W3C home > Mailing lists > Public > public-webappsec@w3.org > October 2015

Re: CredentialManagement

From: Dave Longley <dlongley@digitalbazaar.com>
Date: Mon, 5 Oct 2015 09:20:55 -0400
To: public-webappsec@w3.org
Message-ID: <56127937.2090007@digitalbazaar.com>
On 10/05/2015 08:40 AM, Mike West wrote:
> 2. `FederatedCredentials` do not "go beyond SOP". They are, at the
> moment, hints to an RP that a particular IDP should be queried to
> authenticate a user. The credentials CG does indeed have ideas about
> other credential types that would indeed "go beyond SOP", but those are
> not part of this draft.

Just a quick note:

The Credentials CG attempts to ensure that the SOP is enforced through
the browser by making credential transfer a browser-mediated
conversation, allowing interposition of user consent to information
sharing. The group intends to recommend extensions to the Credential
Management API to accomplish this.

Dave Longley
Digital Bazaar, Inc.
Received on Monday, 5 October 2015 13:21:20 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:52 UTC