@Jeffery - I know some breaking cases will create a demo test and update On 14 April 2015 at 16:21, Jeffrey Yasskin <jyasskin@google.com> wrote: > On Mon, Apr 13, 2015 at 10:20 PM, Manu Sporny <msporny@digitalbazaar.com> > wrote: >> >> > * Not having the ability to sync credentials between different >> > browsers removes features that people depend on from today's >> > managers (like LastPass) that allow you to do this. This makes the >> > proposed solution worse than the current solution. >> >> Applications like LastPass use a server-side component to enable you to >> sync credentials between different browser brands. I don't see anything >> like this in the current spec. Worse, it looks like the current spec is >> going to put companies like LastPass out of business (if the spec >> doesn't allow them to inject navigator.credentials). >> >> Does the spec provide a suggestion on allowing browser extensions to >> override navigator.credentials? If it does, are the security >> ramifications of doing so detailed anywhere? If it doesn't, isn't it >> making the state of the art worse by removing the ability to share >> credentials across multiple browser brands? >> > > Are you familiar with the way LastPass currently integrates with Chrome to > act as a password manager? I believe the technique it currently uses will > work at least as well when there's just one Javascript API through which > all passwords pass. If you think it doesn't work, can you point out the > exact place it breaks down? > > Jeffrey >
Received on Tuesday, 14 April 2015 16:50:43 UTC