W3C home > Mailing lists > Public > public-webappsec@w3.org > March 2017

Splitting "Credential Management"?

From: Mike West <mkwst@google.com>
Date: Thu, 16 Mar 2017 14:26:40 +0100
Message-ID: <CAKXHy=cuvgW8jEcHi2pHABOG_jGnFbidEkbTnXNEo+stsJSVpw@mail.gmail.com>
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Cc: Dominic Battre <battre@google.com>, Václav Brožek <vabr@google.com>, Angelo Liao <huliao@microsoft.com>, pdolanjski@mozilla.com, Daniel Bates <dbates@webkit.org>
Hey folks!

While re-reading through the Credential Management API, I realized that the
extension mechanisms aren't at all clear. As a thought exercise, I'm mostly
finished with splitting the document into a generic API that defines the
high-level architecture (
https://w3c.github.io/webappsec-credential-management/base.html), and a
document that specifies `PasswordCredential` and `FederatedCredental` as an
extension (
https://w3c.github.io/webappsec-credential-management/sitebound.html).

WDYT? Is this a sane division? Does it actually make the integration points
clearer by forcing us to use them, or is it more confusing than not to have
the pieces in distinct documents?

CCing some specific folks who might be interested.

-mike
Received on Thursday, 16 March 2017 13:27:33 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:22 UTC