- From: Wendy Seltzer <wseltzer@w3.org>
- Date: Thu, 23 Apr 2015 04:49:15 -0400
- To: Mike West <mkwst@google.com>, Manu Sporny <msporny@digitalbazaar.com>, Brad Hill <hillbrad@gmail.com>, Dan Veditz <dveditz@mozilla.com>
- CC: "public-webappsec@w3.org" <public-webappsec@w3.org>
Sounds good to me, thanks Mike and all! --Wendy On 04/23/2015 04:22 AM, Mike West wrote: > Two days without controversy seems like a good-enough signal to me. > > Brad, Dan, Wendy: Do you think it's reasonable to kick off the transition > process for > https://w3c.github.io/webappsec/specs/credentialmanagement/published/2015-04-FPWD.html > ? > > -mike > > -- > Mike West <mkwst@google.com>, @mikewest > > Google Germany GmbH, Dienerstrasse 12, 80331 München, > Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der > Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth > Flores > (Sorry; I'm legally required to add this exciting detail to emails. Bleh.) > > On Tue, Apr 21, 2015 at 8:37 AM, Mike West <mkwst@google.com> wrote: > >> Based on the discussion in https://github.com/w3c/webappsec/pull/277 and >> https://github.com/w3c/webappsec/issues/256, it sounds like we've worked >> things out in the current draft ( >> https://w3c.github.io/webappsec/specs/credentialmanagement/) in enough >> detail to proceed with the FPWD. Is that your take on things as well, Manu? >> >> If so, I'll spin out a pubrules-compliant document for Wendy to take >> through the transition process. >> >> -mike >> >> -- >> Mike West <mkwst@google.com>, @mikewest >> >> Google Germany GmbH, Dienerstrasse 12, 80331 München, >> Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der >> Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth >> Flores >> (Sorry; I'm legally required to add this exciting detail to emails. Bleh.) >> >> On Fri, Apr 17, 2015 at 2:51 PM, Manu Sporny <msporny@digitalbazaar.com> >> wrote: >> >>> On 04/17/2015 03:58 AM, Mike West wrote: >>>> 2. Support fetching credentials from locations that are not the >>>> browser (IdP websites, for example) and are not login >>>> super-providers. >>>> >>>> I don't think this is in the scope I've signed up for in v1. I do >>>> believe we need to ensure that we don't box ourselves out of a nice >>>> API for this in the future, but it doesn't seem to me to be a >>>> necessary component of the initial iteration. >>> >>> To be clear, I meant "support" in a "don't box ourselves out of a nice >>> API for this in the future" way. I want us to have a clear plan for how >>> this is going to be polyfilled for LinkedDataCredentials this year and >>> what the implementation plan for that is going to be in the future. A >>> potential future Credentials WG would like to extend the API by doing a >>> minimum amount of modification to the CM API to accomplish fetching >>> LinkedDataCredentials. We want to make sure that we won't have to do >>> anything awkward with the API to get there. I think you want the same >>> thing (don't make developers jump through hoops to support other types >>> of Credentials). >>> >>>> 3. Come to consensus that the data model in the API will work for >>>> both local credentials and Linked Data credentials served from IdP >>>> websites without placing an undue burden on the API. >>>> >>>> I know you note this at the bottom, but for clarity I'd like to be >>>> explicit here: I don't believe that WebAppSec is chartered in such a >>>> way that this is going to be a formal requirement for the spec. I >>>> will happily work with the CG and IG to make sure that you have room >>>> to extend the API in Linked Data directions (as discussed in #1), >>>> but I do not intend to add normative language to the spec to that >>>> effect. >>> >>> +1, we're not asking for normative language wrt. >>> LinkedDataCredentials... just that the design of the API supports this >>> sort of extension in the future in a clean way. >>> >>> Correct me if I'm wrong, but it sounds like we have general agreement on >>> a concrete path forward. Now all we need to do is hammer out the details. >>> >>> -- manu >>> >>> -- >>> Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny) >>> Founder/CEO - Digital Bazaar, Inc. >>> blog: The Marathonic Dawn of Web Payments >>> http://manu.sporny.org/2014/dawn-of-web-payments/ >>> >>> >> > -- Wendy Seltzer -- wseltzer@w3.org +1.617.715.4883 (office) Policy Counsel and Domain Lead, World Wide Web Consortium (W3C) http://wendy.seltzer.org/ +1.617.863.0613 (mobile)
Received on Thursday, 23 April 2015 08:49:35 UTC