diff --git a/index.bs b/index.bs
index e5f847486..133273c61 100644
--- a/index.bs
+++ b/index.bs
@@ -7764,6 +7764,14 @@ Each stored [=virtual authenticator=] has the following properties:
:: A {{UvmEntries}} array to be set as the [=authenticator extension output=] when processing the [=User Verification Method=] extension.
Note: This property has no effect if the [=Virtual Authenticator=] does not support the [=User Verification Method=] extension.
+: |defaultBackupEligibility|
+:: Determines the default state of the [=backup eligibility=] [=credential property=] for any newly created [=Public Key Credential Source=].
+ This value MUST be reflected by the [=BE=] [=authenticator data=] [=flag=] when performing an [=authenticatorMakeCredential=]
+ operation with this [=virtual authenticator=].
+: |defaultBackupState|
+:: Determines the default state of the [=backup state=] [=credential property=] for any newly created [=Public Key Credential Source=].
+ This value MUST be reflected by the [=BS=] [=authenticator data=] [=flag=] when performing an [=authenticatorMakeCredential=]
+ operation with this [=virtual authenticator=].
## Add Virtual Authenticator ## {#sctn-automation-add-virtual-authenticator}
@@ -7848,6 +7856,18 @@ The Authenticator Configuration is a JSON [=Object=] passed to the [=
Up to 3 [=User Verification Method=] entries
Empty array
+
+
|defaultBackupEligibility|
+
boolean
+
[TRUE], [FALSE]
+
[FALSE]
+
+
+
|defaultBackupState|
+
boolean
+
[TRUE], [FALSE]
+
[FALSE]
+
@@ -7990,6 +8010,26 @@ The Credential Parameters is a JSON [=Object=] passed to the [=remote
string
+
+
|backupEligibility|
+
+ The simulated [=backup eligibility=] for the [=public key credential source=]. If unset, the value will default to the
+ [=virtual authenticator=]'s |defaultBackupEligibility| property.
+ The simulated [=backup eligibility=] MUST be reflected by the [=BE=] [=authenticator data=] [=flag=] when performing
+ an [=authenticatorGetAssertion=] operation with this [=public key credential source=].
+
+
boolean
+
+
+
|backupState|
+
+ The simulated [=backup state=] for the [=public key credential source=]. If unset, the value will default to the
+ [=virtual authenticator=]'s |defaultBackupState| property.
+ The simulated [=backup state=] MUST be reflected by the [=BS=] [=authenticator data=] [=flag=] when performing
+ an [=authenticatorGetAssertion=] operation with this [=public key credential source=].
+
+
boolean
+
@@ -8026,6 +8066,10 @@ The [=remote end steps=] are:
1. If |largeBlob| is failure, return a [=WebDriver error=] with [=WebDriver error code=] [=invalid argument=].
1. Otherwise:
1. Let |largeBlob| be `null`.
+ 1. Let |backupEligibility| be the |parameters|' |backupEligibility| property.
+ 1. If |backupEligibility| is not defined, set |backupEligibility| to the value of the |authenticator|'s |defaultBackupEligibility|.
+ 1. Let |backupState| be the |parameters|' |backupState| property.
+ 1. If |backupState| is not defined, set |backupState| to the value of the |authenticator|'s |defaultBackupState|.
1. Let |credential| be a new [=Client-side discoverable Public Key Credential Source=] if |isResidentCredential| is [TRUE]
or a [=Server-side Public Key Credential Source=] otherwise whose items are:
: [=public key credential source/type=]
@@ -8038,6 +8082,8 @@ The [=remote end steps=] are:
:: |rpId|
: [=public key credential source/userHandle=]
:: |userHandle|
+ 1. Set the |credential|'s [=backup eligibility=] [=credential property=] to |backupEligibility|.
+ 1. Set the |credential|'s [=backup state=] [=credential property=] to |backupState|.
1. Associate a [=signature counter=] |counter| to the |credential| with a starting value equal to the |parameters|'
|signCount| or `0` if |signCount| is `null`.
1. If |largeBlob| is not `null`, set the [=large, per-credential blob=] associated to the |credential| to |largeBlob|.
@@ -8171,6 +8217,75 @@ The [=remote end steps=] are:
1. Set the |authenticator|'s |isUserVerified| property to the |parameters|' |isUserVerified| property.
1. Return [=success=].
+## Set Credential Properties ## {#sctn-automation-set-credential-properties}
+
+The [=Set Credential Properties=] [=extension command=] allows setting the |backupEligibility| and |backupState| [=credential properties=] of
+a [=Virtual Authenticator=]'s [=public key credential source=]. It is defined as follows:
+
+
+
+The Set Credential Properties Parameters is a JSON [=Object=] passed to the [=remote end steps=] as |parameters|.
+It contains the following |key| and |value| pairs:
+
+
+
+
+
+
Key
+
Description
+
Value Type
+
+
+
+
+
|backupEligibility|
+
The [=backup eligibility=] [=credential property=].
+
boolean
+
+
+
|backupState|
+
The [=backup state=] [=credential property=].
+
boolean
+
+
+
+
+
+The [=remote end steps=] are:
+
+ 1. If |parameters| is not a JSON [=Object=], return a [=WebDriver error=] with [=WebDriver error code=]
+ [=invalid argument=].
+
+ Note: |parameters| is a [=Set Credential Properties Parameters=] object.
+ 1. If |authenticatorId| does not match any [=Virtual Authenticator=] stored in the [=Virtual Authenticator
+ Database=], return a [=WebDriver error=] with [=WebDriver error code=] [=invalid argument=].
+ 1. Let |credential| be the [=public key credential source=] managed by |authenticator| matched by |credentialId|.
+ 1. If |credential| is empty, return a [=WebDriver error=] with [=WebDriver error code=] [=invalid argument=].
+ 1. Let |backupEligibility| be the |parameters|' |backupEligibility| property.
+ 1. If |backupEligibility| is defined, set the [=backup eligibility=] [=credential property=] of |credential| to the value of |backupEligibility|.
+
+ Note: Normally, the |backupEligibility| property is permanent to a [=public key credential source=].
+ [=Set Credential Properties=] allows changing it for testing and debugging purposes.
+
+ 1. Let |backupState| be the |parameters|' |backupState| property.
+ 1. If |backupState| is defined, set the [=backup state=] [=credential property=] of |credential| to the value of |backupState|.
+ 1. Return [=success=].
+
# IANA Considerations # {#sctn-IANA}
## WebAuthn Attestation Statement Format Identifier Registrations Updates ## {#sctn-att-fmt-reg-update}