Hey folks!
While re-reading through the Credential Management API, I realized that the
extension mechanisms aren't at all clear. As a thought exercise, I'm mostly
finished with splitting the document into a generic API that defines the
high-level architecture (
https://w3c.github.io/webappsec-credential-management/base.html), and a
document that specifies `PasswordCredential` and `FederatedCredental` as an
extension (
https://w3c.github.io/webappsec-credential-management/sitebound.html).
WDYT? Is this a sane division? Does it actually make the integration points
clearer by forcing us to use them, or is it more confusing than not to have
the pieces in distinct documents?
CCing some specific folks who might be interested.
-mike