On 3/14/16 3:01 PM, Martin Thomson wrote:
The actual benefit is something that is only realized once a site puts in the effort required. That is small, yes, but we're seeing sites actively avoid password managers, hence the aggressive heuristics, and rAC is much more likely to work for that, since it's implemented and deployed already.
This is the key issue, IMO, which makes me not interested in having Firefox implement this API.
Far too many sites either simply don't care about user password management (ie, they do problematic things that could easily be fixed), or actively take steps to intentionally break password managers. In the past we considered this an advocacy/evangelism problem, and it was deemed the site's responsibility to play nice. That's worked poorly, and sucks for users. We now believe that we have to assume a adversarial environment: it's our job to serve as the user's agent and do whatever it takes to work on a site.
If there's interest in assisting sites that want to play nice, I think it would be better to start with documenting a set of cross-browser "best practices" that they can follow, for the standards and implementations that exist today.
I'd also note that Mozilla Labs tried going down a similar path in the past, with Account Manager -- see https://hacks.mozilla.org/2010/04/account-manager-coming-to-firefox/. The team involved in that did a _lot_ of outreach with sites and web developers. I remember it as having a somewhat tepid reception... Especially around sites not wanting to cede any UX control to the browser in the signup/login/logout experience, and some industries being very disinterested doing anything beyond what was mandated by regulations (ie, they saw doing anything outside their rulebook as adding legal risk).
Justin _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
