W3C home > Mailing lists > Public > public-webappsec@w3.org > May 2015

Re: [credential management] Cross-origin credentials (was: Identity Credentials API Extension)

From: Anne van Kesteren <annevk@annevk.nl>
Date: Sat, 30 May 2015 11:40:44 +0900
Message-ID: <CADnb78hWdFhh5xXdGgTv5Y_aHhnVOuOGD9DYW5Wj+auGhVR2Ww@mail.gmail.com>
To: Brad Hill <hillbrad@gmail.com>
Cc: Adrian Hope-Bailie <adrian@hopebailie.com>, Manu Sporny <msporny@digitalbazaar.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
On Sat, May 30, 2015 at 8:57 AM, Brad Hill <hillbrad@gmail.com> wrote:
> The scope of what we are chartered to do in WebAppSec is to work on security
> and usability affordances for common systems already deployed, not to invent
> new protocols.

The FederatedCredential object is a new protocol of sorts though. I
think I somewhat agree with Adrian that this does not go far enough in
making federated login a part of the platform. It's not flushed out
enough and fairly experimental whereas we have plenty of experience
with password-based credentials (at least declarative, and making it
easier for people to do that <form>-less seems worthwhile).

Received on Saturday, 30 May 2015 02:41:09 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:49 UTC