use of better credentials and note other user flows where non-interruption to the web journey is beneficial to the end user

[alanbuxey]

thanks for the session at W3C earlier today, just a couple of comments that might be considered

Firstly, in terms of the 'is the user signed in to their webmail session' - I believe that the cookie needs to be robust - perhaps the spec should ensure that its a device bound session credential - to ensure that there could be no cookie theft/exfiltration threat

Secondly, whilst this protocol is great for sign-up process, allowing the user to complete sign-up without breaking out of the web journey (dealing with Mobile environment still TBD etc) this flow can also be used in other email-requiring scenarios too - such as account recovery options , such scenarios should also be noted in the spec/conversations/presentation