[credential management] Identity Credentials API Extension

bcc: Web Payments IG, Web Payments CG, Credentials CG

Mike, Brad, Dan, and WebAppSec'ers,

As promised on Monday, Dave Longley and I have put together an
experimental extension spec for the Identity Credentials API, based on
the WebAppSec Credential Management API:


We followed Section 8.2 "Extension Points" in the CMAPI spec to do so.
The document:

1. Starts out by providing an overview of what the Credentials CG and
   Web Payments CG/IG would most likely need for their use cases.
2. We then elaborate on more-or-less how the extension would work in
   practice, following the guidance given in section 8.2 on how to
   write extensions. We provide all algorithms necessary to do a
   simple cross-origin credential storage, request and transmission.
3. We close by listing the problems that we see with the current
   specification as well as open questions wrt. browser implementation

At this point, we ask that:

1. The WebAppSec WG Review the extension specification, and
2. Make comments/suggestions either onlist or in the Google Doc, and
3. that Mike West schedules some time to chat with us to answer any
   questions that he may have after reviewing the document.

We're happy to jump on the next WebAppSec call and present this work if
that's deemed helpful to the group.

-- manu

Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
Founder/CEO - Digital Bazaar, Inc.
blog: Web Payments: The Architect, the Sage, and the Moral Voice

Received on Thursday, 21 May 2015 19:19:19 UTC