On 2016-03-18 7:22 AM, Mike West wrote:
On Thu, Mar 17, 2016 at 10:04 PM, Justin Dolske <dol...@mozilla.com> wrote:
On 3/14/16 3:01 PM, Martin Thomson wrote:
The actual benefit is something that is only realized once a site puts
in the effort required. That is small, yes, but we're seeing sites
actively avoid password managers, hence the aggressive heuristics, and
rAC is much more likely to work for that, since it's implemented and
deployed already.
This is the key issue, IMO, which makes me not interested in having
Firefox implement this API.
My understanding of the objections Martin and Matt have outlined are that
they're not interested in _this spelling_ of the API, and would prefer that
it be spelled using `requestAutocomplete`.
Far too many sites either simply don't care about user password management
(ie, they do problematic things that could easily be fixed), or actively
take steps to intentionally break password managers. In the past we
considered this an advocacy/evangelism problem, and it was deemed the
site's responsibility to play nice. That's worked poorly, and sucks for
users. We now believe that we have to assume a adversarial environment:
it's our job to serve as the user's agent and do whatever it takes to work
on a site.
Sure. Heuristics should continue to work, and I agree 100% that they should
be aggressive enough to trigger on sites that are actively disinterested in
allowing password managers. I don't see that as being at odds with allowing
a site to explicitly integrate with the user's password manager if they
decide to do so.
With the explicit understanding that I don't work at Mozilla, and that
y'all's prioritization is very much yours to set, this sounds like a good
argument for investing effort in those heuristics. It doesn't sound like an
argument against accepting the contribution that Axel is offering.
Coupled with what Justin and Martin said above about adoption (which I
also expressed), I don't see how it makes sense for us to add more
complexity to that system. If this was a replacement or alternative to
the heuristics (like it would be if built on rAc) then it makes more
sense (rAc is mostly independent of the password manager heuristics) to
pursue but that's not how I see the interaction with the current spec
and password manager.
If there's interest in assisting sites that want to play nice, I think it
would be better to start with documenting a set of cross-browser "best
practices" that they can follow, for the standards and implementations that
exist today.
I agree that we should do this regardless.
https://www.chromium.org/developers/design-documents/form-styles-that-chromium-understands
exists, for instance, and I'm sure Mozilla has a similar page somewhere.
Perhaps it would be worthwhile to collaborate on something more visible?
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
