w3c/webappsec-credential-management Issues

Last updated May 18, 2024, 5:57:04 AM UTC.

This repository doesn't have the Priority: Eventually label that's used to mark an issue as triaged without giving it an SLO. Until that's added, this summary uses heuristics to guess if each issue has been triaged.

Untriaged

Try to triage issues within . [ More Info ]

Issue Title Within SLO On maintainers' plates for Time left Time past SLO
#2 CREDENTIAL: requestAutocomplete can already provide local credentials
#3 CREDENTIAL: Reconsider the top-level browsing context limitation.
#4 CREDENTIAL: Generic matching algorithm
#5 CREDENTIAL: Give clear implementation advice.
#6 CREDENTIAL: Apply hash functions before POSTing passwords?
#7 CREDENTIAL: Use a generic matching algorithm that would work for custom Credentials types
#8 CREDENTIAL: Credential scope should not be limited to login
#16 Remove the `PasswordCredential` constructor taking a `PasswordCredentialData` in favour of the form version
#18 Note that a UA may create a new credential from the selection UI
#19 Consider assigning an `HTMLFormElement` to `.additionalData`
#32 PasswordCredential(HTMLFormElement form) Constructor not very robust
#57 Get APA review before CR
#58 Security Considerations section should contain additional guidance
#66 PSL issue: only PSL match on unmediated==false
#67 PSL issue: Unify collected credentials
#81 Describe the relationship of our terminology to RFC4949
#97 PasswordCredential(HTMLFormElement form) constructor inherently racey
#99 Extensibility via "Credential Handlers"
#101 RFC2119 terms upper-cased tho "document conventions" says otherwise
#106 origins are just "serialized"
#109 Editorial cleanups in section "2.3 navigator.credentials"
#118 Shouldn't be touching settings objects in parallel
#126 input type file as iconURL
#127 Steps in 2.5.1. should not be run in parallel
#129 create-a-cred and request-a-cred ought to return only a cred or error
#132 FormData creation in "Create a PasswordCredential from an HTMLFormElement"
#134 note considerations wrt credential processing in private/incognito context
#135 feature policy for the various credential types: per-credential? all-included?
#137 finish PR #100: update "request a credential" algorithm
#141 Feature Request: Ability to store public/private keys from crypto.subtle.generateKey
#146 Emails field
#148 NULL or DOMException
#150 Question about usage of the federated credentials.
#151 Would it be possible to add an example for navigator.credentials.create usage?
#152 Enable a new CryptoKey Credential to provide a possession factor
#154 section 5.2. Requiring User Mediation, point 1: should be return `true`
#166 Replace "a priori authenticated URL" with "potentially trustworthy URL"
#177 Do not reference EventLoop objects from "In parallel" sections
#179 change all numbered steps in the bikeshed source to be "1."
#180 update all <a ...> anchors to use bikeshed shortcuts like [=
#184 Add "policy controlled feature tokens" column to "Credential Types Registry"
#192 Make [[Create]] consistently create its Credentials from a task
#194 add concept of credential source backup (sync)
#210 Pass global object to DiscoverFromExternalSource
#211 DiscoverFromExternalSource setup needs some fixes
#216 Prevent silent access flag proposed changes
#217 Allow mediation to work for non-collected credentials
#220 Consider web extension API
#222 Replace iff
#225 Mediation parameter for credential creation
#227 Fully active checks?
#228 Common checks