Re: WebAppSec Credentials Management API FPWD consensus plan

On Thu, Apr 23, 2015 at 5:25 PM, Manu Sporny <>

> To be clear, we're skeptical that the current form of the API lends
itself well to the type of extension we'd like to perform. We can do it,
> but every approach we've tried thus far feels like a hack and we'd
> probably end up defining a new API rather than extending the one
> currently defined (clearly, that's not a good thing and we want to avoid
> that).

That's disappointing to hear. We've made a number of compromises in the API
in order to increase the flexibility for the kinds of extensions David
(CC'd) has asked for in Since
there hasn't been substantive discussion on that bug since Friday, I
thought we were pretty close to being on the same page.

I look forward to seeing the sorts of ideal data structures and APIs from
your groups, but I'm wary of what sounds increasingly like a complete

and now that it's
> clear that the WebAppSec group intends to coordinate with those two
> other groups, I'm happy to support publication of the FPWD.

I agree that we should publish an FPWD to kick off the exclusion period
regardless of the detail discussion about the exact words and shape of the


Mike West <>, @mikewest

Google Germany GmbH, Dienerstrasse 12, 80331 München,
Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der
Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth
(Sorry; I'm legally required to add this exciting detail to emails. Bleh.)

Received on Thursday, 23 April 2015 15:46:34 UTC