- From: Jonathan Kingston <jonathan@jooped.com>
- Date: Mon, 13 Apr 2015 19:31:57 +0100
- To: Mike West <mkwst@google.com>
- Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>, Brad Hill <hillbrad@gmail.com>, Dan Veditz <dveditz@mozilla.com>, Wendy Seltzer <wseltzer@w3.org>
- Message-ID: <CAKrjaaWUzUwcWmGZyVSqhnXPLK4y0n0QCeH2F8f33gSnzOPdsw@mail.gmail.com>
Is there any motivation to add in hooks to other credential management systems outside the browser at all? It seems as if credential management systems like LastPass would benefit from all the advantages you are setting out here. It seems like extensions could hook into a standard API much like they currently do for geolocation etc. Also I started the following test site the other day for this exact reason to improve the usability of password generators: password-generation-test-cases.herokuapp.com The AJAX form submission and saving of passwords would be resolved with this specification (Assuming the API is used. - I can add a test case there when the API solidifies). However the other remaining item is supporting password generation restrictions like 25+ chars minimum, is this something that would belong in this specification? It could hang odd the pattern attribute of form fields. Thanks for submitting this. On 10 April 2015 at 21:21, Mike West <mkwst@google.com> wrote: > Hello, lovely WebAppSecians. Remember way back in January when I sent out > a pre-CfC to prime the pump for the credential management API[1]? You've > probably been checking your inbox daily since then, waiting. Waiting. > Waiting. > > Well, wait no longer! This is a real call for consensus to publish the > following draft of "Credential Management" as a First Public Working Draft: > > > https://w3c.github.io/webappsec/specs/credentialmanagement/published/2015-04-FPWD.html > > The document describes an imperative API enabling a website to request a > user’s credentials from a user agent, and to help the user agent correctly > store user credentials for future use. > > This CfC will end in a week (on the 17th of April). Feedback, positive and > negative, to public-webappsec@ is welcome, as are bugs (which you are > cordially invited to file at > https://github.com/w3c/webappsec/issues/new?title=CREDENTIAL:%20). > > Thanks! > > [1]: > https://lists.w3.org/Archives/Public/public-webappsec/2015Jan/0204.html > > -- > Mike West <mkwst@google.com>, @mikewest > > Google Germany GmbH, Dienerstrasse 12, 80331 München, > Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der > Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth > Flores > (Sorry; I'm legally required to add this exciting detail to emails. Bleh.) >
Received on Monday, 13 April 2015 18:32:26 UTC