Re: Overlap with Credentials/Web Payments CG (was Re: CfC to publish a FPWD of Credential Management; ending April 17th.) from Adrian Hope-Bailie on 2015-04-15 (public-webappsec@w3.org from April 2015)

From: Adrian Hope-Bailie <adrian@hopebailie.com>
Date: Wed, 15 Apr 2015 17:22:30 +0200
To: Janusz Majnert <jmajnert@gmail.com>
Cc: Brad Hill <hillbrad@gmail.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <CA+eFz_+5o2pt7e-pdDqBTqFhwouOsoYZivU0Oovdd_geKFsU6A@mail.gmail.com>

I am referring to the use cases being collaboratively compiled by a large
group of contributors in the Credentials CG and Web Payments IG.

The use cases defined for the credential management API [1] and referenced
by the spec are defined by their author as follows:

"This is a *really* unofficial draft. It’s not meant to capture any
consensus, beyond my own personal feelings about what sounds interesting.
It is provided for discussion only and may change at any moment, and should
not be taken as "official" or even "unofficial, but planned". Its
publication here does not imply endorsement of its contents by W3C. Don’t
cite this document other than as a collection of interesting ideas."

Not only that, but the document itself has a number of blank sections still
marked "TODO".

The assertion from all members of the WebAppSec group thus far is that
there is no overlap in use cases between the two bodies of work and yet
this is impossible to verify because the uses cases for the Credential
Management API are incomplete as are those being worked on by the
Credentials CG and Web Payments IG.

Consensus around the uses cases for the Credential Management API as a
first step would make consensus around the spec itself a lot easier.

[1] https://w3c.github.io/webappsec/usecases/credentialmanagement/

On 15 April 2015 at 17:02, Janusz Majnert <jmajnert@gmail.com> wrote:

> 2015-04-15 15:08 GMT+02:00 Adrian Hope-Bailie <adrian@hopebailie.com>:
> > But we need to concentrate on showing what the specific issues are and
> > how they can be addressed. It would be great if concerned members of
> > Credential and Web Payments CGs could raise issues on github instead
> > of reiterating the same points in lengthy emails :-)
> >
> > +1 again, however the call for consensus closes in 2 days.
> > As far as I know there are a number of people working on providing just
> that
> > feedback but they simply require some more time.
> > As I asked in a previous email; would it help for a member/members of
> these
> > groups to join the WebAppSec WG in order to provide a voice from that
> > corner?
> > I am happy to do so if required but have not had feedback on this yet.
> >
> > My original email on this thread was a proposal that the groups be given
> > time to pull down the latest polyfill code and demos and actually
> attempt to
> > run through some use cases as a basis for logging issues in GitHub.
> > That email has had no response...
>
> If you're talking about use cases defined for Credential Management
> API, then this feedback can be given after FPWD is published. If on
> the other hand you're talking about use cases sought after in the CGs,
> then the overlap is minimal. This API is not attempting to solve CGs'
> use cases.
>
> /Janusz Majnert
>

Received on Wednesday, 15 April 2015 15:22:58 UTC