Intent to Implement: Credential Management API
62 views
Skip to first unread message
Mike West
Aug 5, 2014, 6:03:02 AM8/5/14
to blink-dev
# Contact emails
mk...@chromium.org
# Spec
http://projects.mikewest.org/credentialmanagement/spec/
(This is a personal draft, and hasn't yet been accepted by any official working group. I've proposed the spec to the WebApps WG at http://lists.w3.org/Archives/Public/public-webapps/2014JulSep/0141.html, but it's not clear whether that's the right group from a charter/process perspective. The Chair is going to get back with me.)
# Summary
The proposal describes an imperative API enabling a website to request a user’s credentials in order to sign them in, and to help the user agent correctly store user credentials for future use. In short, it enables cooperation between a website and Blink's embedder's password manager.
# Motivation
Use cases described briefly at http://projects.mikewest.org/credentialmanagement/spec/#use-cases and at more length in http://projects.mikewest.org/credentialmanagement/usecases/.
# Compatibility Risk
We're still in the experimental/specification phase of discussion. I've has some promising backchannel discussions with folks at Mozilla and Opera, and I expect the API to morph as other vendors take a closer look at how it would interact with their password managers, and as as we decide together which use cases the API really needs to address.
# Will this feature be supported on all five Blink platforms (Windows, Mac, Linux, Chrome OS and Android)?
mk...@chromium.org
# Spec
http://projects.mikewest.org/credentialmanagement/spec/
(This is a personal draft, and hasn't yet been accepted by any official working group. I've proposed the spec to the WebApps WG at http://lists.w3.org/Archives/Public/public-webapps/2014JulSep/0141.html, but it's not clear whether that's the right group from a charter/process perspective. The Chair is going to get back with me.)
# Summary
The proposal describes an imperative API enabling a website to request a user’s credentials in order to sign them in, and to help the user agent correctly store user credentials for future use. In short, it enables cooperation between a website and Blink's embedder's password manager.
# Motivation
Use cases described briefly at http://projects.mikewest.org/credentialmanagement/spec/#use-cases and at more length in http://projects.mikewest.org/credentialmanagement/usecases/.
# Compatibility Risk
We're still in the experimental/specification phase of discussion. I've has some promising backchannel discussions with folks at Mozilla and Opera, and I expect the API to morph as other vendors take a closer look at how it would interact with their password managers, and as as we decide together which use cases the API really needs to address.
I intend to put together an initial implementation of what's currently in the spec to inform the spec discussions, but this isn't something we'd want to ship to the web without agreement from other vendors.
# Ongoing technical constraints
My expectation is that the Blink-side of this code will be a fairly thin module, plus a few new platform methods for the embedder to implement. It should not require any specific architecture, only that the embedder implements a credential manager of some sort.
# Ongoing technical constraints
My expectation is that the Blink-side of this code will be a fairly thin module, plus a few new platform methods for the embedder to implement. It should not require any specific architecture, only that the embedder implements a credential manager of some sort.
# Will this feature be supported on all five Blink platforms (Windows, Mac, Linux, Chrome OS and Android)?
Yes.
# OWP launch tracking bug?
https://crbug.com/400674 (this isn't an OWP launch tracking bug, just a feature bug. I don't believe we're far enough along with the spec work for a launch bug)
# Link to entry on the feature dashboard
http://www.chromestatus.com/features/5026422640869376
# Requesting approval to ship?
No. No, no, no. No. :)
# OWP launch tracking bug?
https://crbug.com/400674 (this isn't an OWP launch tracking bug, just a feature bug. I don't believe we're far enough along with the spec work for a launch bug)
# Link to entry on the feature dashboard
http://www.chromestatus.com/features/5026422640869376
# Requesting approval to ship?
No. No, no, no. No. :)
Apart from the ongoing discussion with other vendors in order to land on an implementation we agree upon, this feature will require a good deal of experimentation with UI, and interaction with the existing password manager's behavior. I don't expect to ship it any time soon.
-mike
-mike
Jochen Eisinger
Aug 5, 2014, 1:27:42 PM8/5/14
to Mike West, blink-dev
On Tue, Aug 5, 2014 at 12:00 PM, Mike West <mk...@chromium.org> wrote:
# Contact emails
mk...@chromium.org
# Spec
http://projects.mikewest.org/credentialmanagement/spec/
(This is a personal draft, and hasn't yet been accepted by any official working group. I've proposed the spec to the WebApps WG at http://lists.w3.org/Archives/Public/public-webapps/2014JulSep/0141.html, but it's not clear whether that's the right group from a charter/process perspective. The Chair is going to get back with me.)
# Summary
The proposal describes an imperative API enabling a website to request a user’s credentials in order to sign them in, and to help the user agent correctly store user credentials for future use. In short, it enables cooperation between a website and Blink's embedder's password manager.
# Motivation
Use cases described briefly at http://projects.mikewest.org/credentialmanagement/spec/#use-cases and at more length in http://projects.mikewest.org/credentialmanagement/usecases/.
# Compatibility Risk
We're still in the experimental/specification phase of discussion. I've has some promising backchannel discussions with folks at Mozilla and Opera, and I expect the API to morph as other vendors take a closer look at how it would interact with their password managers, and as as we decide together which use cases the API really needs to address.I intend to put together an initial implementation of what's currently in the spec to inform the spec discussions, but this isn't something we'd want to ship to the web without agreement from other vendors.
# Ongoing technical constraints
My expectation is that the Blink-side of this code will be a fairly thin module, plus a few new platform methods for the embedder to implement. It should not require any specific architecture, only that the embedder implements a credential manager of some sort.
We discussed this at the API owner meeting today. Assuming that this feature will be contained in a module with minimal or no impact on core, LGTM to implement.
best
-jochen
Reply all
Reply to author
Forward
0 new messages