- From: Melvin Carvalho <melvincarvalho@gmail.com>
- Date: Mon, 18 May 2015 23:26:21 +0200
- To: Manu Sporny <msporny@digitalbazaar.com>
- Cc: Credentials Community Group <public-credentials@w3.org>
- Message-ID: <CAKaEYhLaCbGv00LxRZQEMONgGkuoq0T8rp-ni1KrbpKe4u_jiw@mail.gmail.com>
On 18 May 2015 at 22:12, Manu Sporny <msporny@digitalbazaar.com> wrote: > Just keeping this group in the loop wrt. WebAppSec and credentials. > > The discussion with the Web Application Security WG is ongoing. We just > had a telecon today[1] (search for "manu") about a status update related > to harmonizing same-origin and cross-origin credentials: > > https://lists.w3.org/Archives/Public/public-webappsec/2015May/0101.html > > In general, here's where we are: > > 1. The Credentials Management API has an extensibility mechanism, and > we assert that the future Web Payments IG/WG and Credentials CG/WG > work would like to use it. > 2. We don't know if this extensibility mechanism will work for > cross-origin credentials, which will more than likely be a hard > requirement for the future Web Payments IG/WG and Credentials CG/WG. > 3. We don't want the future Web Payments IG/WG and Credentials CG/WG > to effectively duplicate the work done in this group because the > extensibility mechanism doesn't work for them. > 4. We're working on getting a concrete but drafty cross-origin > extension done in the Credentials CG by the end of this week. > 5. We don't want WebAppSec to take on work they're not chartered to do. > Great work Manu re: "It is likely that cross-origin credentials are going to be a hard requirement when the Web Payments WG" Totally agree. > > -- manu > > [1] http://www.w3.org/2015/05/18-webappsec-minutes.html > > -- > Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny) > Founder/CEO - Digital Bazaar, Inc. > blog: High-Stakes Credentials and Web Login > http://manu.sporny.org/2014/identity-credentials/ > >
Received on Monday, 18 May 2015 21:26:49 UTC