Hey Tess! This seems reasonable to me, and is consistent with our conversation on the topic at TPAC last year ( https://github.com/w3c/webappsec/blob/master/meetings/2019/2019-09-TPAC-minutes.md#well-knownchange-password ). I'd be comfortable adopting this specification, and publishing it as a FPWD. Let's give the working group's members a week to object. If no objections come in by May 12th, I think we could comfortably declare consensus. -mike On Mon, May 4, 2020 at 10:38 PM Theresa O'Connor <hober@apple.com> wrote: > Hi all, > > Currently, if the user of a password manager would like to change their > password on `example.com`, pretty much all password managers can do is > load `example.com` in a browser tab and hope the user can figure out how > to update their password themselves. > > Ricky (CCed) and I have been working on a simple spec in WICG to improve > this situation & to help services discover where on a website users may > change their passwords by defining the `/.well-known/change-password` > well-known resource: > > A Well-Known URL for Changing Passwords > <https://wicg.github.io/change-password-url/> > > We think it's ready to migrate to the standards track somewhere, and > WebAppSec seems like a good fit. > > https://github.com/WICG/change-password-url/issues/18 > > Thoughts? Concerns? > > > Tess > >
Received on Tuesday, 5 May 2020 08:47:15 UTC