- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Mon, 18 May 2015 16:12:50 -0400
- To: Credentials Community Group <public-credentials@w3.org>
Just keeping this group in the loop wrt. WebAppSec and credentials. The discussion with the Web Application Security WG is ongoing. We just had a telecon today[1] (search for "manu") about a status update related to harmonizing same-origin and cross-origin credentials: https://lists.w3.org/Archives/Public/public-webappsec/2015May/0101.html In general, here's where we are: 1. The Credentials Management API has an extensibility mechanism, and we assert that the future Web Payments IG/WG and Credentials CG/WG work would like to use it. 2. We don't know if this extensibility mechanism will work for cross-origin credentials, which will more than likely be a hard requirement for the future Web Payments IG/WG and Credentials CG/WG. 3. We don't want the future Web Payments IG/WG and Credentials CG/WG to effectively duplicate the work done in this group because the extensibility mechanism doesn't work for them. 4. We're working on getting a concrete but drafty cross-origin extension done in the Credentials CG by the end of this week. 5. We don't want WebAppSec to take on work they're not chartered to do. -- manu [1] http://www.w3.org/2015/05/18-webappsec-minutes.html -- Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny) Founder/CEO - Digital Bazaar, Inc. blog: High-Stakes Credentials and Web Login http://manu.sporny.org/2014/identity-credentials/
Received on Monday, 18 May 2015 20:13:13 UTC