- From: Mike West <mkwst@google.com>
- Date: Thu, 23 Apr 2015 10:08:38 +0200
- To: Anders Rundgren <anders.rundgren.net@gmail.com>
- Cc: W3C Credentials Community Group <public-credentials@w3.org>, "public-webappsec@w3.org" <public-webappsec@w3.org>
- Message-ID: <CAKXHy=f5xjKqOFERbc67caepoOXP_cHT6izQD3p_CCN9qF2ayg@mail.gmail.com>
Hi, Anders! On Thu, Apr 23, 2015 at 9:39 AM, Anders Rundgren < anders.rundgren.net@gmail.com> wrote: > Regardless if the Credential Management API matches the envisioned needs > of the Credentials CG or not, I doubt that this is the right path for the > industry. > It's not clear what concrete changes, if any, you're suggesting. There are several problems with the approach taken and one of the more > obvious is that "Apps" like Skype, Facebook, e-banking, etc. also rely on > credentials which makes the idea building such functionality into the > browser layer somewhat futile; credentials rather belong to the platform. The claim that "Native apps rely on credentials" doesn't seem to have much impact, given that "Web origins rely on credentials" is also true. Given that a browser interacts with a wide variety of the latter, it's not clear to me that layering an API on top of the already-built functionality at the browser layer is anything but helpful. Due to the fact above, the unknown buy-in from other browser vendors and > last but not least the inherent inflexibility of the browser infrastructure > with respect to updates, I'm convinced that credential management would be > more suited as applications based on "The Extended Web": > https://lists.w3.org/Archives/Public/public-webappsec/2015Apr/0220.html "Unknown buy-in from other browser vendors" doesn't seem like something we'd solve by moving the spec to the CG you suggest. Nor do I understand the claim of "inherent inflexibility" of browsers; isn't this spec an existence proof of the opposite? -- Mike West <mkwst@google.com>, @mikewest Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth Flores (Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
Received on Thursday, 23 April 2015 08:09:27 UTC