Looking for a home for a proposed Credential Management API. from Mike West on 2014-09-24 (public-webappsec@w3.org from September 2014)

From: Mike West <mkwst@google.com>
Date: Wed, 24 Sep 2014 15:57:16 +0200
To: Brad Hill <hillbrad@gmail.com>, Dan Veditz <dveditz@mozilla.com>, chaals@yandex-team.ru, Virginie.Galindo@gemalto.com, Webapps WG <public-webapps@w3.org>
Cc: Jonas Sicking <sicking@mozilla.com>, plh@w3.org, ylafon@w3.org, xiaoqian@w3.org, Wendy Seltzer <wseltzer@w3.org>, hhalpin@w3.org
Message-ID: <CAKXHy=chgYc8msf778S36=DRp1r4euCWLtLvfHWGb9+q9ECRhg@mail.gmail.com>

(I'd originally sent this just to the folks on to: and cc:. Art reminded me
that public is better, so I'm resending to public-webapps@, and BCCing
public-webappsec@ for visibility).

Hello, chairs of the WebApps, WebAppSec, and WebCrypto WGs!

On Friday, I had an encouraging discussion with Jonas Sicking (CC'd) about
the Credential Management API proposed a month or so ago on WebApps (
http://mikewest.github.io/credentialmanagement/spec/).  Chrome has started
experimenting with an implementation, and though we're nowhere near even
considering shipping it, I'd like to make sure that our implementation
doesn't get too far out ahead of the spec process.

I think it's fair to say that Mozilla is interested in continuing the
discussion around the short-term and long-term goals of such an API in an
appropriate venue. I'd like your collective opinion about what that venue
might be. WebApps seems like the right place just in terms of having the
right people involved. It would require a recharter, however, and it's not
clear to me that that would be a worthwhile use of folks' time.

Both WebCrypto and WebAppSec are in the process of rechartering, which
resolves that potential issue, but neither really seems to be appropriate,
as they're concerned with aspects other than credentials and authentication.

There's a credentials community group that has nothing to do with the
proposal, and given the weak IPR protections of a CG, I'd prefer to avoid
them in the long run (though they might be the right place for short-term
incubation).

Brad suggested that an authentication WG might be spun up out of the
conversations in the recent WebCrypto workshop. Are there concrete plans
for such a group?

Thanks!

-mike

--
Mike West <mkwst@google.com>
Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91

Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
Geschäftsführer: Graham Law, Christine Elizabeth Flores
(Sorry; I'm legally required to add this exciting detail to emails. Bleh.)

Received on Wednesday, 24 September 2014 13:58:05 UTC