for the {{PublicKeyCredentialRequestOptions/timeout}} member of |options| are as follows.
-          If <code>|options|.{{PublicKeyCredentialRequestOptions/userVerification}}</code>
-            <dl class="switch">
-                :   is set to {{UserVerificationRequirement/discouraged}}
-                ::  Recommended range: 30000 milliseconds to 180000 milliseconds.
-                ::  Recommended default value: 120000 milliseconds (2 minutes).
+    1. If the {{PublicKeyCredentialRequestOptions/timeout}} member of |options| is present, check if its value lies
+        within a reasonable range as defined by the [=client=] and if not, correct it to the closest value lying within that range.
+        Set a timer |lifetimeTimer| to this adjusted value. If the {{PublicKeyCredentialRequestOptions/timeout}} member of
+        |options| is not present, then set |lifetimeTimer| to a [=client=]-specific default.
 
-                :   is set to {{UserVerificationRequirement/required}} or {{UserVerificationRequirement/preferred}}
-                ::  Recommended range: 30000 milliseconds to 600000 milliseconds.
-                ::  Recommended default value: 300000 milliseconds (5 minutes).
-            </dl>
+            Recommended ranges and defaults for the {{PublicKeyCredentialRequestOptions/timeout}} member of |options| are as follows.
+              If <code>|options|.{{PublicKeyCredentialRequestOptions/userVerification}}</code>
+                <dl class="switch">
+                    :   is set to {{UserVerificationRequirement/discouraged}}
+                    ::  Recommended range: 30000 milliseconds to 180000 milliseconds.
+                    ::  Recommended default value: 120000 milliseconds (2 minutes).
 
-        Note: The user agent should take cognitive guidelines into considerations regarding timeout for users with special needs.
+                    :   is set to {{UserVerificationRequirement/required}} or {{UserVerificationRequirement/preferred}}
+                    ::  Recommended range: 30000 milliseconds to 600000 milliseconds.
+                    ::  Recommended default value: 300000 milliseconds (5 minutes).
+                </dl>
+
+            Note: The user agent should take cognitive guidelines into considerations regarding timeout for users with special needs.
 
 1. Let |callerOrigin| be {{PublicKeyCredential/[[DiscoverFromExternalSource]](origin, options, sameOriginWithAncestors)/origin}}. If |callerOrigin| is
     an [=opaque origin=], return a {{DOMException}} whose name is "{{NotAllowedError}}", and terminate this algorithm.
@@ -2234,8 +2234,8 @@ When this method is invoked, the user agent MUST execute the following algorithm
         ::  [=set/For each=] |authenticator| in |issuedRequests| invoke the [=authenticatorCancel=] operation on |authenticator|
             and [=set/remove=] |authenticator| from |issuedRequests|. Return a {{DOMException}} whose name is "{{NotAllowedError}}".
 
-        :   If |conditionalFlow| is [TRUE] and the user interacts with an [=input=] form control with a `"webauthn"`
-            [=autocomplete=] [=autofill hint set=],
+        :   If <code>|options|.{{CredentialRequestOptions/mediation}}</code> is {{CredentialMediationRequirement/conditional}}
+            and the user interacts with an [=input=] form control with a `"webauthn"` [=autocomplete=] [=autofill hint set=],
         ::  1. Prompt the user to optionally select a [=public key credential source=] from |silentlyDiscoveredCredentials|.
 
             1. If the user selects a |credential|,
@@ -2257,15 +2257,18 @@ When this method is invoked, the user agent MUST execute the following algorithm
             and [=set/remove=] |authenticator| from |issuedRequests|. Then
             return a {{DOMException}} whose name is "{{AbortError}}" and terminate this algorithm.
 
-        :   If |conditionalFlow| is [FALSE], |issuedRequests| is empty, <code>|options|.{{PublicKeyCredentialRequestOptions/allowCredentials}}</code> is not empty, and no |authenticator| will become available for any [=public key credentials=] therein,
+        :   If <code>|options|.{{CredentialRequestOptions/mediation}}</code> is not {{CredentialMediationRequirement/conditional}},
+            |issuedRequests| is empty, <code>|options|.{{PublicKeyCredentialRequestOptions/allowCredentials}}</code> is not empty,
+            and no |authenticator| will become available for any [=public key credentials=] therein,
         ::  Indicate to the user that no eligible credential could be found. When the user acknowledges the dialog, return a {{DOMException}} whose name is "{{NotAllowedError}}".
 
             Note: One way a [=client platform=] can determine that no |authenticator| will become available is by examining the <code>{{transports}}</code> members of the present <code>{{PublicKeyCredentialDescriptor}}</code> [=list/items=] of <code>|options|.{{PublicKeyCredentialRequestOptions/allowCredentials}}</code>, if any. For example, if all <code>{{PublicKeyCredentialDescriptor}}</code> [=list/items=] list only <code>{{AuthenticatorTransport/internal}}</code>, but all [=platform authenticator|platform=] |authenticator|s have been tried, then there is no possibility of satisfying the request. Alternatively, all <code>{{PublicKeyCredentialDescriptor}}</code> [=list/items=] may list <code>{{transports}}</code> that the [=client platform=] does not support.
 
         :   If an |authenticator| becomes available on this [=client device=],
         ::  Note:  This includes the case where an |authenticator| was available upon |lifetimeTimer| initiation.
 
-            1. If |conditionalFlow| is [TRUE] and the |authenticator| supports the [=silentCredentialDiscovery=] operation:
+            1. If If <code>|options|.{{CredentialRequestOptions/mediation}}</code> is {{CredentialMediationRequirement/conditional}}
+                and the |authenticator| supports the [=silentCredentialDiscovery=] operation:
 
                 1. Invoke the [=silentCredentialDiscovery=] operation on |authenticator| with |rpId| as parameter.