Re: WebAppSec Credentials Management API FPWD consensus plan

(bcc: Web Payments IG, Credentials CG)

On 04/21/2015 02:37 AM, Mike West wrote:
> Based on the discussion in 
> and, it sounds like
> we've worked things out in the current draft 
> ( in 
> enough detail to proceed with the FPWD. Is that your take on things 
> as well, Manu?

Yes, please proceed with the FPWD. (sorry, I've been in transit or
would've replied sooner).

To be clear, we're skeptical that the current form of the API lends
itself well to the type of extension we'd like to perform. We can do it,
but every approach we've tried thus far feels like a hack and we'd
probably end up defining a new API rather than extending the one
currently defined (clearly, that's not a good thing and we want to avoid

That said, it's on the Credentials CG and Web Payments IG to propose the
sorts of data structures and APIs that we see as ideal and now that it's
clear that the WebAppSec group intends to coordinate with those two
other groups, I'm happy to support publication of the FPWD.

Thanks to Mike, Brad, Dan, and Wendy for moving quickly to address the
concerns that were raised.

-- manu

Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
Founder/CEO - Digital Bazaar, Inc.
blog: High-Stakes Credentials and Web Login

Received on Thursday, 23 April 2015 15:26:13 UTC