Re: Technical Review of WebAppSec Credential Management API [2/3] (was Re: Overlap with Credentials/Web Payments CG) from Adrian Hope-Bailie on 2015-04-14 (public-webpayments-ig@w3.org from April 2015)

From: Adrian Hope-Bailie <adrian@hopebailie.com>
Date: Tue, 14 Apr 2015 09:31:23 -0700
To: Dave Longley <dlongley@digitalbazaar.com>
Cc: David Ezell <David_E3@verifone.com>, Manu Sporny <msporny@digitalbazaar.com>, Wendy Seltzer <wseltzer@w3.org>, Web Payments IG <public-webpayments-ig@w3.org>
Message-ID: <CA+eFz_J2qTRawvp_j=xibOOKoq=t4afY7NbPtNLSq++GwEhYvA@mail.gmail.com>

+1 - This is what I attempted to say in my previous email. If the API is
changed slightly to support credentials that can be described via
linked-data it will make a marked difference

On 14 April 2015 at 09:11, Dave Longley <dlongley@digitalbazaar.com> wrote:

> On 04/14/2015 11:59 AM, David Ezell wrote:
>
>> And again:
>>
>>> I don't expect anyone's first choice for a credentials API to be one
>>> where you must ask for a
>>> "BetterCredential" object that has the real credentials API on it.
>>>
>> +1 again.  It might be that our ideas about APIs are a little too
>> one-dimensional.
>>
>> The book "RESTful Web APIs" (Richardson, Ammundsen, and Ruby) talks at
>> some length about:
>> 1) Human Driven Clients
>> 2) Automated Clients
>>
>> And makes some assertions about both of these.  (One very interesting
>> point is the importance of rendering Hypermedia Controls faithfully to
>> allow Accessibility; we need to think about this going forward but it's a
>> digression for now.)  Automated clients "carry out simple preprogrammed
>> rulesets that hopefully help them reach some predefined goal."  They list
>> several kinds of such automated clients (crawler, monitor, script, agent)
>> that can be used to accomplish the goals.
>>
>> The above is only an example.  The point is that object polymorphism is
>> not the only way to solve a complex API problem.  Properly constructed
>> metadata (hypermedia) can give concrete "hints" about how to proceed, and
>> moves ultimate control from inside the API "event horizon" to the outside.
>> Smarter people than me will have to figure out how to make this work -
>> exciting to contemplate.
>>
>
> +1, object oriented programming/polymorphism isn't always the best way to
> solve a problem and we shouldn't think that you can always "just extend the
> base class" to solve any problem with ease. We also do prefer, I believe,
> credential extensibility to occur outside of the API, not within it (ie:
> use Linked Data).
>
>
> --
> Dave Longley
> CTO
> Digital Bazaar, Inc.
> http://digitalbazaar.com
>
>

Received on Tuesday, 14 April 2015 16:31:51 UTC