I don't have a strong opinion as to whether a joint deliverable is the
right way to go or not. It seems like it would just create more work by
forcing a rechartering in WebApps, and the advantages aren't clear to me.
I'd be happy making this part of WebAppSec's charter. Brad is
well-positioned to ensure that we do the right thing with regard to the
aspects of WebCrypto that were interesting (FIDO, etc), and I'm sure we
could figure out good ways to keep the WebApps community involved.
-mike
--
Mike West <mkwst@google.com>
Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91
Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
Geschäftsführer: Graham Law, Christine Elizabeth Flores
(Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
On Sat, Oct 11, 2014 at 2:49 PM, Arthur Barstow <art.barstow@gmail.com>
wrote:
> On 10/10/14 5:20 AM, Mike West wrote:
>
>> I'm fine with publishing through WebAppSec, as long as the WG is fine
>> with rechartering accordingly. We'd still want to ensure that folks from
>> WebCrypto and WebApps are looped in, of course.
>>
>
> Hi Mike, All,
>
> Regarding `looping in` WebApps, I just wanted to let you know that if a
> tight coupling is desired, the credential API would need to be identified
> as an explicit joint deliverable in all of the relevant WGs' charters. For
> WebApps, which just started a new charter a few months ago, this would
> require a new re-charter effort. And, if there is broad agreement it is
> important for this API to be a joint deliverable with WebApps, then I would
> support that re-chartering.
>
> On the other hand, if a looser coupling (i.e. no explicit joint
> deliverable) is OK, then we can work on out-of-band ways to assure the
> WebApps' community is `looped in`.
>
> -Thanks, AB
>
>