- From: Mike West <mkwst@google.com>
- Date: Fri, 17 Apr 2015 09:58:37 +0200
- To: Manu Sporny <msporny@digitalbazaar.com>
- Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
- Message-ID: <CAKXHy=fZY6NkGSSeAJ=TdExKgwNmN90o1Ny8K+Sqb3rgV8T84g@mail.gmail.com>
On Fri, Apr 17, 2015 at 6:30 AM, Manu Sporny <msporny@digitalbazaar.com> wrote: > (bcc: Web Payments IG, Credentials CG) > > This is an attempt to propose a plan that will achieve consensus on the > WebAppSec Credentials Management API FPWD publication. It is informed by > the state of discussions[1][2][3] that have been occurring in the github > issue tracker. > > Requests that, if fulfilled, will almost surely result in consensus: > > 1. Continue to work together to refine changes to the API and data > model via github issue 256[3]. > Based on David's feedback, I think we're already pretty close. I rewrote a good chunk of the spec yesterday based on the concerns raised here, and I'm hopeful that we'll be able to hammer something out in the very near future. > 2. Support fetching credentials from locations that are not the > browser (IdP websites, for example) and are not login > super-providers. > I don't think this is in the scope I've signed up for in v1. I do believe we need to ensure that we don't box ourselves out of a nice API for this in the future, but it doesn't seem to me to be a necessary component of the initial iteration. > 3. Come to consensus that the data model in the API will work for > both local credentials and Linked Data credentials served from > IdP websites without placing an undue burden on the API. > I know you note this at the bottom, but for clarity I'd like to be explicit here: I don't believe that WebAppSec is chartered in such a way that this is going to be a formal requirement for the spec. I will happily work with the CG and IG to make sure that you have room to extend the API in Linked Data directions (as discussed in #1), but I do not intend to add normative language to the spec to that effect. Requests that would most likely be a good idea as the spec progresses: > > 1. The Web Payments IG and Credentials CG should be ping'd from time to > time to do spec reviews. > This certainly seems reasonable. > 2. An organization in the Credentials CG will do an experimental > polyfill implementation of the Credentials Management API to ensure > that it is workable from our standpoint. > Sounds great! > 3. Briefly mention the Credentials CG work in the spec since you > mention Persona and WebID. I'd be happy to submit a PR for this. > I'm happy to review such a PR. :) Thanks! -- Mike West <mkwst@google.com>, @mikewest Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth Flores (Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
Received on Friday, 17 April 2015 07:59:27 UTC