Add a new optional rpId to Credential Record

index.bs

@@ -1127,6 +1127,14 @@ BCP 14 [[!RFC2119]] [[!RFC8174]] when, and only when, they appear in all capital
             when the [=public key credential source=] was [=registration|registered=].
             Storing this in combination with the above [$credential record/attestationObject$] [=struct/item=]
             enables the [=[RP]=] to re-verify the [=attestation signature=] at a later time.
+
+        :   <dfn>rpId</dfn>
+        ::  The value of the <code>{{PublicKeyCredentialCreationOptions/rp}}.{{PublicKeyCredentialRpEntity/id}}</code> parameter
+            specified in the {{CredentialsContainer/create()}} operation during credential registration.
+            This value is a core property of the credential that determines where it can be used.
+            Storing this value at registration time can help in the future, such as to audit its use,
+            troubleshoot issues authenticating with it, or to use it across different domains later
+            via [[#sctn-related-origins|Related Origins]].
     </dl>
 
     [=WebAuthn extensions=] MAY define additional [=struct/items=] needed to process the extension.
@@ -6036,6 +6044,9 @@ a numbered step. If outdented, it (today) is rendered as a bullet in the midst o
 
             :   [$credential record/attestationClientDataJSON$]
             ::  <code>|response|.{{AuthenticatorResponse/clientDataJSON}}</code>.
+
+            :   [$credential record/rpId$]
+            ::  <code>|pkOptions|.{{PublicKeyCredentialCreationOptions/rp}}.{{PublicKeyCredentialRpEntity/id}}</code>
         </dl>
 
         The [=[RP]=] MAY also include any additional [=struct/items=] as necessary.