W3C home > Mailing lists > Public > public-webappsec@w3.org > April 2018

Re: Proposal: https://example.com/.well-known/modify-credentials

From: Roustem Karimov <roustem@agilebits.com>
Date: Sun, 8 Apr 2018 14:39:01 -0400
Message-Id: <7BE82CC5-BD20-4E41-ADAF-A4D1BD2A12B6@agilebits.com>
To: public-webappsec@w3.org
I like this proposal because it is straightforward, easy to understand, and easy to implement.

I recognize the desire to have more features, but I am afraid that adding more requirements would decrease the adoption considerably. 

We all have our ideas how the password change should work but there are just too many different ways the services implement it. The truth is that we can't even fully automate login forms today, the "creativity" there is endless. 

We will not be able to have a single spec that describes all possible password change scenarios.

From our perspective, I would rather have a simpler, widely adopted solution that is used as a stepping stone instead of a perfect spec.

Roustem
Founder of AgileBits and 1Password
https://1password.com <https://1password.com/>
1Password remembers all your passwords for you and keeps you safe behind the one password that only you know.
Received on Monday, 9 April 2018 08:32:07 UTC

This archive was generated by hypermail 2.3.1 : Monday, 9 April 2018 08:32:08 UTC