- From: Mike West <mkwst@google.com>
- Date: Thu, 23 Apr 2015 10:22:36 +0200
- To: Manu Sporny <msporny@digitalbazaar.com>, Brad Hill <hillbrad@gmail.com>, Wendy Seltzer <wseltzer@w3.org>, Dan Veditz <dveditz@mozilla.com>
- Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
- Message-ID: <CAKXHy=eC77EQGVifYpTP7YV4AF8tEzMkwGDbWkELU-8GEbWA5g@mail.gmail.com>
Two days without controversy seems like a good-enough signal to me. Brad, Dan, Wendy: Do you think it's reasonable to kick off the transition process for https://w3c.github.io/webappsec/specs/credentialmanagement/published/2015-04-FPWD.html ? -mike -- Mike West <mkwst@google.com>, @mikewest Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth Flores (Sorry; I'm legally required to add this exciting detail to emails. Bleh.) On Tue, Apr 21, 2015 at 8:37 AM, Mike West <mkwst@google.com> wrote: > Based on the discussion in https://github.com/w3c/webappsec/pull/277 and > https://github.com/w3c/webappsec/issues/256, it sounds like we've worked > things out in the current draft ( > https://w3c.github.io/webappsec/specs/credentialmanagement/) in enough > detail to proceed with the FPWD. Is that your take on things as well, Manu? > > If so, I'll spin out a pubrules-compliant document for Wendy to take > through the transition process. > > -mike > > -- > Mike West <mkwst@google.com>, @mikewest > > Google Germany GmbH, Dienerstrasse 12, 80331 München, > Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der > Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth > Flores > (Sorry; I'm legally required to add this exciting detail to emails. Bleh.) > > On Fri, Apr 17, 2015 at 2:51 PM, Manu Sporny <msporny@digitalbazaar.com> > wrote: > >> On 04/17/2015 03:58 AM, Mike West wrote: >> > 2. Support fetching credentials from locations that are not the >> > browser (IdP websites, for example) and are not login >> > super-providers. >> > >> > I don't think this is in the scope I've signed up for in v1. I do >> > believe we need to ensure that we don't box ourselves out of a nice >> > API for this in the future, but it doesn't seem to me to be a >> > necessary component of the initial iteration. >> >> To be clear, I meant "support" in a "don't box ourselves out of a nice >> API for this in the future" way. I want us to have a clear plan for how >> this is going to be polyfilled for LinkedDataCredentials this year and >> what the implementation plan for that is going to be in the future. A >> potential future Credentials WG would like to extend the API by doing a >> minimum amount of modification to the CM API to accomplish fetching >> LinkedDataCredentials. We want to make sure that we won't have to do >> anything awkward with the API to get there. I think you want the same >> thing (don't make developers jump through hoops to support other types >> of Credentials). >> >> > 3. Come to consensus that the data model in the API will work for >> > both local credentials and Linked Data credentials served from IdP >> > websites without placing an undue burden on the API. >> > >> > I know you note this at the bottom, but for clarity I'd like to be >> > explicit here: I don't believe that WebAppSec is chartered in such a >> > way that this is going to be a formal requirement for the spec. I >> > will happily work with the CG and IG to make sure that you have room >> > to extend the API in Linked Data directions (as discussed in #1), >> > but I do not intend to add normative language to the spec to that >> > effect. >> >> +1, we're not asking for normative language wrt. >> LinkedDataCredentials... just that the design of the API supports this >> sort of extension in the future in a clean way. >> >> Correct me if I'm wrong, but it sounds like we have general agreement on >> a concrete path forward. Now all we need to do is hammer out the details. >> >> -- manu >> >> -- >> Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny) >> Founder/CEO - Digital Bazaar, Inc. >> blog: The Marathonic Dawn of Web Payments >> http://manu.sporny.org/2014/dawn-of-web-payments/ >> >> >
Received on Thursday, 23 April 2015 08:23:27 UTC