Re: [credential management] Cross-origin credentials (was: Identity Credentials API Extension)

On Sat, May 30, 2015 at 8:57 AM, Brad Hill <> wrote:
> The scope of what we are chartered to do in WebAppSec is to work on security
> and usability affordances for common systems already deployed, not to invent
> new protocols.

The FederatedCredential object is a new protocol of sorts though. I
think I somewhat agree with Adrian that this does not go far enough in
making federated login a part of the platform. It's not flushed out
enough and fairly experimental whereas we have plenty of experience
with password-based credentials (at least declarative, and making it
easier for people to do that <form>-less seems worthwhile).


Received on Saturday, 30 May 2015 02:41:09 UTC