W3C home > Mailing lists > Public > public-webappsec@w3.org > August 2015

Re: Coming back to CREDENTIAL.

From: Anne van Kesteren <annevk@annevk.nl>
Date: Mon, 10 Aug 2015 14:13:02 +0200
Message-ID: <CADnb78gf9XnSdyjp3u0tSzmbqTiB7y0rYFCM8g6o3ujomTui8Q@mail.gmail.com>
To: Mike West <mkwst@google.com>
Cc: Adrian Hope-Bailie <adrian@hopebailie.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Dave Longley <dlongley@digitalbazaar.com>, Manu Sporny <msporny@digitalbazaar.com>, Brad Hill <hillbrad@gmail.com>, timeless <timeless@gmail.com>
On Mon, Aug 10, 2015 at 1:48 PM, Mike West <mkwst@google.com> wrote:
> I love GitHubbians, but it's not clear to me why the federation is the
> entity we should be talking to to gather requirements. Instead, we'd want to
> talk to sites that rely on federations, as those are the folks targeted by
> the API.

GitHub is on both sides here I think. They also have some places, as
does Google I'm sure, where the only account you can use is GitHub.
However, without going through the server they can't really
communicate about their respective states.

> I don't have any concrete feedback to share, but I can share the general
> comment that folks who support more than one federation see a real problem
> with users forgetting which service they've used, creating multiple
> accounts, and then generating support requests to merge them after the fact.
> Addressing that problem seems valuable.

But the only tangible bit you're offering them is storing this bit of
information together with credentials, rather than elsewhere, so it
won't be cleared. Is users clearing their data but not credentials a
really common problem? It seems somewhat unlikely.

Received on Monday, 10 August 2015 12:13:26 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:14 UTC