Add a worth-prototyping position for FedCM #676
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
There is a lot to unpack here. We can't say that this is an unqualified good, particularly given the effect that it might have on IdPs and RPs. But we can at least signal some amount of positive interest. Closes mozilla#618.
martinthomson
commented
Aug 30, 2022
bvandersloot-mozilla
approved these changes
Aug 30, 2022
| "mdnUrl": null, | ||
| "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1782066", | ||
| "mozPosition": "positive", | ||
| "mozPositionDetail": "Federated login is a widely-used feature on the web with significant user benefits in usability and security. Unfortunately, federated identity on the web relies on the same techniques that are used to track web users. The Federated Credential Management API puts the browser in control of managing cross-site logins. Browsers can use this API as a way to give web users better ability to control and monitor how their identity - and any information related to their identity - is exchanged between sites. Including the browser in a mediating role will adversely affect some cross-site interactions, in some cases making them less efficient or even less usable. However, Mozilla considers it imperative that this change occur so that users can be granted control - and awareness - of all instances where their information is transferred between sites. This proposal provides browsers with the opportunity to provide these capabilities. Note that Mozilla also wants to acknowledge an important privacy compromise in the proposal: identity providers learn when and where the identity they provide is used. Though alternative designs might be technically possible, this approach recognizes the security benefits gained by allowing identity providers the ability to audit logins. Furthermore, though this design enables an authorized identity to track cross-site activity, it only does so with the direct permission and knowledge of users.", |
There was a problem hiding this comment.
This looks good. It captures the core conflicts in the space and how they are resolved by this proposal at a high level.
|
Thanks Tantek. Moving on. |
Daasin
pushed a commit
to Daasin/standards-positions
that referenced
this pull request
Jan 5, 2023
* Add a worth-prototyping position for FedCM There is a lot to unpack here. We can't say that this is an unqualified good, particularly given the effect that it might have on IdPs and RPs. But we can at least signal some amount of positive interest. Closes mozilla#618. * new taxonomy
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There is a lot to unpack here. We can't say that this is an unqualified
good, particularly given the effect that it might have on IdPs and RPs.
But we can at least signal some amount of positive interest.
cc @bvandersloot-mozilla
Closes #618.