During TPAC, we observed that SPC-capable credentials can also be used for login. I speculated about the possibility of not-payment sites attempting to create SPC-capable credentials for the purpose of getting around storage partitioning. While that could make for some lovely UX studies, there might also be an action for the WPWG:

Is it possible for a user to downgrade a credential creation request from SPC-capable (cross-origin) to login-only (single-origin)? If not, what changes do we need to make in the protcol to be able to present that option to the user (or for the user to be able to configure their UA to default to that choice)?