- From: =JeffH <Jeff.Hodges@KingsMountain.com>
- Date: Wed, 15 Mar 2017 12:10:52 -0700
- To: W3C Web Authn WG <public-webauthn@w3.org>
From: Mike West <mkwst@google.com> Date: Wed, 15 Mar 2017 09:00:58 +0100 https://lists.w3.org/Archives/Public/public-webappsec/2017Mar/0015.html [...] > Credential Management > There's a little bit of movement here, actually, which is nice to see. WebKit folks sent out an intent to implement <https://lists.webkit.org/pipermail/webkit-dev/2017-January/028684.html> a little while ago, and private conversations with other vendors are mildly encouraging. Dominic (CC'd) and I have made a vague proposal to the WebAuthn folks with the goal of aligning their API with the CM API. I sketched that out in <https://docs.google.com/presentation/d/1fqlBb_pyXvPRYYwDy1-PT0gX9mB7biB67mKZN834ya4> and the minutes are up at <https://www.w3.org/2017/03/08-webauthn-minutes.html>. We're fleshing out a more concrete PR against their spec in the hopes of sparking more detailed discussion. As part of that work, we're also thinking about splitting the existing CM API document into a high-level generic API on the one hand, and a Password/Federated extension on the other, with the goal of making the extension points super-clear, and keeping passwords and tokes and etc. on the same level. There's a _lot_ in the existing document that really only relates to the two credential types we've defined, and we might be able to greatly simplify things at the top level by splitting them out. Worth exploring, in any event. Hopefully things will have shaken out a little bit more in a month, and we'll have a little more clarity around next steps. -mike
Received on Wednesday, 15 March 2017 19:11:32 UTC