On Oct 16, 2014, at 6:47 AM, Shane Tomlinson <[email protected]> wrote:
> For example, If I introduce my wife to the (theoretical) Firefox password > manager that makes it easy for her to sign up to a site with a super strong > password but fails to provide her with a mechanism to sign into that site's > standalone app, she's not going to be very happy with either Firefox or me Apple did something interesting to connect passwords set from within Safari to native apps: http://devstreaming.apple.com/videos/wwdc/2014/506xxeo80e5kykp/506/506_hd_ensuring_continuity_between_your_app_and_web_site.mov?dl=1 http://devstreaming.apple.com/videos/wwdc/2014/506xxeo80e5kykp/506/506_ensuring_continuity_between_your_app_and_web_site.pdf?dl=1 In short: you can provide a list of ‘Associated Domains’ in your native app’s (signed) meta data. When you login to the web application hosted on those domains, Safari asks if you want to remember the password in the Keychain. Then when you run the native app for that site, it knows because of the association that you have remembered your password and you can login to the native app simply by *choosing* an account. No password needed. I think it also works the other way around, when you first login to the native app, you can store the credentials in the keychain together with some domain tags and then Safari will pick those up too. I know .. walled garden .. but they do solve a real concrete problem. That presentation also has some interesting bits about (password) form auto fill … specifically about Change Password dialogs. They talk about supporting some new (W3C defined) autocomplete attribute values to make the intent of forms that deal with passwords more clear: <input type="text" autocomplete="username"> <input type="password" autocomplete="current-password"> <input type="password" autocomplete="new-password"> which is something many sites (and password managers!) get wrong. S.
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Dev-fxacct mailing list [email protected] https://mail.mozilla.org/listinfo/dev-fxacct
