mike west on Credential Management & WebAuthn status

From: Mike West <mkwst@google.com>
Date: Wed, 15 Mar 2017 09:00:58 +0100


 > Credential Management

There's a little bit of movement here, actually, which is nice to see.
WebKit folks sent out an intent to implement 
a little while ago, and private conversations with other vendors are 
mildly encouraging.

Dominic (CC'd) and I have made a vague proposal to the WebAuthn folks 
with the goal of aligning their API with the CM API. I sketched that out 
and the minutes are up at 
<https://www.w3.org/2017/03/08-webauthn-minutes.html>. We're fleshing 
out a more concrete PR against their spec in the hopes of sparking more 
detailed discussion.

As part of that work, we're also thinking about splitting the existing 
CM API document into a high-level generic API on the one hand, and a 
Password/Federated extension on the other, with the goal of making the 
extension points super-clear, and keeping passwords and tokes and etc. 
on the same level. There's a _lot_ in the existing document that really 
only relates to the two credential types we've defined, and we might be 
able to greatly simplify things at the top level by splitting them out. 
Worth exploring, in any event.

Hopefully things will have shaken out a little bit more in a month, and 
we'll have a little more clarity around next steps.


Received on Wednesday, 15 March 2017 19:11:32 UTC