w3c/webappsec-credential-management Issues

Last updated Nov 23, 2024, 5:56:43 AM UTC.

This repository doesn't have the Priority: Eventually label that's used to mark an issue as triaged without giving it an SLO. Until that's added, this summary uses heuristics to guess if each issue has been triaged.

59 out-of-SLO untriaged issues

Untriaged

Try to triage issues within 7 days. [ More Info ]

Issue	Title	Within SLO	On maintainers' plates for	Time past SLO
#2	CREDENTIAL: requestAutocomplete can already provide local credentials	❌	9.1 years	9.1 years
#3	CREDENTIAL: Reconsider the top-level browsing context limitation.	❌	9.1 years	9.1 years
#4	CREDENTIAL: Generic matching algorithm	❌	9.1 years	9.1 years
#5	CREDENTIAL: Give clear implementation advice.	❌	9.1 years	9.1 years
#6	CREDENTIAL: Apply hash functions before POSTing passwords?	❌	9.1 years	9.1 years
#7	CREDENTIAL: Use a generic matching algorithm that would work for custom Credentials types	❌	9.1 years	9.1 years
#8	CREDENTIAL: Credential scope should not be limited to login	❌	9.1 years	9.1 years
#16	Remove the `PasswordCredential` constructor taking a `PasswordCredentialData` in favour of the form version	❌	8.5 years	8.5 years
#18	Note that a UA may create a new credential from the selection UI	❌	8.5 years	8.5 years
#19	Consider assigning an `HTMLFormElement` to `.additionalData`	❌	8.5 years	8.5 years
#32	PasswordCredential(HTMLFormElement form) Constructor not very robust	❌	7.9 years	7.9 years
#57	Get APA review before CR	❌	7.8 years	7.8 years
#58	Security Considerations section should contain additional guidance	❌	7.8 years	7.8 years
#66	PSL issue: only PSL match on unmediated==false	❌	7.6 years	7.6 years
#67	PSL issue: Unify collected credentials	❌	7.6 years	7.6 years
#81	Describe the relationship of our terminology to RFC4949	❌	7.6 years	7.6 years
#97	PasswordCredential(HTMLFormElement form) constructor inherently racey	❌	7.3 years	7.3 years
#99	Extensibility via "Credential Handlers"	❌	7.3 years	7.3 years
#101	RFC2119 terms upper-cased tho "document conventions" says otherwise	❌	7.2 years	7.2 years
#106	origins are just "serialized"	❌	7.1 years	7.1 years
#109	Editorial cleanups in section "2.3 navigator.credentials"	❌	7.1 years	7.1 years
#118	Shouldn't be touching settings objects in parallel	❌	6.8 years	6.8 years
#126	input type file as iconURL	❌	6.3 years	6.3 years
#127	Steps in 2.5.1. should not be run in parallel	❌	6.3 years	6.2 years
#129	create-a-cred and request-a-cred ought to return only a cred or error	❌	6.1 years	6.1 years
#132	FormData creation in "Create a PasswordCredential from an HTMLFormElement"	❌	5.8 years	5.8 years
#134	note considerations wrt credential processing in private/incognito context	❌	5.7 years	5.7 years
#135	feature policy for the various credential types: per-credential? all-included?	❌	5.6 years	5.5 years
#137	finish PR #100: update "request a credential" algorithm	❌	5.5 years	5.5 years
#141	Feature Request: Ability to store public/private keys from crypto.subtle.generateKey	❌	5.3 years	5.2 years
#146	Emails field	❌	4.5 years	4.5 years
#148	NULL or DOMException	❌	4.4 years	4.4 years
#150	Question about usage of the federated credentials.	❌	4.1 years	4.1 years
#151	Would it be possible to add an example for navigator.credentials.create usage?	❌	4.1 years	4.1 years
#152	Enable a new CryptoKey Credential to provide a possession factor	❌	4.1 years	4.1 years
#154	section 5.2. Requiring User Mediation, point 1: should be return `true`	❌	3.8 years	3.8 years
#177	Do not reference EventLoop objects from "In parallel" sections	❌	3 years	3 years
#179	change all numbered steps in the bikeshed source to be "1."	❌	3 years	3 years
#184	Add "policy controlled feature tokens" column to "Credential Types Registry"	❌	2.9 years	2.9 years
#192	Make [[Create]] consistently create its Credentials from a task	❌	2.8 years	2.8 years
#194	add concept of credential source backup (sync)	❌	2.7 years	2.7 years
#210	Pass global object to DiscoverFromExternalSource	❌	2 years	2 years
#211	DiscoverFromExternalSource setup needs some fixes	❌	1.9 years	1.8 years
#216	Prevent silent access flag proposed changes	❌	1.6 years	1.6 years
#217	Allow mediation to work for non-collected credentials	❌	1.5 years	1.5 years
#220	Consider web extension API	❌	1.4 years	1.4 years
#228	Common checks	❌	8.7 months	8.4 months
#227	Reaction/recheck to non-fully active documents	❌	8.6 months	8.4 months
#247	Aborting and the AbortSignal does seem to be fully handled	❌	4 months	3.8 months
#248	User mediation is credential type based	❌	4 months	3.8 months
#251	Add test for calling non-fully-active .store() / add automation?	❌	3.9 months	3.6 months
#254	The "ask the user to choose a Credential" should talk about top origin	❌	3.4 months	3.1 months
#257	Throw a InvalidStateError when hitting multiple in-progress credential requests?	❌	3 months	2.8 months
#259	Unclear `relevant credential interface objects` in section 2.3.1	❌	2.9 months	2.7 months
#260	Missing tasks in parallel steps in Credential Management Level 1	❌	2.6 months	2.3 months
#262	Add feature detection for credential type mixing	❌	1.9 months	1.7 months
#263	Allow credential types to specify user activation requirements	❌	1.9 months	1.7 months
#264	Make order of checking abort signal in "create algorithm" match "request algorithm"	❌	1.5 months	1.3 months
#265	Key active credential types by top-level browsing context	❌	1.1 months	3.6 weeks