W3C home > Mailing lists > Public > public-webappsec@w3.org > June 2015

Re: [credential management] Identity Credentials API Extension

From: Brad Hill <hillbrad@gmail.com>
Date: Mon, 01 Jun 2015 17:11:09 +0000
Message-ID: <CAEeYn8izM=r966Bd1Q6VPQ5F3O+AuiTYWbp19HLPJu=g00FH5A@mail.gmail.com>
To: Manu Sporny <msporny@digitalbazaar.com>, Mike West <mkwst@google.com>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
By all means, continue, if progress is being made.

I just don't want the group to grind to a halt on this, and I want us to be
very careful that we don't create, for the sake of avoiding turf battles
over the term "credential", one API with lots of flexibility that imposes
more complexity cost on (or hides necessary complexity from) callers than
two or three simpler and more focused APIs would, especially without clear
use cases for the abstraction itself.

-Brad

On Mon, Jun 1, 2015 at 7:02 AM Manu Sporny <msporny@digitalbazaar.com>
wrote:

> On 06/01/2015 08:35 AM, Mike West wrote:
> > On Mon, Jun 1, 2015 at 5:32 AM, Manu Sporny
> > <msporny@digitalbazaar.com <mailto:msporny@digitalbazaar.com>>
> > wrote:
> >
> > the WebIDL would only need to go through a few changes to support our
> > extension only to find out that our extension isn't the sort of
> > extension that the CM API was designed for.
> >
> > Could you clarify what changes you'd like to see in this document's
> > WebIDL?
> >
> > I read https://docs.google.com/document/d/...
> >
> > as sketching an extension to the API within the confines of the
> > extension points we've built in together, targeting a fleshed-out
> > implementation in a document you'd produce in a to-be-chartered WG.
> > Is that not the case? Which pieces were intended to change the
> > underlying API?
>
> Mike, your read is more or less on point.
>
> If you look at the end of the document, we raise a number of discussion
> points:
>
>
> https://docs.google.com/document/d/1tI0CJ4wAKKPQacrxOmTtl_GQUBeVtbg8e1ZSXs2SWag/edit?pli=1#bookmark=id.e8kdxly5xi0j
>
> We were hoping to have a thorough discussion with you to see if our read
> on the API was correct before suggesting changes to the WebIDL. For
> example, if you look at #5, it suggests that a Promise may need to
> resolve to more than just a Credential or undefined. It may need to
> resolve to a page navigation object. That's a fairly simple change to
> the WebIDL (that has broad ramifications).
>
> We could propose an "ideal set of WebIDL changes" now, but wanted to
> have a discussion with you before we did that so we didn't propose
> something off base.
>
> That said, I'm hearing Brad say "don't bother, the goals are too
> divergent". So, now I'm confused. Do you want us to suggest changes, or
> is this the end of the conversation? There's no point in us doing more
> work on this if there is no chance for it to be integrated.
>
> -- manu
>
> --
> Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
> Founder/CEO - Digital Bazaar, Inc.
> blog: Web Payments: The Architect, the Sage, and the Moral Voice
> https://manu.sporny.org/2015/payments-collaboration/
>
>
Received on Monday, 1 June 2015 17:11:46 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:13 UTC