- From: Arthur Barstow <art.barstow@gmail.com>
- Date: Fri, 26 Sep 2014 13:39:29 -0400
- To: Harry Halpin <hhalpin@w3.org>, Brad Hill <hillbrad@gmail.com>, Dan Veditz <dveditz@mozilla.com>, Virginie.Galindo@gemalto.com, Webapps WG <public-webapps@w3.org>
- CC: Wendy Seltzer <wseltzer@w3.org>, Adam Barth <w3c@adambarth.com>
On 9/24/14 10:00 AM, Harry Halpin wrote: > On 09/24/2014 03:57 PM, Mike West wrote: >> (I'd originally sent this just to the folks on to: and cc:. Art >> reminded me that public is better, so I'm resending to >> public-webapps@, and BCCing public-webappsec@ for visibility). >> >> Hello, chairs of the WebApps, WebAppSec, and WebCrypto WGs! >> >> On Friday, I had an encouraging discussion with Jonas Sicking >> (CC'd) about the Credential Management API proposed a month or so >> ago on WebApps ( >> http://mikewest.github.io/credentialmanagement/spec/). Chrome has >> started experimenting with an implementation, and though we're >> nowhere near even considering shipping it, I'd like to make sure >> that our implementation doesn't get too far out ahead of the spec >> process. >> >> I think it's fair to say that Mozilla is interested in continuing >> the discussion around the short-term and long-term goals of such an >> API in an appropriate venue. I'd like your collective opinion about >> what that venue might be. WebApps seems like the right place just >> in terms of having the right people involved. It would require a >> recharter, however, and it's not clear to me that that would be a >> worthwhile use of folks' time. >> >> Both WebCrypto and WebAppSec are in the process of rechartering, >> which resolves that potential issue, but neither really seems to be >> appropriate, as they're concerned with aspects other than >> credentials and authentication. >> >> There's a credentials community group that has nothing to do with >> the proposal, and given the weak IPR protections of a CG, I'd >> prefer to avoid them in the long run (though they might be the >> right place for short-term incubation). >> >> Brad suggested that an authentication WG might be spun up out of >> the conversations in the recent WebCrypto workshop. Are there >> concrete plans for such a group? > We've just started those discussions. A "high-level" authentication > API was brought up as a possible deliverable and this looks on the > right level. Whether or not it goes in WebAppSec or WebCrypto or a new > WG is up in the air - the discussion *just* started. > > The Google folks there also wanted to make sure this dovetailed with > their work on U2F in FIDO and of course later work in UAF, so we were > kinda waiting for them to make that public. Hi Mike, While some of these longer term options Harry mentioned are sorted out, are you looking for a more immediate place to discuss your proposal? If so, although I am currently mostly indifferent as to which existing list to use, I don't object to using p-webapps. That said, perhaps the Security IG list would be more appropriate (since I think it has an implicit `coordination` function). Virginie, Adam - any feedback on the IG being a temporary home for Mike's proposal? Another option would be to create a new a new CG (although I suppose there could be some confusion with Manu's Credentials CG <http://www.w3.org/community/credentials/>). -AB
Received on Friday, 26 September 2014 17:39:59 UTC