- From: GALINDO Virginie <Virginie.Galindo@gemalto.com>
- Date: Mon, 29 Sep 2014 07:32:33 +0000
- To: Harry Halpin <hhalpin@w3.org>, Mike West <mkwst@google.com>, Brad Hill <hillbrad@gmail.com>, Dan Veditz <dveditz@mozilla.com>, "chaals@yandex-team.ru" <chaals@yandex-team.ru>, Webapps WG <public-webapps@w3.org>
- CC: Jonas Sicking <sicking@mozilla.com>, "plh@w3.org" <plh@w3.org>, "ylafon@w3.org" <ylafon@w3.org>, "xiaoqian@w3.org" <xiaoqian@w3.org>, "Wendy Seltzer" <wseltzer@w3.org>
Dear Mike, and all, What kind of skills do you think this API should benefit ? Good web app dev and architects, security nerds, or crypto people. This may also ease the specification deployment, if it lands in a WG with the right skilled people. My 2 cents, Virginie -----Original Message----- From: Harry Halpin [mailto:hhalpin@w3.org] Sent: mercredi 24 septembre 2014 16:01 To: Mike West; Brad Hill; Dan Veditz; chaals@yandex-team.ru; GALINDO Virginie; Webapps WG Cc: Jonas Sicking; plh@w3.org; ylafon@w3.org; xiaoqian@w3.org; Wendy Seltzer Subject: Re: Looking for a home for a proposed Credential Management API. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/24/2014 03:57 PM, Mike West wrote: > (I'd originally sent this just to the folks on to: and cc:. Art > reminded me that public is better, so I'm resending to > public-webapps@, and BCCing public-webappsec@ for visibility). > > Hello, chairs of the WebApps, WebAppSec, and WebCrypto WGs! > > On Friday, I had an encouraging discussion with Jonas Sicking > (CC'd) about the Credential Management API proposed a month or so ago > on WebApps ( http://mikewest.github.io/credentialmanagement/spec/). > Chrome has started experimenting with an implementation, and though > we're nowhere near even considering shipping it, I'd like to make sure > that our implementation doesn't get too far out ahead of the spec > process. > > I think it's fair to say that Mozilla is interested in continuing the > discussion around the short-term and long-term goals of such an API in > an appropriate venue. I'd like your collective opinion about what that > venue might be. WebApps seems like the right place just in terms of > having the right people involved. It would require a recharter, > however, and it's not clear to me that that would be a worthwhile use > of folks' time. > > Both WebCrypto and WebAppSec are in the process of rechartering, which > resolves that potential issue, but neither really seems to be > appropriate, as they're concerned with aspects other than credentials > and authentication. > > There's a credentials community group that has nothing to do with the > proposal, and given the weak IPR protections of a CG, I'd prefer to > avoid them in the long run (though they might be the right place for > short-term incubation). > > Brad suggested that an authentication WG might be spun up out of the > conversations in the recent WebCrypto workshop. Are there concrete > plans for such a group? We've just started those discussions. A "high-level" authentication API was brought up as a possible deliverable and this looks on the right level. Whether or not it goes in WebAppSec or WebCrypto or a new WG is up in the air - the discussion *just* started. The Google folks there also wanted to make sure this dovetailed with their work on U2F in FIDO and of course later work in UAF, so we were kinda waiting for them to make that public. > > Thanks! > > -mike > > -- Mike West <mkwst@google.com> Google+: https://mkw.st/+, Twitter: > @mikewest, Cell: +49 162 10 255 91 > > Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany > Registergericht und -nummer: Hamburg, HRB 86891 Sitz der > Gesellschaft: Hamburg Geschäftsführer: Graham Law, Christine Elizabeth > Flores (Sorry; I'm legally required to add this exciting detail to > emails. Bleh.) > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBAgAGBQJUIs6BAAoJEPgwUoSfMzqcmLsQALcM8k3KX+eB04aHTBH+7+UY jjDYIxs8mVEJIHj3CYRyz+n4s5w9Zck2FaPbrR37Qanb8Cx+rInOqh25U3n7Hnaq cV9h81yJM9W6XG/HpeF7iBpmpIIfvBcmOXFRTklOwgrdQE8Lg5UmdesKJ5fkjZBh LIL6tKM3j5Plze8ThJEO6cisSF1uu+x143Ue8e1SCyeB8PgYnUCrfNZoiHbTkXvN d7s0oAjLqU1kvHXP6u5HNCUkNB9TlbBTXS8+Szswy3pfLf22+YPy6eotODyEqvRn lPbQ4nrr/sYz6k5r9/vGDp3wX3tkPfWLEPFf1o/ljvXASYT0xiy3FVub/9862fT7 Hoff/Kzp8Gq6Urh9rJaJ6azmxwpUcur1LmASxBsJ8It5sBHk5FoxdAbJ8Keic/wt 7QFYnUQlPShyyfSZz43MWuRyl41TBxwZdhlZztGr8QppuaiH+AyWj5RCuwblBvaq rt6sNOpOONKD5z2tWJkFQrKm6FEgob3jCECEulNdVr8smmIEVqJquLOqYayLIqvn Sw2QTkhxEht5gMg+Udgfl+jb+/bSq6YYo13zDNVVVmiD/ldcKMvzxVeaxBXf28rs jy0Yde0PCybMxSZ3RHLs8j8r7zV3PkW0icLHPS4YPt0U+eJ7lNjUzCG9YaItcqtI rcIEnvSLfuMJBaczdJc0 =iM70 -----END PGP SIGNATURE----- ________________________________ This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited. E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender. Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus.
Received on Monday, 29 September 2014 07:34:16 UTC