Re: Fwd: CfC to publish a FPWD of Credential Management; ending April 17th.

On 2015-04-10 23:09, Adrian Hope-Bailie wrote:
> Cross-post from WebAppSec

IMO, this is a dead duck because:

- The problem is not that big
- It requires a lot of browser underpinnings
- Cookies appear to do this job fairly well already

It is a pity that Google haven't spent any time on solving the communication
between the browser and local applications since this is a "hard" interface
which cannot be polyfilled.  Currently Google have only managed deprecating or
are planning to cripple such solutions while projects putting sensitive resources
in the Open Web (=browser) seems to fail all the time like "WebCrypto.Next for smart cards"
and the recently closed SysApps.

The Open Web needs a product management which is more interested in PRACTICAL
solutions rather than running Jihad against Android, iOS and Windows.  COMBINING
these layers is simply put, good use of existing engineering resources and also
enables innovation by third-parties.


> ---------- Forwarded message ----------
> From: *Mike West* < <>>
> Date: 10 April 2015 at 21:21
> Subject: CfC to publish a FPWD of Credential Management; ending April 17th.
> To: " <>" < <>>
> Cc: Brad Hill < <>>, Dan Veditz < <>>, Wendy Seltzer < <>>
> Hello, lovely WebAppSecians. Remember way back in January when I sent out a pre-CfC to prime the pump for the credential management API[1]? You've probably been checking your inbox daily since then, waiting. Waiting. Waiting.
> Well, wait no longer! This is a real call for consensus to publish the following draft of "Credential Management" as a First Public Working Draft:
> The document describes an imperative API enabling a website to request a user’s credentials from a user agent, and to help the user agent correctly store user credentials for future use.
> This CfC will end in a week (on the 17th of April). Feedback, positive and negative, to public-webappsec@ is welcome, as are bugs (which you are cordially invited to file at
> Thanks!
> [1]:
> --
> Mike West < <>>, @mikewest
> Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth Flores
> (Sorry; I'm legally required to add this exciting detail to emails. Bleh.)

Received on Saturday, 11 April 2015 04:50:26 UTC