W3C home > Mailing lists > Public > public-webappsec@w3.org > April 2018

RE: Proposal: https://example.com/.well-known/modify-credentials

From: Mike O'Neill <michael.oneill@baycloud.com>
Date: Wed, 4 Apr 2018 20:46:35 +0100
To: "'Daniel Veditz'" <dveditz@mozilla.com>, "'John Wilander'" <wilander@apple.com>
Cc: "'Brad Hill'" <hillbrad@gmail.com>, "'Jeffrey Yasskin'" <jyasskin@google.com>, <public-webappsec@w3.org>
Message-ID: <547f01d3cc4d$a4317890$ec9469b0$@baycloud.com>
The DNT tracking status resource at /.well-known/dnt/ can be a redirect see https://w3c.github.io/dnt/drafts/tracking-dnt.html#status-resource

 

From: Daniel Veditz <dveditz@mozilla.com> 
Sent: 04 April 2018 20:28
To: John Wilander <wilander@apple.com>
Cc: Brad Hill <hillbrad@gmail.com>; Jeffrey Yasskin <jyasskin@google.com>; public-webappsec@w3.org
Subject: Re: Proposal: https://example.com/.well-known/modify-credentials

 

On Wed, Apr 4, 2018 at 11:25 AM, John Wilander <wilander@apple.com <mailto:wilander@apple.com> > wrote:

1. Are you saying we should have additional well-known locations for these additional services?

2. Or are you saying we should have requirements on the markup of the page you end up on when loading .well-known/modify-credentials?

 

​My first reaction was that it seemed strange (and limiting!) to have a working web page at a .well-known address​, and especially strange for a .well-known address to be a redirect. Are there any others that behave that way?

 

If instead it returned data about where to find the password change URL on the site we could easily add more information, such as the ones Brad suggested or where to find the programmatic log-in (no web page required) suggested in Mike's proposal.

 

-

​Dan Veditz​

 
Received on Wednesday, 4 April 2018 19:47:13 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 4 April 2018 19:47:14 UTC