W3C home > Mailing lists > Public > public-credentials@w3.org > May 2015

Re: Harmonizing same-origin and cross-origin credentials

From: Melvin Carvalho <melvincarvalho@gmail.com>
Date: Mon, 18 May 2015 23:26:21 +0200
Message-ID: <CAKaEYhLaCbGv00LxRZQEMONgGkuoq0T8rp-ni1KrbpKe4u_jiw@mail.gmail.com>
To: Manu Sporny <msporny@digitalbazaar.com>
Cc: Credentials Community Group <public-credentials@w3.org>
On 18 May 2015 at 22:12, Manu Sporny <msporny@digitalbazaar.com> wrote:

> Just keeping this group in the loop wrt. WebAppSec and credentials.
> The discussion with the Web Application Security WG is ongoing. We just
> had a telecon today[1] (search for "manu") about a status update related
> to harmonizing same-origin and cross-origin credentials:
> https://lists.w3.org/Archives/Public/public-webappsec/2015May/0101.html
> In general, here's where we are:
> 1. The Credentials Management API has an extensibility mechanism, and
>    we assert that the future Web Payments IG/WG and Credentials CG/WG
>    work would like to use it.
> 2. We don't know if this extensibility mechanism will work for
>    cross-origin credentials, which will more than likely be a hard
>    requirement for the future Web Payments IG/WG and Credentials CG/WG.
> 3. We don't want the future Web Payments IG/WG and Credentials CG/WG
>    to effectively duplicate the work done in this group because the
>    extensibility mechanism doesn't work for them.
> 4. We're working on getting a concrete but drafty cross-origin
>    extension done in the Credentials CG by the end of this week.
> 5. We don't want WebAppSec to take on work they're not chartered to do.

Great work Manu

re: "It is likely that cross-origin credentials are going to be a hard
requirement when the Web Payments WG"

Totally agree.

> -- manu
> [1] http://www.w3.org/2015/05/18-webappsec-minutes.html
> --
> Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
> Founder/CEO - Digital Bazaar, Inc.
> blog: High-Stakes Credentials and Web Login
> http://manu.sporny.org/2014/identity-credentials/
Received on Monday, 18 May 2015 21:26:49 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:24:39 UTC