The introduction to [[DiscoverFromExternalSource]] is very informative, and even helpful. However, I worry that by basically reproducing the parts of the credential management spec (albeit in a more-readable form), you're breaking the abstraction boundary and creating a potential maintenance burden.
I think this section of the spec should just be concerned with the implementation, leaving discussion of the interface up to the credential management spec.
One way of thinking about this is if in C++ or JS, you duplicated the documentation for your superclass onto the subclass, when overriding a protected virtual method. That seems not great; the understanding is that the superclass takes care of the interface, and you, the subclass, take care of the implementation.
The introduction to [[DiscoverFromExternalSource]] is very informative, and even helpful. However, I worry that by basically reproducing the parts of the credential management spec (albeit in a more-readable form), you're breaking the abstraction boundary and creating a potential maintenance burden.
I think this section of the spec should just be concerned with the implementation, leaving discussion of the interface up to the credential management spec.
One way of thinking about this is if in C++ or JS, you duplicated the documentation for your superclass onto the subclass, when overriding a protected virtual method. That seems not great; the understanding is that the superclass takes care of the interface, and you, the subclass, take care of the implementation.