- From: Mike West <mkwst@google.com>
- Date: Fri, 24 Apr 2015 10:48:44 +0200
- To: Manu Sporny <msporny@digitalbazaar.com>
- Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
- Message-ID: <CAKXHy=foghh+Pq97eP69aXa+mk6YEtjUarEnKOK8woJ1YoPj1g@mail.gmail.com>
On Thu, Apr 23, 2015 at 6:17 PM, Manu Sporny <msporny@digitalbazaar.com> wrote: > > The thought right now is to propose a complete API that we believe would > work for all three affected groups at W3C and see if it could be > workable. I'm looking forward to your proposals. Are there any strawman docs floating around? For example, you stated that you weren't interested in working > on cross-origin credentials. That, however, is exactly what we need for > the work we're doing. I think we agreed at the top of this thread that the goal for this document is "don't box ourselves out of a nice API for this in the future". My trepidations at the security and privacy properties of cross-origin credentials aside, that seems like what we ought to be aiming for. So, W3C needs to figure out if they're going to think about/support > cross-origin credentials I don't think resolution on that conversation is a requirement for progress on this spec. that conversation isn't going to play out in a weeks time. > What's the timeframe you're aiming for? -mike -- Mike West <mkwst@google.com>, @mikewest Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth Flores (Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
Received on Friday, 24 April 2015 08:49:33 UTC