I don't have a strong opinion as to whether a joint deliverable is the right way to go or not. It seems like it would just create more work by forcing a rechartering in WebApps, and the advantages aren't clear to me. I'd be happy making this part of WebAppSec's charter. Brad is well-positioned to ensure that we do the right thing with regard to the aspects of WebCrypto that were interesting (FIDO, etc), and I'm sure we could figure out good ways to keep the WebApps community involved. -mike -- Mike West <mkwst@google.com> Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91 Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany Registergericht und -nummer: Hamburg, HRB 86891 Sitz der Gesellschaft: Hamburg Geschäftsführer: Graham Law, Christine Elizabeth Flores (Sorry; I'm legally required to add this exciting detail to emails. Bleh.) On Sat, Oct 11, 2014 at 2:49 PM, Arthur Barstow <art.barstow@gmail.com> wrote: > On 10/10/14 5:20 AM, Mike West wrote: > >> I'm fine with publishing through WebAppSec, as long as the WG is fine >> with rechartering accordingly. We'd still want to ensure that folks from >> WebCrypto and WebApps are looped in, of course. >> > > Hi Mike, All, > > Regarding `looping in` WebApps, I just wanted to let you know that if a > tight coupling is desired, the credential API would need to be identified > as an explicit joint deliverable in all of the relevant WGs' charters. For > WebApps, which just started a new charter a few months ago, this would > require a new re-charter effort. And, if there is broad agreement it is > important for this API to be a joint deliverable with WebApps, then I would > support that re-chartering. > > On the other hand, if a looser coupling (i.e. no explicit joint > deliverable) is OK, then we can work on out-of-band ways to assure the > WebApps' community is `looped in`. > > -Thanks, AB > >
Received on Monday, 13 October 2014 07:38:30 UTC