W3C home > Mailing lists > Public > public-webappsec@w3.org > April 2015

Re: WebAppSec Credentials Management API FPWD consensus plan

From: Mike West <mkwst@google.com>
Date: Fri, 24 Apr 2015 10:48:44 +0200
Message-ID: <CAKXHy=foghh+Pq97eP69aXa+mk6YEtjUarEnKOK8woJ1YoPj1g@mail.gmail.com>
To: Manu Sporny <msporny@digitalbazaar.com>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
On Thu, Apr 23, 2015 at 6:17 PM, Manu Sporny <msporny@digitalbazaar.com>
> The thought right now is to propose a complete API that we believe would
> work for all three affected groups at W3C and see if it could be
> workable.

I'm looking forward to your proposals. Are there any strawman docs floating

For example, you stated that you weren't interested in working
> on cross-origin credentials. That, however, is exactly what we need for
> the work we're doing.

I think we agreed at the top of this thread that the goal for this document
is "don't box ourselves out of a nice API for this in the future". My
trepidations at the security and privacy properties of cross-origin
credentials aside, that seems like what we ought to be aiming for.

So, W3C needs to figure out if they're going to think about/support
> cross-origin credentials

I don't think resolution on that conversation is a requirement for progress
on this spec.

that conversation isn't going to play out in a weeks time.

What's the timeframe you're aiming for?


Mike West <mkwst@google.com>, @mikewest

Google Germany GmbH, Dienerstrasse 12, 80331 München,
Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der
Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth
(Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
Received on Friday, 24 April 2015 08:49:33 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:12 UTC