- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Thu, 21 May 2015 15:18:55 -0400
- To: "public-webappsec@w3.org" <public-webappsec@w3.org>
bcc: Web Payments IG, Web Payments CG, Credentials CG Mike, Brad, Dan, and WebAppSec'ers, As promised on Monday, Dave Longley and I have put together an experimental extension spec for the Identity Credentials API, based on the WebAppSec Credential Management API: https://docs.google.com/document/d/1tI0CJ4wAKKPQacrxOmTtl_GQUBeVtbg8e1ZSXs2SWag/edit?pli=1# We followed Section 8.2 "Extension Points" in the CMAPI spec to do so. The document: 1. Starts out by providing an overview of what the Credentials CG and Web Payments CG/IG would most likely need for their use cases. 2. We then elaborate on more-or-less how the extension would work in practice, following the guidance given in section 8.2 on how to write extensions. We provide all algorithms necessary to do a simple cross-origin credential storage, request and transmission. 3. We close by listing the problems that we see with the current specification as well as open questions wrt. browser implementation concerns. At this point, we ask that: 1. The WebAppSec WG Review the extension specification, and 2. Make comments/suggestions either onlist or in the Google Doc, and 3. that Mike West schedules some time to chat with us to answer any questions that he may have after reviewing the document. We're happy to jump on the next WebAppSec call and present this work if that's deemed helpful to the group. -- manu -- Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny) Founder/CEO - Digital Bazaar, Inc. blog: Web Payments: The Architect, the Sage, and the Moral Voice https://manu.sporny.org/2015/payments-collaboration/
Received on Thursday, 21 May 2015 19:19:19 UTC