- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Sat, 30 May 2015 06:13:50 +0200
- To: Anne van Kesteren <annevk@annevk.nl>, Brad Hill <hillbrad@gmail.com>
- CC: Adrian Hope-Bailie <adrian@hopebailie.com>, Manu Sporny <msporny@digitalbazaar.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
On 2015-05-30 04:40, Anne van Kesteren wrote: > On Sat, May 30, 2015 at 8:57 AM, Brad Hill <hillbrad@gmail.com> wrote: >> The scope of what we are chartered to do in WebAppSec is to work on security >> and usability affordances for common systems already deployed, not to invent >> new protocols. > > The FederatedCredential object is a new protocol of sorts though. I > think I somewhat agree with Adrian that this does not go far enough in > making federated login a part of the platform. It's not flushed out > enough and fairly experimental whereas we have plenty of experience > with password-based credentials (at least declarative, and making it > easier for people to do that <form>-less seems worthwhile). > Agreed. Unfortunately some experimentation is probably needed and there are many quite different federation schemes in use which (IMO) makes the Credential Management API concept less useful as a standard. At least at this stage. Since meaningful experimentation is out of scope for all but a very small set of browser vendors, I have proposed another approach for enabling a wider audience to roll out new schemes for Credential Management, Authentication, Payments, etc. etc.: https://lists.w3.org/Archives/Public/www-tag/2015Apr/0053.html Anders
Received on Saturday, 30 May 2015 04:14:22 UTC