W3C home > Mailing lists > Public > public-webappsec@w3.org > October 2015

Re: CredentialManagement

From: Dave Longley <dlongley@digitalbazaar.com>
Date: Mon, 5 Oct 2015 09:20:55 -0400
To: public-webappsec@w3.org
Message-ID: <56127937.2090007@digitalbazaar.com>
On 10/05/2015 08:40 AM, Mike West wrote:
> 2. `FederatedCredentials` do not "go beyond SOP". They are, at the
> moment, hints to an RP that a particular IDP should be queried to
> authenticate a user. The credentials CG does indeed have ideas about
> other credential types that would indeed "go beyond SOP", but those are
> not part of this draft.

Just a quick note:

The Credentials CG attempts to ensure that the SOP is enforced through
the browser by making credential transfer a browser-mediated
conversation, allowing interposition of user consent to information
sharing. The group intends to recommend extensions to the Credential
Management API to accomplish this.


-- 
Dave Longley
CTO
Digital Bazaar, Inc.
Received on Monday, 5 October 2015 13:21:20 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:52 UTC