W3C home > Mailing lists > Public > public-webappsec@w3.org > April 2015

Re: WebAppSec Credentials Management API FPWD consensus plan

From: Wendy Seltzer <wseltzer@w3.org>
Date: Thu, 23 Apr 2015 04:49:15 -0400
Message-ID: <5538B20B.8090104@w3.org>
To: Mike West <mkwst@google.com>, Manu Sporny <msporny@digitalbazaar.com>, Brad Hill <hillbrad@gmail.com>, Dan Veditz <dveditz@mozilla.com>
CC: "public-webappsec@w3.org" <public-webappsec@w3.org>
Sounds good to me, thanks Mike and all!

--Wendy

On 04/23/2015 04:22 AM, Mike West wrote:
> Two days without controversy seems like a good-enough signal to me.
> 
> Brad, Dan, Wendy: Do you think it's reasonable to kick off the transition
> process for
> https://w3c.github.io/webappsec/specs/credentialmanagement/published/2015-04-FPWD.html
> ?
> 
> -mike
> 
> --
> Mike West <mkwst@google.com>, @mikewest
> 
> Google Germany GmbH, Dienerstrasse 12, 80331 München,
> Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der
> Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth
> Flores
> (Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
> 
> On Tue, Apr 21, 2015 at 8:37 AM, Mike West <mkwst@google.com> wrote:
> 
>> Based on the discussion in https://github.com/w3c/webappsec/pull/277 and
>> https://github.com/w3c/webappsec/issues/256, it sounds like we've worked
>> things out in the current draft (
>> https://w3c.github.io/webappsec/specs/credentialmanagement/) in enough
>> detail to proceed with the FPWD. Is that your take on things as well, Manu?
>>
>> If so, I'll spin out a pubrules-compliant document for Wendy to take
>> through the transition process.
>>
>> -mike
>>
>> --
>> Mike West <mkwst@google.com>, @mikewest
>>
>> Google Germany GmbH, Dienerstrasse 12, 80331 München,
>> Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der
>> Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth
>> Flores
>> (Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
>>
>> On Fri, Apr 17, 2015 at 2:51 PM, Manu Sporny <msporny@digitalbazaar.com>
>> wrote:
>>
>>> On 04/17/2015 03:58 AM, Mike West wrote:
>>>> 2. Support fetching credentials from locations that are not the
>>>> browser (IdP websites, for example) and are not login
>>>> super-providers.
>>>>
>>>> I don't think this is in the scope I've signed up for in v1. I do
>>>> believe we need to ensure that we don't box ourselves out of a nice
>>>> API for this in the future, but it doesn't seem to me to be a
>>>> necessary component of the initial iteration.
>>>
>>> To be clear, I meant "support" in a "don't box ourselves out of a nice
>>> API for this in the future" way. I want us to have a clear plan for how
>>> this is going to be polyfilled for LinkedDataCredentials this year and
>>> what the implementation plan for that is going to be in the future. A
>>> potential future Credentials WG would like to extend the API by doing a
>>> minimum amount of modification to the CM API to accomplish fetching
>>> LinkedDataCredentials. We want to make sure that we won't have to do
>>> anything awkward with the API to get there. I think you want the same
>>> thing (don't make developers jump through hoops to support other types
>>> of Credentials).
>>>
>>>> 3. Come to consensus that the data model in the API will work for
>>>> both local credentials and Linked Data credentials served from IdP
>>>> websites without placing an undue burden on the API.
>>>>
>>>> I know you note this at the bottom, but for clarity I'd like to be
>>>> explicit here: I don't believe that WebAppSec is chartered in such a
>>>>  way that this is going to be a formal requirement for the spec. I
>>>> will happily work with the CG and IG to make sure that you have room
>>>>  to extend the API in Linked Data directions (as discussed in #1),
>>>> but I do not intend to add normative language to the spec to that
>>>> effect.
>>>
>>> +1, we're not asking for normative language wrt.
>>> LinkedDataCredentials... just that the design of the API supports this
>>> sort of extension in the future in a clean way.
>>>
>>> Correct me if I'm wrong, but it sounds like we have general agreement on
>>> a concrete path forward. Now all we need to do is hammer out the details.
>>>
>>> -- manu
>>>
>>> --
>>> Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
>>> Founder/CEO - Digital Bazaar, Inc.
>>> blog: The Marathonic Dawn of Web Payments
>>> http://manu.sporny.org/2014/dawn-of-web-payments/
>>>
>>>
>>
> 


-- 
Wendy Seltzer -- wseltzer@w3.org +1.617.715.4883 (office)
Policy Counsel and Domain Lead, World Wide Web Consortium (W3C)
http://wendy.seltzer.org/        +1.617.863.0613 (mobile)
Received on Thursday, 23 April 2015 08:49:35 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:12 UTC