W3C home > Mailing lists > Public > public-webappsec@w3.org > April 2018

Re: Proposal: https://example.com/.well-known/modify-credentials

From: Daniel Veditz <dveditz@mozilla.com>
Date: Wed, 4 Apr 2018 12:28:24 -0700
Message-ID: <CADYDTCBNMb1V+ee7pb9QsvEUquVgbFgkQZ4okyidtZLqWSdnCg@mail.gmail.com>
To: John Wilander <wilander@apple.com>
Cc: Brad Hill <hillbrad@gmail.com>, Jeffrey Yasskin <jyasskin@google.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
On Wed, Apr 4, 2018 at 11:25 AM, John Wilander <wilander@apple.com> wrote:

> 1. Are you saying we should have additional well-known locations for these
> additional services?
> 2. Or are you saying we should have requirements on the markup of the page
> you end up on when loading .well-known/modify-credentials?

​My first reaction was that it seemed strange (and limiting!) to have a
working web page at a .well-known address​, and especially strange for a
.well-known address to be a redirect. Are there any others that behave that

If instead it returned data about where to find the password change URL on
the site we could easily add more information, such as the ones Brad
suggested or where to find the programmatic log-in (no web page required)
suggested in Mike's proposal.

​Dan Veditz​
Received on Wednesday, 4 April 2018 19:29:09 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:55:03 UTC