Re: Intent to implement: W3C WebAppSec credentialmanagement API

Anne van Kesteren Fri, 11 Mar 2016 09:41:56 -0800

On Fri, Mar 11, 2016 at 6:08 PM,  <[email protected]> wrote:
> That does raise the question, however, of how such a credential differs from, 
> say:
>
> * A cookie
> * A random nonce in localStorage/IDB
> * A non-extractable WebCrypto key


The idea is that these are all less persistent. When you clear
storage/cookies, you don't delete password manager entries. (Which is
also why store() requires UI, if I remember correctly.)


-- 
https://annevankesteren.nl/
_______________________________________________
dev-platform mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-platform

Re: Intent to implement: W3C WebAppSec credentialmanagement API

Reply via email to