FedCM bundle: Continuation API, account labels, custom parameters, scopes #945
Labels
Focus: Accessibility (pending)
Focus: API design (pending)
Focus: Privacy (pending)
Focus: Security (pending)
Focus: Web architecture (pending)
Mode: breakout
Work done during a time-limited breakout session
Topic: identity & credentials
Venue: Federated ID CG
Milestone
こんにちは TAG-さん!
I'm requesting a TAG review of FedCM bundle: Continuation API, account labels, custom parameters, scopes.
This bundles a few features that we would like to launch at the same time:
Continuation API:
https://github.com/fedidcg/FedCM/issues/555
This lets the IDP open a popup window to finish the sign-in flow after potentially collecting additional information.
Parameters API:
https://github.com/fedidcg/FedCM/issues/556
This lets RPs pass additional data to the ID assertion endpoint
Scope API:
https://github.com/fedidcg/FedCM/issues/559
This lets RPs bypass the data sharing prompt in favor of the IDP prompting
Scaling well-known:
w3c-fedid/FedCM#552
This lets IDPs use different config files in different contexts without weakening FedCM privacy properties, by allowing one accounts endpoint for the eTLD+1 (instead of one config file, which is more limiting than necessary)
Account labels:
w3c-fedid/FedCM#553
Combined with the previous proposal, this allows filtering the account list per config file without providing additional entropy to the IDP.
We are bundling them because each of them is fairly small on its own but they combine to be pretty powerful for IDPs.
Further details:
You should also know that...
[please tell us anything you think is relevant to this review]
CAREFULLY READ AND DELETE CONTENT BELOW THIS LINE BEFORE SUBMITTING
Please preview the issue and check that the links work before submitting.
In particular:
¹ For background, see our explanation of how to write a good explainer. We recommend the explainer to be in Markdown.
² Even for early-stage ideas, a Security and Privacy questionnaire helps us understand potential security and privacy issues and mitigations for your design, and can save us asking redundant questions. See https://www.w3.org/TR/security-privacy-questionnaire/.
The text was updated successfully, but these errors were encountered: