Re: WebAuthn and Credential Management

Hi, Philippe!

I'm confident that the Credential Management spec isn't going to change
shape at this point. We do intend to split the document into a core
infrastructure spec which will live under the existing shortname, and a
spec for the specific credential types which the document currently
defines. WebAuthn relies entirely on the former, and not at all on the
latter, which is good both because it means your links won't break, and
because the former is solidly baked and shipping ~everywhere.

I can't do that split by Thursday, but republishing the working draft might
be possible. I'm traveling at the moment, and don't have access to my
desktop with the tiny script I used to republish WDs, but I'll try to
remember how it worked well enough to do it from here today. If I can't get
that working, I'll ask you to help. :)

-mike


On Mon, Jan 14, 2019 at 10:45 AM Philippe Le Hégaret <plh@w3.org> wrote:

> Hi Mike,
>
>
> The Web Auth Working Group is ready to publish its proposed
> recommendation for WebAuthn but it needs assurances that the Credential
> Management spec, as used in WebAuthn, won't change substantially.
>
> You can see the list of interfaces/methods/concept used by WebAuthn in:
>    https://w3c.github.io/webauthn/#index-defined-elsewhere
>
> Using your editor hat (and WebAppSec co-chair), can you confirm if those
> referenced parts are stable? Many of those parts have being used in the
> WebAuthn test suite.
>
> One referenced concept:
>
>
> https://w3c.github.io/webappsec-credential-management/#same-origin-with-its-ancestors
>
> isn't part of the published Working Draft:
>   https://www.w3.org/TR/credential-management-1/#core-infrastructure
>
> In addition, would it be possible to update the Working Draft this
> upcoming Thursday (I'm happy to help with that if needed)?
>
> Thank you,
>
> Philippe
>
>