Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FedCM Permissions Policy #83

Closed
npm1 opened this issue Nov 3, 2022 · 2 comments
Closed

FedCM Permissions Policy #83

npm1 opened this issue Nov 3, 2022 · 2 comments
Assignees
@rmondello @johnwilander @marcoscaceres
Labels
duplicate This issue or pull request already exists topic: authentication Spec relates to authentication, e.g. passwords, passkeys, OAuth topic: permissions venue: Federated Identity CG

Comments

@npm1
Copy link

npm1 commented Nov 3, 2022
edited by annevk
Loading

Information about the spec

Design reviews and vendor positions

Anything else we need to know

FedCM was considered positive here, and this request is only about the addition of permissions policy to enable iframes to invoke the API.
@gsnedders gsnedders added the topic: authentication Spec relates to authentication, e.g. passwords, passkeys, OAuth label Nov 10, 2022
@annevk
Copy link
Contributor

annevk commented Feb 10, 2023

So when you have A embeds B, this would allow A to delegate the ability to invoke federated login to B. (A and B are cross-site.)

If successful this then gives the user identity to B and not A.

Given that this is equivalent to A and B collaborating through postMessage() to achieve the same result this is probably okay (and has a lot of precedent in other APIs), though I worry more than I used to about what kind of pressures will be put on A by sites commonly embedded to delegate all kinds of permissions.

cc @achristensen07

@hober hober moved this from Unscreened to Needs position in Standards Positions Review Backlog Mar 23, 2023
@hober hober moved this from Needs position to Needs assignees in Standards Positions Review Backlog Mar 27, 2023
@hober hober moved this from Needs assignees to Needs position in Standards Positions Review Backlog Mar 27, 2023
@marcoscaceres
Copy link
Contributor

Closing in favor or #309 as we have never given a position of the actual FedCM spec.

@github-project-automation github-project-automation bot moved this from Needs position to Done in Standards Positions Review Backlog Jan 29, 2024
@annevk annevk added the duplicate This issue or pull request already exists label Sep 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rmondello rmondello

@johnwilander johnwilander

@marcoscaceres marcoscaceres

Labels
duplicate This issue or pull request already exists topic: authentication Spec relates to authentication, e.g. passwords, passkeys, OAuth topic: permissions venue: Federated Identity CG
Projects
Standards Positions Review Backlog
Status: Done
Milestone
No milestone
Development

No branches or pull requests
7 participants
@hober @gsnedders @rmondello @johnwilander @marcoscaceres @annevk @npm1