W3C home > Mailing lists > Public > public-web-security@w3.org > October 2014

Re: New security fetaure : Looking for a home for a proposed Credential Management API.

From: Mike West <mkwst@google.com>
Date: Mon, 13 Oct 2014 09:37:42 +0200
Message-ID: <CAKXHy=eBzcehy7qXE0QeXTWh2-kptM9h-UbT9Dj8LmR0EbX0vA@mail.gmail.com>
To: Arthur Barstow <art.barstow@gmail.com>
Cc: GALINDO Virginie <Virginie.Galindo@gemalto.com>, Richard Barnes <rlb@ipv.sx>, Brad Hill <hillbrad@gmail.com>, Wendy Seltzer <wseltzer@w3.org>, "public-web-security@w3.org" <public-web-security@w3.org>, "public-webcrypto@w3.org" <public-webcrypto@w3.org>, Harry Halpin <hhalpin@w3.org>, Dan Veditz <dveditz@mozilla.com>
I don't have a strong opinion as to whether a joint deliverable is the
right way to go or not. It seems like it would just create more work by
forcing a rechartering in WebApps, and the advantages aren't clear to me.

I'd be happy making this part of WebAppSec's charter. Brad is
well-positioned to ensure that we do the right thing with regard to the
aspects of WebCrypto that were interesting (FIDO, etc), and I'm sure we
could figure out good ways to keep the WebApps community involved.

-mike

--
Mike West <mkwst@google.com>
Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91

Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
Geschäftsführer: Graham Law, Christine Elizabeth Flores
(Sorry; I'm legally required to add this exciting detail to emails. Bleh.)

On Sat, Oct 11, 2014 at 2:49 PM, Arthur Barstow <art.barstow@gmail.com>
wrote:

> On 10/10/14 5:20 AM, Mike West wrote:
>
>> I'm fine with publishing through WebAppSec, as long as the WG is fine
>> with rechartering accordingly. We'd still want to ensure that folks from
>> WebCrypto and WebApps are looped in, of course.
>>
>
> Hi Mike, All,
>
> Regarding `looping in` WebApps, I just wanted to let you know that if a
> tight coupling is desired, the credential API would need to be identified
> as an explicit joint deliverable in all of the relevant WGs' charters. For
> WebApps, which just started a new charter a few months ago, this would
> require a new re-charter effort. And, if there is broad agreement it is
> important for this API to be a joint deliverable with WebApps, then I would
> support that re-chartering.
>
> On the other hand, if a looser coupling (i.e. no explicit joint
> deliverable) is OK, then we can work on out-of-band ways to assure the
> WebApps' community is `looped in`.
>
> -Thanks, AB
>
>
Received on Monday, 13 October 2014 07:38:30 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:09:33 UTC