The Credential Handler API was created to achieve the following goals:
Credential management is becoming fundamental to a new generation of web applications. Users need the ability to safely store and manage credentials (from diplomas to coupons), and they need a consistent trusted UI (aka "trusted chrome" in industry parlance) to do that.
Just as it's important for users to have choice of music players, web browsers, PDF viewers, and so on, it's crucial for them to be able to choose service providers for wallets and credential storage (with safeguards and sane defaults).
Web app developers should not be required to roll their own wallet infrastructure for every application. Using a standard credential management API allows developers to:
- Minimize the risk of data leaks and identity theft
- Participate in the Verifiable Credentials ecosystem
TODO: Explain the importance of polyfills for driving innovation and standards for the Web platform. (a.k.a, many of your favorite Web platform features probably started out as a polyfill.)
TODO: Add section explaining how CHAPI interacts with existing complementary web standards:
- Credential Management Level 1 API
- Verifiable Credentials
- DIDs
- using CHAPI to solve the NASCAR problem, to streamline and preserve Web app state during OpenID Connect logins and OAuth2 interactions.