On Apr 10, 2018, at 1:08 AM, Mike West <mkwst@google.com> wrote: > If you're interested in doing something small today (and it sounds like Jeff at AgileBits is similarly inclined), then I'd suggest that we do something that's forward-compatible with something more robust tomorrow. Absolutely. I want something that is dead easy to adopt today by site developers/maintainers. But I want to also treat this is a foot in the door for encouraging a more robust system to follow. The simple thing that we get people to use now should be extensible. > For example, you could reserve a nested path for the change redirect you initially proposed (something like `/.well-known/credentials/modification-form`), and reserve the parent (`/.well-known/credentials/`) for future use. This leaves room for a more interestingly complicated solution in the future (perhaps a manifest of some sort could live at that URL, which browsers could consume?), while enabling baby steps today. Yep. > I think I agree with mnot@, by the way, that it would be totally possible to build in some hidden metadata to each sign-in form which passed information about change forms to a password manager. My intuition is that that would have lower adoption by developers, as it would require actual changes to their application, rather than the injection of a redirect at a higher layer. I share your intuition. -j
Received on Thursday, 12 April 2018 16:24:07 UTC