- From: Timothy Holborn <timothy.holborn@gmail.com>
- Date: Wed, 15 Apr 2015 00:27:24 +1000
- To: Brad Hill <hillbrad@gmail.com>
- Cc: Wendy Seltzer <wseltzer@w3.org>, Mike West <mkwst@google.com>, Manu Sporny <msporny@digitalbazaar.com>, Dan Veditz <dveditz@mozilla.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Credentials Community Group <public-credentials@w3.org>, Web Payments IG <public-webpayments-ig@w3.org>
- Message-ID: <CAM1Sok1FARJX8o4O32fBN-brB-NWWHht6+xvt_44V8E2Z=epsw@mail.gmail.com>
are there any relevant patents and/or other forms of IPR that should be declared? On 14 April 2015 at 03:23, Brad Hill <hillbrad@gmail.com> wrote: > Manu, > > Before you continue tossing around threats of Formal Objections, I'll > suggest you refer the process document: > > http://www.w3.org/2014/Process-20140801/ > > "An individual who registers a Formal Objection SHOULD cite technical > arguments and propose changes that would remove the Formal Objection; these > proposals MAY be vague or incomplete. Formal Objections that do not > provide substantive arguments or rationale are unlikely to receive serious > consideration by the Director." > > I hope you will at least do this group the courtesy of the same: a > substantive technical rationale for the objection and proposals for changes > (within the chartered scope of this WG: > http://www.w3.org/2015/03/webappsec-charter-2015.html) that would remove > the objection, and give us an opportunity to respond to those suggestions. > > Credential is a very overloaded term, as the CG's executive summary > document makes abundantly clear. The concrete problem of improving the > reliability, functionality and security of management tools for > username/password and federated credentials - tools that are in wide > deployment today - is real and pressing, and that is what we put in the > scope of our charter. > > As the Credentials CG summary seems to consider 'credentials' as > potentially including payment instruments, identities, verifiable age > claims, and more, and there is no technical report giving any technical > details of how such would be represented, it seems impossible to judge at > this time whether this specification would accommodate those concerns or > not, or whether the use case scenarios even overlap (automatically applying > a username/password for login is quite different than automatically > applying a payment instrument!) without further clarification. > > thank you, > > Brad Hill > Co-Chair, WebAppSec WG > > On Mon, Apr 13, 2015 at 6:01 AM Wendy Seltzer <wseltzer@w3.org> wrote: > >> On 04/13/2015 04:45 AM, Mike West wrote: >> > (Forking the thread for clarity) >> > >> > Hi Manu! >> > >> > I've put forward this draft of the credential management spec in order >> to >> > seek exactly this sort of feedback from developers. If there are indeed >> > technical deficiencies in the spec that make it unsuitable for use cases >> > that we ought to support, then we certainly need to change it. >> > >> > Indeed, the API proposed in this document is intended to be fairly >> generic >> > (it has ~2 methods) and extensible (by subclassing `Credential`) so as >> not >> > to block future innovation. It would be helpful to understand how >> exactly >> > it blocks you from doing the work you'd like to be doing. >> > >> > On Mon, Apr 13, 2015 at 3:44 AM, Manu Sporny <msporny@digitalbazaar.com >> > >> > wrote: >> > >> >> On 04/10/2015 04:21 PM, Mike West wrote: >> >>> Well, wait no longer! This is a real call for consensus to publish >> >>> the following draft of "Credential Management" as a First Public >> >>> Working Draft: >> >> >> >> -1, the spec completely ignores the very substantial work going on in >> >> the Credentials CG and the Web Payments IG that is related to the API >> >> you're proposing. >> >> >> > >> > Perhaps the word "credentials" is causing problems; after skimming the >> > documents you pointed to, I don't see significant overlap between this >> spec >> > and those groups. Is your concern that we're co-opting the term? Or is >> > there something deeper? >> >> Apart from using a common term differently, I don't see much overlap and >> hence potential conflict between the different pieces of work. Mike's >> WebAppSec draft is certainly not asserting that it is the sole source of >> meaning for the term "credential," nor is it saying that web users could >> not request or express richer credentials. >> >> > >> > I suggest the Web AppSec Chairs start coordinating w/ the Web Payments >> >> IG and the Credentials CG before proposing the publication of this >> FPWD. >> >> >> > >> > +Brad, Dan, Wendy. >> >> I'll join this morning's Web Payments IG call and am happy to work to >> help resolve the disagreement. >> >> --Wendy >> >> > >> > -- >> > Mike West <mkwst@google.com>, @mikewest >> > >> > Google Germany GmbH, Dienerstrasse 12, 80331 München, >> > Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der >> > Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth >> > Flores >> > (Sorry; I'm legally required to add this exciting detail to emails. >> Bleh.) >> > >> >> >> -- >> Wendy Seltzer -- wseltzer@w3.org +1.617.715.4883 (office) >> Policy Counsel and Domain Lead, World Wide Web Consortium (W3C) >> http://wendy.seltzer.org/ +1.617.863.0613 (mobile) >> >>
Received on Tuesday, 14 April 2015 14:28:17 UTC