Re: Splitting "Credential Management"?

some thoughts wrt the original experiment of splitting credman up  (ie this thread up thru 17-Mar-2017):

>> On Thu, Mar 16, 2017 at 6:26 AM, Mike West <mkwst@google.com> wrote: 
>> Hey folks!
>> 
>> While re-reading through the Credential Management API, I realized
>> that the extension mechanisms aren't at all clear. As a thought
>> exercise, I'm mostly finished with splitting the document into a
>> generic API that defines the high-level architecture
>> <https://w3c.github.io/webappsec-credential-management/base.html>,
>> and a document that specifies `PasswordCredential` and
>> `FederatedCredental` as an extension
>> <https://w3c.github.io/webappsec-credential-management/sitebound.html>.
>>
>>  WDYT? Is this a sane division? Does it actually make the integration
>> points clearer by forcing us to use them, or is it more confusing
>> than not to have the pieces in distinct documents?


On 3/17/17, 7:40 PM, "Jeffrey Yasskin" <jyasskin@google.com> wrote:
>
> 3 thoughts here:
> 
> 1) I strongly approve of you using the extension points to define the
> initial credential types. Without doing this, it'd be hard for an
> extender to use the extension points as you intended, even if you
> managed to get them right. 

agreed.


> I think it's less important to put the
> initial extensions in a separate document, although doing so does
> force you to figure out how future extensions will be registered.

Although, if WebAuthn is adds credman as a dependency <https://github.com/w3c/webauthn/pull/384>,
then from a timeline perspective it may be more expeditious to have credman divided into "base" and "password+Fed" (nee 'sitebound'), as he proposed in his original msg above. Thus we (WebAppSec+WebAuthn) can concentrate on progressing credman base and webauthn, and hopefully any issues particular to the "password+Fed" spec will not slow down the former specs. 

HTH,

=JeffH

Received on Wednesday, 5 April 2017 15:59:17 UTC