Consider removal of FederatedCredential

[lukewarlow]

Apologies if I'm misunderstanding this but I believe the FedCM API supersedes the existing FederatedCredential type.

Should the existing FederatedCredential type be removed from this spec? Or at least call out the existence of FedCM's IdentityCredential?

[nsatragno]

Chrome supports the classic FederatedCredential, so we should not remove it from the spec. FedCM and FederatedCredential are quite different.

(What we really should do is move both FederatedCredential and PasswordCredential into their own specs. This is how webotp, webauthn, and fedcm are organized. Then, we could move the core Credential Management up the recommendation track and let browsers implement credential types independently which better matches reality.)

[lukewarlow]

@nsatragno I'm happy to help move them to their own specs.

Something like https://github.com/lukewarlow/PasswordCM would be what is needed right?

A separate one for FederatedCM (would need some way to disambiguate it from FedCM and it's IdentityCredential).

And then like you say they can be removed from this spec with the appropriate linking out to the new specs.

[nsatragno]

Yes, something like that would work (assuming linking between specs works correctly, etc). It is quite a substantial change that I would like to bring to the relevant WGs (webappsec, webauthn, fedcm) first though, and I'm not sure about the value of going through all that work while I don't have enough cycles to put the spec through the recommendation track anyway.