- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Mon, 10 Aug 2015 15:01:17 +0200
- To: Mike West <mkwst@google.com>
- Cc: Adrian Hope-Bailie <adrian@hopebailie.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Dave Longley <dlongley@digitalbazaar.com>, Manu Sporny <msporny@digitalbazaar.com>, Brad Hill <hillbrad@gmail.com>, timeless <timeless@gmail.com>
On Mon, Aug 10, 2015 at 2:31 PM, Mike West <mkwst@google.com> wrote: > 2. No, we don't. Which is somewhat the point: the user agent has zero > understanding of federations today, so this isn't something we can reason > about at all. I think the (reasonable!) argument you and Adrian are making > is that the API doesn't provide full understanding of federations. My > (hopefully reasonable?) response is that I think it provides enough of a > hook to be valuable in itself, and lays the groundwork for additions in the > future. That is one concern, and whether this is solving it is the right way. Another concern I have is whether federation is the only thing a site may wish to store in the credentials store. The API is focused around credentials, but the real use case seems to be storing something in the credentials storage area to survive cookies. (It seems if desired some smuggling of such data can already be done through the FederatedCredential object.) -- https://annevankesteren.nl/
Received on Monday, 10 August 2015 13:01:45 UTC