Add a worth-prototyping position for FedCM

There is a lot to unpack here. We can't say that this is an unqualified good, particularly given the effect that it might have on IdPs and RPs. But we can at least signal some amount of positive interest. Closes mozilla#618.
martinthomson · Aug 22, 2022 · 5690b4c · 5690b4c
1 parent c9ad833
commit 5690b4c
Showing 1 changed file with 13 additions and 0 deletions.
diff --git a/activities.json b/activities.json
@@ -472,6 +472,19 @@
     "title": "Event Timing API",
     "url": "https://wicg.github.io/event-timing/"
   },
+  {
+    "ciuName": null,
+    "description": "A Web Platform API that allows users to login to websites with their federated accounts in a privacy preserving manner.",
+    "id": "fedcm",
+    "mdnUrl": null,
+    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1782066",
+    "mozPosition": "worth prototyping",
+    "mozPositionDetail": "Federated login is a widely-used feature on the web with significant user benefits in usability and security.  Unfortunately, federated identity on the web relies on the same techniques that are used to track web users.  The Federated Credential Management API puts the browser in control of managing cross-site logins.  Browsers can use this API as a way to give web users better ability to control and monitor how their identity - and any information related to their identity - is exchanged between sites.  Including the browser in a mediating role will adversely affect some cross-site interactions, in some cases making them less efficient or even less usable.  However, Mozilla considers it imperative that this change occur so that users can be granted control - and awareness - of all instances where their information is transferred between sites.  This proposal provides browsers with the opportunity to provide these capabilities.  Note that Mozilla also wants to acknowledge an important privacy compromise in the proposal: identity providers learn when and where the identity they provide is used.  Though alternative designs might be technically possible, this approach recognizes the security benefits gained by allowing identity providers the ability to audit logins.  Furthermore, though this design enables an authorized identity to track cross-site activity, it only does so with the direct permission and knowledge of users.",
+    "mozPositionIssue": 618,
+    "org": "Proposal",
+    "title": "Federated Credential Management API",
+    "url": "https://fedidcg.github.io/FedCM/"
+  },
   {
     "ciuName": null,
     "description": "This document defines a set of Fetch metadata request headers that aim to provide servers with enough information to make a priori decisions about whether or not to service a request based on the way it was made, and the context in which it will be used.",