- From: Dave Longley <dlongley@digitalbazaar.com>
- Date: Mon, 5 Oct 2015 09:20:55 -0400
- To: public-webappsec@w3.org
On 10/05/2015 08:40 AM, Mike West wrote: > 2. `FederatedCredentials` do not "go beyond SOP". They are, at the > moment, hints to an RP that a particular IDP should be queried to > authenticate a user. The credentials CG does indeed have ideas about > other credential types that would indeed "go beyond SOP", but those are > not part of this draft. Just a quick note: The Credentials CG attempts to ensure that the SOP is enforced through the browser by making credential transfer a browser-mediated conversation, allowing interposition of user consent to information sharing. The group intends to recommend extensions to the Credential Management API to accomplish this. -- Dave Longley CTO Digital Bazaar, Inc.
Received on Monday, 5 October 2015 13:21:20 UTC