Splitting "Credential Management"? from Mike West on 2017-03-16 (public-webappsec@w3.org from March 2017)

From: Mike West <mkwst@google.com>
Date: Thu, 16 Mar 2017 14:26:40 +0100
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Cc: Dominic Battre <battre@google.com>, Václav Brožek <vabr@google.com>, Angelo Liao <huliao@microsoft.com>, pdolanjski@mozilla.com, Daniel Bates <dbates@webkit.org>
Message-ID: <CAKXHy=cuvgW8jEcHi2pHABOG_jGnFbidEkbTnXNEo+stsJSVpw@mail.gmail.com>

Hey folks!

While re-reading through the Credential Management API, I realized that the
extension mechanisms aren't at all clear. As a thought exercise, I'm mostly
finished with splitting the document into a generic API that defines the
high-level architecture (
https://w3c.github.io/webappsec-credential-management/base.html), and a
document that specifies `PasswordCredential` and `FederatedCredental` as an
extension (
https://w3c.github.io/webappsec-credential-management/sitebound.html).

WDYT? Is this a sane division? Does it actually make the integration points
clearer by forcing us to use them, or is it more confusing than not to have
the pieces in distinct documents?

CCing some specific folks who might be interested.

-mike

Received on Thursday, 16 March 2017 13:27:33 UTC