W3C home > Mailing lists > Public > public-webauthn@w3.org > March 2017

mike west on Credential Management & WebAuthn status

From: =JeffH <Jeff.Hodges@KingsMountain.com>
Date: Wed, 15 Mar 2017 12:10:52 -0700
To: W3C Web Authn WG <public-webauthn@w3.org>
Message-ID: <4e3b7842-2f1f-3468-dd45-3321a162a101@KingsMountain.com>
From: Mike West <mkwst@google.com>
Date: Wed, 15 Mar 2017 09:00:58 +0100
https://lists.w3.org/Archives/Public/public-webappsec/2017Mar/0015.html

[...]

 > Credential Management
 >

There's a little bit of movement here, actually, which is nice to see.
WebKit folks sent out an intent to implement 
<https://lists.webkit.org/pipermail/webkit-dev/2017-January/028684.html> 
a little while ago, and private conversations with other vendors are 
mildly encouraging.

Dominic (CC'd) and I have made a vague proposal to the WebAuthn folks 
with the goal of aligning their API with the CM API. I sketched that out 
in 
<https://docs.google.com/presentation/d/1fqlBb_pyXvPRYYwDy1-PT0gX9mB7biB67mKZN834ya4> 
and the minutes are up at 
<https://www.w3.org/2017/03/08-webauthn-minutes.html>. We're fleshing 
out a more concrete PR against their spec in the hopes of sparking more 
detailed discussion.

As part of that work, we're also thinking about splitting the existing 
CM API document into a high-level generic API on the one hand, and a 
Password/Federated extension on the other, with the goal of making the 
extension points super-clear, and keeping passwords and tokes and etc. 
on the same level. There's a _lot_ in the existing document that really 
only relates to the two credential types we've defined, and we might be 
able to greatly simplify things at the top level by splitting them out. 
Worth exploring, in any event.

Hopefully things will have shaken out a little bit more in a month, and 
we'll have a little more clarity around next steps.

-mike
Received on Wednesday, 15 March 2017 19:11:32 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:25 UTC