W3C home > Mailing lists > Public > public-webapps@w3.org > July to September 2014

Re: Looking for a home for a proposed Credential Management API.

From: Harry Halpin <hhalpin@w3.org>
Date: Wed, 24 Sep 2014 16:00:33 +0200
Message-ID: <5422CE81.5080301@w3.org>
To: Mike West <mkwst@google.com>, Brad Hill <hillbrad@gmail.com>, Dan Veditz <dveditz@mozilla.com>, chaals@yandex-team.ru, Virginie.Galindo@gemalto.com, Webapps WG <public-webapps@w3.org>
CC: Jonas Sicking <sicking@mozilla.com>, plh@w3.org, ylafon@w3.org, xiaoqian@w3.org, Wendy Seltzer <wseltzer@w3.org>
Hash: SHA1

On 09/24/2014 03:57 PM, Mike West wrote:
> (I'd originally sent this just to the folks on to: and cc:. Art
> reminded me that public is better, so I'm resending to
> public-webapps@, and BCCing public-webappsec@ for visibility).
> Hello, chairs of the WebApps, WebAppSec, and WebCrypto WGs!
> On Friday, I had an encouraging discussion with Jonas Sicking
> (CC'd) about the Credential Management API proposed a month or so
> ago on WebApps ( 
> http://mikewest.github.io/credentialmanagement/spec/).  Chrome has
> started experimenting with an implementation, and though we're
> nowhere near even considering shipping it, I'd like to make sure
> that our implementation doesn't get too far out ahead of the spec
> process.
> I think it's fair to say that Mozilla is interested in continuing
> the discussion around the short-term and long-term goals of such an
> API in an appropriate venue. I'd like your collective opinion about
> what that venue might be. WebApps seems like the right place just
> in terms of having the right people involved. It would require a
> recharter, however, and it's not clear to me that that would be a
> worthwhile use of folks' time.
> Both WebCrypto and WebAppSec are in the process of rechartering,
> which resolves that potential issue, but neither really seems to be
> appropriate, as they're concerned with aspects other than
> credentials and authentication.
> There's a credentials community group that has nothing to do with
> the proposal, and given the weak IPR protections of a CG, I'd
> prefer to avoid them in the long run (though they might be the
> right place for short-term incubation).
> Brad suggested that an authentication WG might be spun up out of
> the conversations in the recent WebCrypto workshop. Are there
> concrete plans for such a group?

We've just started those discussions. A "high-level" authentication
API was brought up as a possible deliverable and this looks on the
right level. Whether or not it goes in WebAppSec or WebCrypto or a new
WG is up in the air - the discussion *just* started.

The Google folks there also wanted to make sure this dovetailed with
their work on U2F in FIDO and of course later work in UAF, so we were
kinda waiting for them to make that public.
> Thanks!
> -mike
> -- Mike West <mkwst@google.com> Google+: https://mkw.st/+, Twitter:
> @mikewest, Cell: +49 162 10 255 91
> Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany 
> Registergericht und -nummer: Hamburg, HRB 86891 Sitz der
> Gesellschaft: Hamburg Geschäftsführer: Graham Law, Christine
> Elizabeth Flores (Sorry; I'm legally required to add this exciting
> detail to emails. Bleh.)
Version: GnuPG v1.4.11 (GNU/Linux)

Received on Wednesday, 24 September 2014 14:00:42 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:27:16 UTC