Skip to content

Latest commit

 

History

History
35 lines (24 loc) · 2.61 KB

prior.md

File metadata and controls

35 lines (24 loc) · 2.61 KB

Prior Art

By far, the closest analogy to this work is the great work of BrowserID during the Mozilla Personas effort (postmortem). In many ways, the goals that BrowserID was trying to achieve as well as the mechanisms that were created are a lot like FedCM. There are significant differences in strategy and design, but let’s start with the similarities first because there are many.

First, BrowserID was clearly trying to solve similar problems, namely IDP Tracking and friction. The mechanisms that were created clearly had strong builtin privacy components to prevent IDPs from knowing about RPs and vice versa, via the chain of signatures gathered from IDPs (mainly email providers) and certificates generated by the browser.

Second, from a mechanism perspective, there was clearly a separation between an RP to Browser API as well as a Browser to IDP API.

navigator.id.get((assertion) => {}, {
  backgroundColor: "#606B72",
  siteName: "My Example Site"
});

The RP calls a browser native API to fetch an assertion which gets mediated by the browser in coordination with the IDP.

// set up UI
navigator.id.beginAuthentication(function(email) {
  // update UI to display the email address
});

The postmortem analysis is very insightful in understanding the challenges faced and gives this proposal a solid place to work from. In many ways, we think some of these insights are rooted in the observation we made earlier about backwards compatibility with RPs and user’s current behavior, which we are deliberately trying to avoid.

Related Work