W3C home > Mailing lists > Public > public-webappsec@w3.org > August 2015

Re: Coming back to CREDENTIAL.

From: Anne van Kesteren <annevk@annevk.nl>
Date: Mon, 10 Aug 2015 12:35:45 +0200
Message-ID: <CADnb78jY-G_kXtEh1RVu4ArOh5Gct+foMaBO0EWTfgbGr=xXyQ@mail.gmail.com>
To: Mike West <mkwst@google.com>
Cc: Adrian Hope-Bailie <adrian@hopebailie.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Dave Longley <dlongley@digitalbazaar.com>, Manu Sporny <msporny@digitalbazaar.com>, Brad Hill <hillbrad@gmail.com>, timeless <timeless@gmail.com>
I have also become suspect of the federation bits. Have we discussed
with sites that provide federated identity what kind of requirements
they have? E.g., GitHub seems very eager to experiment here and make
credentials work as well as they possibly can, but when I talked to
one of the GitHub engineers they did not really see how this would fit
in their flow.

Furthermore, https://github.com/w3c/webappsec/issues/445 suggests that
even the password API might not be worth it given

Received on Monday, 10 August 2015 10:36:09 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:50 UTC