Migrating "A Well-Known URL for Changing Passwords" to WebAppSec from WICG from Theresa O'Connor on 2020-05-04 (public-webappsec@w3.org from May 2020)

From: Theresa O'Connor <hober@apple.com>
Date: Mon, 04 May 2020 13:36:15 -0700
To: public-webappsec@w3.org
Cc: Ricky Mondello <rmondello@apple.com>
Message-id: <m25zdbcu9s.fsf@toconnor-imac-18-3.lan>

Hi all,

Currently, if the user of a password manager would like to change their
password on `example.com`, pretty much all password managers can do is
load `example.com` in a browser tab and hope the user can figure out how
to update their password themselves.

Ricky (CCed) and I have been working on a simple spec in WICG to improve
this situation & to help services discover where on a website users may
change their passwords by defining the `/.well-known/change-password`
well-known resource:

    A Well-Known URL for Changing Passwords
    <https://wicg.github.io/change-password-url/>

We think it's ready to migrate to the standards track somewhere, and
WebAppSec seems like a good fit.

    https://github.com/WICG/change-password-url/issues/18

Thoughts? Concerns?


Tess

Received on Monday, 4 May 2020 20:36:28 UTC