W3C home > Mailing lists > Public > public-webappsec@w3.org > April 2018

Re: Proposal: https://example.com/.well-known/modify-credentials

From: Jeff Goldberg <jeff@agilebits.com>
Date: Fri, 6 Apr 2018 14:01:56 -1000
Message-Id: <C0EB5879-259A-4C58-8EC9-A64B03E2DA06@agilebits.com>
To: public-webappsec@w3.org
Mike West <mkwst@google.com> wrote:

> I share Brad's opinion that it would be possible to do a bit more if we have server-side cooperation, and that there's real value in creating more opportunities for that kind of cooperation. I'd sketched out an automated password-changing mechanism a while back ( 
> https://mikewest.github.io/change-password/), which might be a reasonable place to start the conversation for something more robust if that's something in which folks end up being interested.

I completely agree that we can do more and I really want to see that. I was, indeed, thinking of your proposal when I spoke of previous attempts that were never acted on.

So I would love to see (something very much like) what you propose be available as an option. But I like offering sites the ability to add the well-known file without having to change anything else they do. I believe that that is the only way we would ever get a hint of a smidgen of initial adoption.

I think we can do both, but we also want something that is useful and dead easy for services to adopt.



Jeffrey Goldberg
Chief Defender Against the Dark Arts @ AgileBits

Received on Monday, 9 April 2018 08:32:02 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:55:03 UTC