W3C home > Mailing lists > Public > public-credentials@w3.org > April 2015

Re: Overlap with Credentials/Web Payments CG (was Re: CfC to publish a FPWD of Credential Management; ending April 17th.)

From: Timothy Holborn <timothy.holborn@gmail.com>
Date: Wed, 15 Apr 2015 00:27:24 +1000
Message-ID: <CAM1Sok1FARJX8o4O32fBN-brB-NWWHht6+xvt_44V8E2Z=epsw@mail.gmail.com>
To: Brad Hill <hillbrad@gmail.com>
Cc: Wendy Seltzer <wseltzer@w3.org>, Mike West <mkwst@google.com>, Manu Sporny <msporny@digitalbazaar.com>, Dan Veditz <dveditz@mozilla.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Credentials Community Group <public-credentials@w3.org>, Web Payments IG <public-webpayments-ig@w3.org>
are there any relevant patents and/or other forms of IPR that should be
declared?

On 14 April 2015 at 03:23, Brad Hill <hillbrad@gmail.com> wrote:

> Manu,
>
> Before you continue tossing around threats of Formal Objections, I'll
> suggest you refer the process document:
>
> http://www.w3.org/2014/Process-20140801/
>
> "An individual who registers a Formal Objection SHOULD cite technical
> arguments and propose changes that would remove the Formal Objection; these
> proposals MAY be vague or incomplete. Formal Objections that do not
> provide substantive arguments or rationale are unlikely to receive serious
> consideration by the Director."
>
> I hope you will at least do this group the courtesy of the same: a
> substantive technical rationale for the objection and proposals for changes
> (within the chartered scope of this WG:
> http://www.w3.org/2015/03/webappsec-charter-2015.html)  that would remove
> the objection, and give us an opportunity to respond to those suggestions.
>
> Credential is a very overloaded term, as the CG's executive summary
> document makes abundantly clear.  The concrete problem of improving the
> reliability, functionality and security of management tools for
> username/password and federated credentials - tools that are in wide
> deployment today - is real and pressing, and that is what we put in the
> scope of our charter.
>
> As the Credentials CG summary seems to consider 'credentials' as
> potentially including payment instruments, identities, verifiable age
> claims, and more, and there is no technical report giving any technical
> details of how such would be represented, it seems impossible to judge at
> this time whether this specification would accommodate those concerns or
> not, or whether the use case scenarios even overlap (automatically applying
> a username/password for login is quite different than automatically
> applying a payment instrument!) without further clarification.
>
> thank you,
>
> Brad Hill
> Co-Chair, WebAppSec WG
>
> On Mon, Apr 13, 2015 at 6:01 AM Wendy Seltzer <wseltzer@w3.org> wrote:
>
>> On 04/13/2015 04:45 AM, Mike West wrote:
>> > (Forking the thread for clarity)
>> >
>> > Hi Manu!
>> >
>> > I've put forward this draft of the credential management spec in order
>> to
>> > seek exactly this sort of feedback from developers. If there are indeed
>> > technical deficiencies in the spec that make it unsuitable for use cases
>> > that we ought to support, then we certainly need to change it.
>> >
>> > Indeed, the API proposed in this document is intended to be fairly
>> generic
>> > (it has ~2 methods) and extensible (by subclassing `Credential`) so as
>> not
>> > to block future innovation. It would be helpful to understand how
>> exactly
>> > it blocks you from doing the work you'd like to be doing.
>> >
>> > On Mon, Apr 13, 2015 at 3:44 AM, Manu Sporny <msporny@digitalbazaar.com
>> >
>> > wrote:
>> >
>> >> On 04/10/2015 04:21 PM, Mike West wrote:
>> >>> Well, wait no longer! This is a real call for consensus to publish
>> >>> the following draft of "Credential Management" as a First Public
>> >>> Working Draft:
>> >>
>> >> -1, the spec completely ignores the very substantial work going on in
>> >> the Credentials CG and the Web Payments IG that is related to the API
>> >> you're proposing.
>> >>
>> >
>> > Perhaps the word "credentials" is causing problems; after skimming the
>> > documents you pointed to, I don't see significant overlap between this
>> spec
>> > and those groups. Is your concern that we're co-opting the term? Or is
>> > there something deeper?
>>
>> Apart from using a common term differently, I don't see much overlap and
>> hence potential conflict between the different pieces of work. Mike's
>> WebAppSec draft is certainly not asserting that it is the sole source of
>> meaning for the term "credential," nor is it saying that web users could
>> not request or express richer credentials.
>>
>> >
>> > I suggest the Web AppSec Chairs start coordinating w/ the Web Payments
>> >> IG and the Credentials CG before proposing the publication of this
>> FPWD.
>> >>
>> >
>> > +Brad, Dan, Wendy.
>>
>> I'll join this morning's Web Payments IG call and am happy to work to
>> help resolve the disagreement.
>>
>> --Wendy
>>
>> >
>> > --
>> > Mike West <mkwst@google.com>, @mikewest
>> >
>> > Google Germany GmbH, Dienerstrasse 12, 80331 München,
>> > Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der
>> > Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth
>> > Flores
>> > (Sorry; I'm legally required to add this exciting detail to emails.
>> Bleh.)
>> >
>>
>>
>> --
>> Wendy Seltzer -- wseltzer@w3.org +1.617.715.4883 (office)
>> Policy Counsel and Domain Lead, World Wide Web Consortium (W3C)
>> http://wendy.seltzer.org/        +1.617.863.0613 (mobile)
>>
>>
Received on Tuesday, 14 April 2015 14:28:16 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 11 July 2018 21:19:23 UTC