- From: Harry Halpin <hhalpin@w3.org>
- Date: Wed, 24 Sep 2014 16:00:33 +0200
- To: Mike West <mkwst@google.com>, Brad Hill <hillbrad@gmail.com>, Dan Veditz <dveditz@mozilla.com>, chaals@yandex-team.ru, Virginie.Galindo@gemalto.com, Webapps WG <public-webapps@w3.org>
- CC: Jonas Sicking <sicking@mozilla.com>, plh@w3.org, ylafon@w3.org, xiaoqian@w3.org, Wendy Seltzer <wseltzer@w3.org>
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/24/2014 03:57 PM, Mike West wrote: > (I'd originally sent this just to the folks on to: and cc:. Art > reminded me that public is better, so I'm resending to > public-webapps@, and BCCing public-webappsec@ for visibility). > > Hello, chairs of the WebApps, WebAppSec, and WebCrypto WGs! > > On Friday, I had an encouraging discussion with Jonas Sicking > (CC'd) about the Credential Management API proposed a month or so > ago on WebApps ( > http://mikewest.github.io/credentialmanagement/spec/). Chrome has > started experimenting with an implementation, and though we're > nowhere near even considering shipping it, I'd like to make sure > that our implementation doesn't get too far out ahead of the spec > process. > > I think it's fair to say that Mozilla is interested in continuing > the discussion around the short-term and long-term goals of such an > API in an appropriate venue. I'd like your collective opinion about > what that venue might be. WebApps seems like the right place just > in terms of having the right people involved. It would require a > recharter, however, and it's not clear to me that that would be a > worthwhile use of folks' time. > > Both WebCrypto and WebAppSec are in the process of rechartering, > which resolves that potential issue, but neither really seems to be > appropriate, as they're concerned with aspects other than > credentials and authentication. > > There's a credentials community group that has nothing to do with > the proposal, and given the weak IPR protections of a CG, I'd > prefer to avoid them in the long run (though they might be the > right place for short-term incubation). > > Brad suggested that an authentication WG might be spun up out of > the conversations in the recent WebCrypto workshop. Are there > concrete plans for such a group? We've just started those discussions. A "high-level" authentication API was brought up as a possible deliverable and this looks on the right level. Whether or not it goes in WebAppSec or WebCrypto or a new WG is up in the air - the discussion *just* started. The Google folks there also wanted to make sure this dovetailed with their work on U2F in FIDO and of course later work in UAF, so we were kinda waiting for them to make that public. > > Thanks! > > -mike > > -- Mike West <mkwst@google.com> Google+: https://mkw.st/+, Twitter: > @mikewest, Cell: +49 162 10 255 91 > > Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany > Registergericht und -nummer: Hamburg, HRB 86891 Sitz der > Gesellschaft: Hamburg Geschäftsführer: Graham Law, Christine > Elizabeth Flores (Sorry; I'm legally required to add this exciting > detail to emails. Bleh.) > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBAgAGBQJUIs6BAAoJEPgwUoSfMzqcmLsQALcM8k3KX+eB04aHTBH+7+UY jjDYIxs8mVEJIHj3CYRyz+n4s5w9Zck2FaPbrR37Qanb8Cx+rInOqh25U3n7Hnaq cV9h81yJM9W6XG/HpeF7iBpmpIIfvBcmOXFRTklOwgrdQE8Lg5UmdesKJ5fkjZBh LIL6tKM3j5Plze8ThJEO6cisSF1uu+x143Ue8e1SCyeB8PgYnUCrfNZoiHbTkXvN d7s0oAjLqU1kvHXP6u5HNCUkNB9TlbBTXS8+Szswy3pfLf22+YPy6eotODyEqvRn lPbQ4nrr/sYz6k5r9/vGDp3wX3tkPfWLEPFf1o/ljvXASYT0xiy3FVub/9862fT7 Hoff/Kzp8Gq6Urh9rJaJ6azmxwpUcur1LmASxBsJ8It5sBHk5FoxdAbJ8Keic/wt 7QFYnUQlPShyyfSZz43MWuRyl41TBxwZdhlZztGr8QppuaiH+AyWj5RCuwblBvaq rt6sNOpOONKD5z2tWJkFQrKm6FEgob3jCECEulNdVr8smmIEVqJquLOqYayLIqvn Sw2QTkhxEht5gMg+Udgfl+jb+/bSq6YYo13zDNVVVmiD/ldcKMvzxVeaxBXf28rs jy0Yde0PCybMxSZ3RHLs8j8r7zV3PkW0icLHPS4YPt0U+eJ7lNjUzCG9YaItcqtI rcIEnvSLfuMJBaczdJc0 =iM70 -----END PGP SIGNATURE-----
Received on Wednesday, 24 September 2014 14:00:42 UTC