WebAppSec Credentials Management API FPWD consensus plan from Manu Sporny on 2015-04-17 (public-webappsec@w3.org from April 2015)

From: Manu Sporny <msporny@digitalbazaar.com>
Date: Fri, 17 Apr 2015 00:30:32 -0400
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <55308C68.5060602@digitalbazaar.com>

(bcc: Web Payments IG, Credentials CG)

This is an attempt to propose a plan that will achieve consensus on the
WebAppSec Credentials Management API FPWD publication. It is informed by
the state of discussions[1][2][3] that have been occurring in the github
issue tracker.

Requests that, if fulfilled, will almost surely result in consensus:

1. Continue to work together to refine changes to the API and data
   model via github issue 256[3].
2. Support fetching credentials from locations that are not the
   browser (IdP websites, for example) and are not login
   super-providers.
3. Come to consensus that the data model in the API will work for
   both local credentials and Linked Data credentials served from
   IdP websites without placing an undue burden on the API.

Requests that would most likely be a good idea as the spec progresses:

1. The Web Payments IG and Credentials CG should be ping'd from time to
   time to do spec reviews.
2. An organization in the Credentials CG will do an experimental
   polyfill implementation of the Credentials Management API to ensure
   that it is workable from our standpoint.
3. Briefly mention the Credentials CG work in the spec since you
   mention Persona and WebID. I'd be happy to submit a PR for this.

It is also important to understand what isn't being requested:

1. We don't want to formally add the burden of the Credentials CG or
   Web Payments IG use cases, requirements or IP commitments to the
   WebAppSec group.
2. We don't want to delay the publication of the document by a
   significant amount of time.
3. We don't want to complicate the API to the point that it doesn't
   serve the primary "Login Manager" use case well.

I hope this is helpful in highlighting some concrete goals that we can
all try to achieve together. The editor, chairs, and staff contacts from
the WebAppSec, Web Payments, and Credentials groups will be meeting
tomorrow morning to discuss this plan as well as other concerns.

-- manu

[1] https://github.com/w3c/webappsec/issues/254
[2] https://github.com/w3c/webappsec/issues/255
[3] https://github.com/w3c/webappsec/issues/256

-- 
Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
Founder/CEO - Digital Bazaar, Inc.
blog: The Marathonic Dawn of Web Payments
http://manu.sporny.org/2014/dawn-of-web-payments/

Received on Friday, 17 April 2015 04:31:10 UTC