- From: Mike West <mkwst@google.com>
- Date: Mon, 13 Apr 2015 20:42:06 +0200
- To: Jonathan Kingston <jonathan@jooped.com>
- Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>, Brad Hill <hillbrad@gmail.com>, Dan Veditz <dveditz@mozilla.com>, Wendy Seltzer <wseltzer@w3.org>
- Message-ID: <CAKXHy=cQ14xWjsdJjVmX7Lt_R_dWJwq=OEgEpteDRt-_kBUaRg@mail.gmail.com>
On Mon, Apr 13, 2015 at 8:31 PM, Jonathan Kingston <jonathan@jooped.com> wrote: > Is there any motivation to add in hooks to other credential management > systems outside the browser at all? It seems as if credential management > systems like LastPass would benefit from all the advantages you are setting > out here. > It seems like extensions could hook into a standard API much like they > currently do for geolocation etc. > I don't think we can reasonably specify that (as extension systems are by their nature specific to each browser, and not really part of the web platform). That said, I think it would be totally reasonable for browser vendors to support password management extensions (in fact, if there's much interest in this API, I somewhat expect LassPass and others to start injecting this API). Also I started the following test site the other day for this exact reason > to improve the usability of password generators: > password-generation-test-cases.herokuapp.com > The AJAX form submission and saving of passwords would be resolved with > this specification (Assuming the API is used. - I can add a test case there > when the API solidifies). > Looks interesting, thanks! However the other remaining item is supporting password generation > restrictions like 25+ chars minimum, is this something that would belong in > this specification? > This question is https://w3c.github.io/webappsec/specs/credentialmanagement/#issue-1a314ee6 in the spec. I do think it's something worth supporting, but I'd like to get the general shape of the API hammered out in this forum before moving to that kind of "nice to have" detail. > It could hang odd the pattern attribute of form fields. > For everyone's sanity, I'd hope we can find more declarative rules than that. Parsing a regex (or, worse, just generating random passwords until one matches!) is complicated. Thanks for submitting this. > Thanks for your feedback! -- Mike West <mkwst@google.com>, @mikewest Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth Flores (Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
Received on Monday, 13 April 2015 18:42:55 UTC