On Wed, Oct 7, 2015 at 9:30 AM, Steve Faulkner
wrote:
> hi mike, i think you will find your example is in the W3C HTML 5.1:
>
> http://www.w3.org/TR/html51/webappapis.html#creation-url
>
> not saying there aren't other examples that would be concrete.
>
I am pleasantly
On Wed, Oct 7, 2015 at 12:44 AM, Wendy Seltzer wrote:
> A reminder that has come up in some recent transition calls: When moving
> a spec to Candidate Recommendation, we look to see that the normative
> references are to documents of equivalent stability[1] -- ideally, also
>
nced terms are available for review at
https://w3c.github.io/webappsec/specs/powerfulfeatures/#index-defined-elsewhere
.
The deadline for this CfC is one week from today, October 1st. As always,
explicit (positive!) feedback to public-webapp...@w3.org is appreciated!
--
Mike West <mk...@google.co
rs/
[4]: https://w3c.github.io/workers/
--
Mike West <mk...@google.com>, @mikewest
Google Germany GmbH, Dienerstrasse 12, 80331 München,
Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der
Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth
Flores
ithub.com/w3c/webappsec/issues/406> is probably the most
interesting of these.
I'd appreciate feedback on the document, either on public-webapp...@w3.org,
or via GitHub at
https://github.com/w3c/webappsec/issues/new?title=SECURE:%20
--
Mike West <mk...@google.com>, @mikewest
Google Germany
to check with a single consistent style seems like the right
way to go.
--
Mike West mk...@google.com, @mikewest
Google Germany GmbH, Dienerstrasse 12, 80331 München,
Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der
Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine
I'd be fine with this, if it's what folks end up preferring.
That said, throwing/rejecting gives us the opportunity to explain to a
developer _why_ her favorite API isn't available. It's not clear how we'd
help them understand what's going on if we just remove the API entirely.
Consider
.
Brad's .well-known suggestion is interesting. I'm worried about the latency
impacts, but it's probably worth exploring what it would take to add this
kind of thing to the Manifest spec (or some same-origin-limited version
thereof).
-mike
--
Mike West mk...@google.com, @mikewest
Google Germany
of the
other flags would be useful, though.
Ian, WDYT?
-mike
--
Mike West mk...@google.com
Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91
Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
) you want WebApps to review, please
let us know.
http://www.w3.org/TR/2014/WD-mixed-content-20141113/#powerful-features is
certainly very relevant to various specs WebApps is considering. Review and
comments there would be helpful.
--
Mike West mk...@google.com
Google+: https://mkw.st
/public-webapps/2014JulSep/0141.html
[2]:
http://lists.w3.org/Archives/Public/public-web-security/2014Oct/0009.html
--
Mike West mk...@google.com
Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91
Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany
Registergericht und
a new a new CG (although I suppose there
could be some confusion with Manu's Credentials CG
http://www.w3.org/community/credentials/).
I guess that's an option.
--
Mike West mk...@google.com
Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91
Google Germany GmbH
be the right place for short-term
incubation).
Brad suggested that an authentication WG might be spun up out of the
conversations in the recent WebCrypto workshop. Are there concrete plans
for such a group?
Thanks!
-mike
--
Mike West mk...@google.com
Google+: https://mkw.st/+, Twitter
forms of
credentials. It currently defines local and federated credentials
broadly, and vaguely. In spirit, at least, it's following Mozilla's
position paper's call for a box implementations can go in, and is
extensible by design.
--
Mike West mk...@google.com
Google+: https://mkw.st/+, Twitter
complex than IDP's general pick an IDP,
then grant access flows.
I'd like to support both, for what it's worth.
-mike
--
Mike West mk...@google.com
Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91
Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany
Registergericht und
that it actually gets
used.
I agree that this is paramount.
--
Mike West mk...@google.com
Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91
Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft
to `authenticate` by
defining suitable attributes in an IDP manifest, as sketched out at
http://projects.mikewest.org/credentialmanagement/spec/#identity-provider-manifest
.
-mike
--
Mike West mk...@google.com
Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91
Google Germany GmbH
submission.
I'm pretty happy to break that use case, given that the credential API I've
proposed is locked to secure origins. There's no advantage to using
WebCrypto to doubly encrypt the password in this context, and I don't think
it's something we should encourage.
Thanks!
--
Mike West mk
requiring the site to
hold passwords in plaintext.
Is that the kind of use case you're considering?
--
Mike West mk...@google.com
Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91
Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany
Registergericht und -nummer: Hamburg, HRB
Thanks Jacob!
On Fri, Aug 1, 2014 at 6:48 PM, Jacob S Hoffman-Andrews j...@eff.org wrote:
I think the CSP directive is unnecessary and makes things more fragile. The
'protect this credential from XSS' attribute should be a property of a
stored credential, not a web site. If the site has the
the
proposal.
Thanks in advance for your feedback, suggestions, and time. :)
-mike
--
Mike West mk...@google.com
Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91
Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany
Registergericht und -nummer: Hamburg, HRB 86891
Sitz
that on the
assumption that this interface required less knowledge of CSP in order to
usefully include on a page. Should we revisit that question?
Thanks again!
--
Mike West mk...@google.com, Developer Advocate
Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany
Google+: https://mkw.st/+, Twitter
22 matches
Mail list logo