(I'd originally sent this just to the folks on to: and cc:. Art reminded me that public is better, so I'm resending to public-webapps@, and BCCing public-webappsec@ for visibility).
Hello, chairs of the WebApps, WebAppSec, and WebCrypto WGs! On Friday, I had an encouraging discussion with Jonas Sicking (CC'd) about the Credential Management API proposed a month or so ago on WebApps ( http://mikewest.github.io/credentialmanagement/spec/). Chrome has started experimenting with an implementation, and though we're nowhere near even considering shipping it, I'd like to make sure that our implementation doesn't get too far out ahead of the spec process. I think it's fair to say that Mozilla is interested in continuing the discussion around the short-term and long-term goals of such an API in an appropriate venue. I'd like your collective opinion about what that venue might be. WebApps seems like the right place just in terms of having the right people involved. It would require a recharter, however, and it's not clear to me that that would be a worthwhile use of folks' time. Both WebCrypto and WebAppSec are in the process of rechartering, which resolves that potential issue, but neither really seems to be appropriate, as they're concerned with aspects other than credentials and authentication. There's a credentials community group that has nothing to do with the proposal, and given the weak IPR protections of a CG, I'd prefer to avoid them in the long run (though they might be the right place for short-term incubation). Brad suggested that an authentication WG might be spun up out of the conversations in the recent WebCrypto workshop. Are there concrete plans for such a group? Thanks! -mike -- Mike West <mk...@google.com> Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91 Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany Registergericht und -nummer: Hamburg, HRB 86891 Sitz der Gesellschaft: Hamburg Geschäftsführer: Graham Law, Christine Elizabeth Flores (Sorry; I'm legally required to add this exciting detail to emails. Bleh.)