Add compound attestation format

index.bs

@@ -6264,6 +6264,37 @@ This attestation statement format is exclusively used by Apple for certain types
     5. Verify that the [=credential public key=] equals the Subject Public Key of |credCert|.
     6. If successful, return implementation-specific values representing attestation type [=Anonymization CA=] and attestation trust path |x5c|.
 
+## Compound Attestation Statement Format ## {#sctn-compound-attestation}
+
+The "compound" attestation statement format is used to pass multiple, self-contained attestation statements in a single ceremony.
+
+
+: Attestation statement format identifier
+:: compound
+
+: Attestation types supported
+:: Any attestation type defined in the IANA "WebAuthn Attestation Statement Format Identifiers" registry [[!IANA-WebAuthn-Registries]] except `compound`
+
+: Syntax
+:: The syntax of a compound attestation statement is defined as follows:
+
+    ```
+    $$attStmtType //= (
+                          fmt: "compound",
+                          attStmt: compoundAttStmts
+                      )
+
+    compoundAttStmts = []
+    ```
+
+`compoundAttStmts` MUST contain two or more attestation statements which MUST NOT be compound attestation statements.
+
+: Signing procedure
+:: Not applicable
+
+: Verification procedure
+:: For every element in the array, validate the attestation statement based on the verification procedure specified for that format (using the `fmt` identifier). If validation fails for one or more compound attestation statements, [=[RPS]=] should decide the appropriate results based on policy from information they have about the [=authenticators=].
+
 # <dfn>WebAuthn Extensions</dfn> # {#sctn-extensions}
 
 The mechanism for generating [=public key credentials=], as well as requesting and generating Authentication assertions, as