- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Mon, 10 Aug 2015 12:35:45 +0200
- To: Mike West <mkwst@google.com>
- Cc: Adrian Hope-Bailie <adrian@hopebailie.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Dave Longley <dlongley@digitalbazaar.com>, Manu Sporny <msporny@digitalbazaar.com>, Brad Hill <hillbrad@gmail.com>, timeless <timeless@gmail.com>
I have also become suspect of the federation bits. Have we discussed with sites that provide federated identity what kind of requirements they have? E.g., GitHub seems very eager to experiment here and make credentials work as well as they possibly can, but when I talked to one of the GitHub engineers they did not really see how this would fit in their flow. Furthermore, https://github.com/w3c/webappsec/issues/445 suggests that even the password API might not be worth it given requestAutocomplete(). -- https://annevankesteren.nl/
Received on Monday, 10 August 2015 10:36:09 UTC