Re: Monday May 18 teleconference topics from Manu Sporny on 2015-05-14 (public-webappsec@w3.org from May 2015)

From: Manu Sporny <msporny@digitalbazaar.com>
Date: Wed, 13 May 2015 23:50:57 -0400
To: public-webappsec@w3.org
Message-ID: <55541BA1.70709@digitalbazaar.com>

On 05/13/2015 07:51 AM, Mike West wrote:
> On Wed, May 13, 2015 at 10:21 AM, Daniel Veditz <dveditz@mozilla.com
>  <mailto:dveditz@mozilla.com>> wrote:
> 
> Credential Management spec: 
> https://w3c.github.io/webappsec/specs/credentialmanagement/ issues: 
> https://github.com/w3c/webappsec/labels/CREDENTIAL
> 
> CCing Manu and Dave: Will either of you (or another representative 
> from the Credentials CG/Web Payments IG) be able to attend?

Yes, I will be able to attend and I'm pretty sure Dave will be as well.

We've been tracking the latest changes in the spec, and are upbeat about
the direction. If you feel you've got the spec in a state that we can do
a thorough analysis, we can do that next week to see if the new
extension points work for our use cases.

We have some high level questions to explore on the call, such as:

* Does the current charter of WebAppSec allow us to discuss cross-origin
credentials, or is the discussion limited to same-origin credentials?
* Does the W3C want to support cross-origin credentials in the future,
and if we don't know the answer to that, do we need to elevate this
question to the TAG or W3M? We're going to hit the question head-on
if/when the Credentials WG is chartered.

25 minutes is not a great deal of time to have an in-depth discussion,
so I suggest we do the following:

1. Use the telecon to touch base on the progress you've made on the spec
and solidify the sort of proposal that you'd like to see from us.
2. Produce an expected extension for the cross-origin credential use
cases we have for the Credentials CG/WG work.
3. Set aside time to discuss the extension in depth with you, and the
changes we expect would need to be made to make local, federated, and
remotely stored cross-origin credentials work seamlessly with the
credential management API.

Does that plan work for you, Mike? Brad and Dan?

-- manu

-- 
Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
Founder/CEO - Digital Bazaar, Inc.
blog: The Marathonic Dawn of Web Payments
http://manu.sporny.org/2014/dawn-of-web-payments/

Received on Thursday, 14 May 2015 03:51:22 UTC