RE: PR #384 CredMan Integration

Too nice need to raise a formal objection not whimpers as I can't read between the lines 

-----Original Message-----
From: Hodges, Jeff [mailto:jeff.hodges@paypal.com] 
Sent: Monday, April 10, 2017 4:18 PM
To: public-webauthn@w3.org
Subject: Re: PR #384 CredMan Integration 

On 4/10/17, 2:29 PM, "Anthony Nadalin" <tonynad@microsoft.com> wrote:

> So based upon the discussions that have been going on there seems to 
> be some issues raised on what happens when we merge. I have not heard 
> and real outright objections to the merge,

Dirk made such an outright objection -- but perhaps he said it too nicely [0]:

  ..I'm arguing against accepting https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fw3c%2Fwebauthn%2Fpull%2F384&data=02%7C01%7Ctonynad%40microsoft.com%7C8fa40e78c673482b7eed08d480681726%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636274633275960038&sdata=mV1%2FBr337%2B%2BsXPfyFXpid3LgBi6VFtKiig1YUcJe2IQ%3D&reserved=0 as
  is, because I believe it will create a lot of future work for us that will
  slow us down.

> so in favor of progress I suggest we accept #384 and deal with the 
> questions as they comes up with Mike West, as we see to be just going 
> around and around w/o making a decision.

A more productive approach may be to consider our options in light of the desire to have an implementable and nominally usable draft webauthn level 1 API in the near term.

To me the decision context appears to be: 

  What's more important, 

    (1) near-term implementable & adoptable/deployable webauthn draft with or 
        without credman incorporation, or,

    (2) adding credman dependency now (because it seems we will do it at some 
        point regardless), i.e., merge PR#384 as-is, and hope the resultant 
        fixing/polishing does not take "too long" ?

Tony is suggesting (2).  

in [0] Dirk is arguing that (2) will result in taking "too long", and implies we should do option B plus some renaming.

Though, an option (3) is that we could think things through more thoroughly, convince ourselves option C (below) is the correct thing to do in light of the other below options, and if it is, revise the PR#384 appropriately, then merge. One could argue this will take less time that just merging #384 as-is.  

@mikewest replied to Dirk's points in detail in [3], so we've embarked on option (3) if we hold off on merging. This is what I'd vote for. 

HTH,

=JeffH


details:

Again, the webauthn||credman options [1][2] are:

A. Just Rename (slides 8, 9)
(as noted in the F2F minutes, this is to just "'rename' scopedCredential" such that webauthn (WA) does not use the term 'cedential' in its API)

B. Join credman class hierarchy, keep webauthn methods  (slides 10..14)

C. Join credman (CM) class hierarchy, use CM methods (slides 15..18)

Plus, there is also the status-quo:

D.  Leave credman and webauthn entirely separate for their "level 1" (ie initial version) incarnations (leaves door open to address some sort of merger in level 2 incarnations).


[0] https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.w3.org%2FArchives%2FPublic%2Fpublic-webauthn%2F2017Apr%2F0138.html&data=02%7C01%7Ctonynad%40microsoft.com%7C8fa40e78c673482b7eed08d480681726%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636274633275970046&sdata=PjQcFrH6YKX2D4Uc0mYDJw8THRmIaQ%2FaCepnx1InDWo%3D&reserved=0


[1] WebAuthn vs Credential Management (@balfanz) <https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.google.com%2Fpresentation%2Fd%2F1RyfQS3f-Dk7xU8S6pCSBzWl3jGGGrkF1zWkUypVUnik&data=02%7C01%7Ctonynad%40microsoft.com%7C8fa40e78c673482b7eed08d480681726%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C1%7C636274633275970046&sdata=NCCw7zgoj6p8R20qbFn%2FP9I8uSwzr3zVSVBs1rFiqtI%3D&reserved=0>

[2] https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fw3c%2Fwebauthn%2Fpull%2F384%23issuecomment-292734633&data=02%7C01%7Ctonynad%40microsoft.com%7C8fa40e78c673482b7eed08d480681726%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636274633275970046&sdata=33LM5ULKf4s5%2BTwRdf6Iq0DWENH5YU6cy%2F5oxiI4i7g%3D&reserved=0


[3] https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.w3.org%2FArchives%2FPublic%2Fpublic-webauthn%2F2017Apr%2F0147.html&data=02%7C01%7Ctonynad%40microsoft.com%7C8fa40e78c673482b7eed08d480681726%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636274633275970046&sdata=9Qi%2FOXTyPnDfj3wHbbvoO%2BhGf1kgyFUFEIEyvvOlQJQ%3D&reserved=0

Received on Tuesday, 11 April 2017 02:14:40 UTC