- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Sat, 11 Apr 2015 06:49:55 +0200
- To: Adrian Hope-Bailie <adrian@hopebailie.com>, W3C Credentials Community Group <public-credentials@w3.org>
On 2015-04-10 23:09, Adrian Hope-Bailie wrote: > Cross-post from WebAppSec IMO, this is a dead duck because: - The problem is not that big - It requires a lot of browser underpinnings - Cookies appear to do this job fairly well already It is a pity that Google haven't spent any time on solving the communication between the browser and local applications since this is a "hard" interface which cannot be polyfilled. Currently Google have only managed deprecating or are planning to cripple such solutions while projects putting sensitive resources in the Open Web (=browser) seems to fail all the time like "WebCrypto.Next for smart cards" and the recently closed SysApps. The Open Web needs a product management which is more interested in PRACTICAL solutions rather than running Jihad against Android, iOS and Windows. COMBINING these layers is simply put, good use of existing engineering resources and also enables innovation by third-parties. Anders > > ---------- Forwarded message ---------- > From: *Mike West* <mkwst@google.com <mailto:mkwst@google.com>> > Date: 10 April 2015 at 21:21 > Subject: CfC to publish a FPWD of Credential Management; ending April 17th. > To: "public-webappsec@w3.org <mailto:public-webappsec@w3.org>" <public-webappsec@w3.org <mailto:public-webappsec@w3.org>> > Cc: Brad Hill <hillbrad@gmail.com <mailto:hillbrad@gmail.com>>, Dan Veditz <dveditz@mozilla.com <mailto:dveditz@mozilla.com>>, Wendy Seltzer <wseltzer@w3.org <mailto:wseltzer@w3.org>> > > > Hello, lovely WebAppSecians. Remember way back in January when I sent out a pre-CfC to prime the pump for the credential management API[1]? You've probably been checking your inbox daily since then, waiting. Waiting. Waiting. > > Well, wait no longer! This is a real call for consensus to publish the following draft of "Credential Management" as a First Public Working Draft: > > https://w3c.github.io/webappsec/specs/credentialmanagement/published/2015-04-FPWD.html > > The document describes an imperative API enabling a website to request a user’s credentials from a user agent, and to help the user agent correctly store user credentials for future use. > > This CfC will end in a week (on the 17th of April). Feedback, positive and negative, to public-webappsec@ is welcome, as are bugs (which you are cordially invited to file at https://github.com/w3c/webappsec/issues/new?title=CREDENTIAL:%20). > > Thanks! > > [1]: https://lists.w3.org/Archives/Public/public-webappsec/2015Jan/0204.html > > -- > Mike West <mkwst@google.com <mailto:mkwst@google.com>>, @mikewest > > Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth Flores > (Sorry; I'm legally required to add this exciting detail to emails. Bleh.) >
Received on Saturday, 11 April 2015 04:50:26 UTC