W3C home > Mailing lists > Public > public-webappsec@w3.org > April 2015

Re: CfC to publish a FPWD of Credential Management; ending April 17th.

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Sat, 11 Apr 2015 14:15:07 +0200
Message-ID: <5529104B.6070704@gmail.com>
To: Mike West <mkwst@google.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
CC: Brad Hill <hillbrad@gmail.com>, Dan Veditz <dveditz@mozilla.com>, Wendy Seltzer <wseltzer@w3.org>
On 2015-04-10 22:21, Mike West wrote:
> Hello, lovely WebAppSecians. Remember way back in January when I sent out a pre-CfC to prime the pump for the credential management API[1]? You've probably been checking your inbox daily since then, waiting. Waiting. Waiting.

I don't have any opinion about the FPWD but the prioritization of "nice to have" additions over "there's no other way" features like covering the hole in the web that occurred when the browser-vendors unilaterally decided deprecating plugins like NPAPI and ActiveX without any considerations of the millions of people who actually relied on such.

The recent premature closing of SysApps[1] and failure of WebCrypto.Next[2] indicate that the "true" Web model needs to be revised.

It is not only obscure EU government agencies or banks that use extension schemes, I assume that this cool Intel product does this as well:


1] https://lists.w3.org/Archives/Public/public-sysapps/2015Apr/0000.html

2] https://lists.w3.org/Archives/Public/public-web-security/2015Feb/0034.html

> Well, wait no longer! This is a real call for consensus to publish the following draft of "Credential Management" as a First Public Working Draft:
> https://w3c.github.io/webappsec/specs/credentialmanagement/published/2015-04-FPWD.html
> The document describes an imperative API enabling a website to request a user’s credentials from a user agent, and to help the user agent correctly store user credentials for future use.
> This CfC will end in a week (on the 17th of April). Feedback, positive and negative, to public-webappsec@ is welcome, as are bugs (which you are cordially invited to file at https://github.com/w3c/webappsec/issues/new?title=CREDENTIAL:%20).
> Thanks!
> [1]: https://lists.w3.org/Archives/Public/public-webappsec/2015Jan/0204.html
> --
> Mike West <mkwst@google.com <mailto:mkwst@google.com>>, @mikewest
> Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth Flores
> (Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
Received on Saturday, 11 April 2015 12:15:39 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:48 UTC