W3C home > Mailing lists > Public > public-webappsec@w3.org > April 2015

Re: Overlap with Credentials/Web Payments CG (was Re: CfC to publish a FPWD of Credential Management; ending April 17th.)

From: Adrian Hope-Bailie <adrian@hopebailie.com>
Date: Wed, 15 Apr 2015 15:08:01 +0200
Message-ID: <CA+eFz_+EHBh5sxQTAex9mLhfzJzmKSP0RtdET1H5NSBbwdyYAw@mail.gmail.com>
To: Janusz Majnert <jmajnert@gmail.com>
Cc: Brad Hill <hillbrad@gmail.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
But we need to concentrate on showing what the specific issues are and
how they can be addressed. It would be great if concerned members of
Credential and Web Payments CGs could raise issues on github instead
of reiterating the same points in lengthy emails :-)

+1 again, however the call for consensus closes in 2 days.
As far as I know there are a number of people working on providing just
that feedback but they simply require some more time.
As I asked in a previous email; would it help for a member/members of these
groups to join the WebAppSec WG in order to provide a voice from that
corner?
I am happy to do so if required but have not had feedback on this yet.

My original email on this thread was a proposal that the groups be given
time to pull down the latest polyfill code and demos and actually attempt
to run through some use cases as a basis for logging issues in GitHub.
That email has had no response...


On 15 April 2015 at 14:57, Janusz Majnert <jmajnert@gmail.com> wrote:

> 2015-04-15 14:39 GMT+02:00 Adrian Hope-Bailie <adrian@hopebailie.com>:
> > I think that at this point it should be no problem for
> > WebAppSec to rename the Credential Management API to something like
> > "Password Manager API". The interfaces could use "identity" instead of
> > "credential"?
> >
> > +1 as a start.
> > However this does miss the opportunity for the spec to be specifically
> > accommodating of the work and plans from the Web Payments IG and
> Credentials
> > CG which do overlap with the stated Future Work of the spec.
> > It also means that should a Credentials API be proposed in future (highly
> > likely it is currently spec'ed by the Credentials CG) we end up with two
> > APIs that will eventually begin to overlap.
> > Is that a problem?
>
> This wouldn't be the first time it happened... But yes, it could lead
> to some confusion.
>
> >
> > Supporting linked-data as the mechanism for expressing identity and
> > credentials is the greatest bang-for-buck change that could be made to
> the
> > current spec.
> > Is this beyond achieving?
>
> Not sure. See below.
>
> >
> > As far as I can tell all that the Credentials CG and Web Payments IG are
> > asking for is some time to give this a more thorough analysis before the
> > spec goes to FPWD and some active collaboration from the spec's editors.
> > Is there a good reason to deny this?
>
> I'm not trying to deny it, I don't think anyone is trying to do so.
> But we need to concentrate on showing what the specific issues are and
> how they can be addressed. It would be great if concerned members of
> Credential and Web Payments CGs could raise issues on github instead
> of reiterating the same points in lengthy emails :-)
>
>
> Regards,
> Janusz Majnert
>
Received on Wednesday, 15 April 2015 13:08:29 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:12 UTC