Re: Proposal:

On Apr 10, 2018, at 1:08 AM, Mike West <> wrote:

> If you're interested in doing something small today (and it sounds like Jeff at AgileBits is similarly inclined), then I'd suggest that we do something that's forward-compatible with something more robust tomorrow.

Absolutely. I want something that is dead easy to adopt today by site developers/maintainers. But I want to also treat this is a foot in the door for encouraging a more robust system to follow. The simple thing that we get people to use now should be extensible.

> For example, you could reserve a nested path for the change redirect you initially proposed (something like `/.well-known/credentials/modification-form`), and reserve the parent (`/.well-known/credentials/`) for future use. This leaves room for a more interestingly complicated solution in the future (perhaps a manifest of some sort could live at that URL, which browsers could consume?), while enabling baby steps today.


> I think I agree with mnot@, by the way, that it would be totally possible to build in some hidden metadata to each sign-in form which passed information about change forms to a password manager. My intuition is that that would have lower adoption by developers, as it would require actual changes to their application, rather than the injection of a redirect at a higher layer.

I share your intuition.


Received on Thursday, 12 April 2018 16:24:07 UTC