- From: Dave Longley <dlongley@digitalbazaar.com>
- Date: Wed, 15 Apr 2015 11:31:42 -0400
- To: Janusz Majnert <jmajnert@gmail.com>, Adrian Hope-Bailie <adrian@hopebailie.com>
- CC: Brad Hill <hillbrad@gmail.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
On 04/15/2015 11:02 AM, Janusz Majnert wrote: > 2015-04-15 15:08 GMT+02:00 Adrian Hope-Bailie <adrian@hopebailie.com>: >> But we need to concentrate on showing what the specific issues are and >> how they can be addressed. It would be great if concerned members of >> Credential and Web Payments CGs could raise issues on github instead >> of reiterating the same points in lengthy emails :-) >> >> +1 again, however the call for consensus closes in 2 days. >> As far as I know there are a number of people working on providing just that >> feedback but they simply require some more time. >> As I asked in a previous email; would it help for a member/members of these >> groups to join the WebAppSec WG in order to provide a voice from that >> corner? >> I am happy to do so if required but have not had feedback on this yet. >> >> My original email on this thread was a proposal that the groups be given >> time to pull down the latest polyfill code and demos and actually attempt to >> run through some use cases as a basis for logging issues in GitHub. >> That email has had no response... > If you're talking about use cases defined for Credential Management > API, then this feedback can be given after FPWD is published. If on > the other hand you're talking about use cases sought after in the CGs, > then the overlap is minimal. This API is not attempting to solve CGs' > use cases. That may be so, but this API also mentions future work. That's the point of conflict. Defining a "Credential Management API" that uses "Credentials" and indicates that there's future work in those areas is what drew in the Credentials CG and Web Payments IG to comment. As you mentioned earlier, I do think we could resolve these conflicts by renaming the spec to "Password Management API". Though, I think changing the name "Credential" to "Identity" would still cause conflict with the Credentials CG as we also use that term (something else would likely be fine). That being said, I agree with Adrian that there could be a much greater upside if we work together to make minimal changes to the API and fill out the future work section in the spec with some of what the Credentials CG is working on (at least at a high level). -- Dave Longley CTO Digital Bazaar, Inc. http://digitalbazaar.com
Received on Wednesday, 15 April 2015 15:32:07 UTC