Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add a worth-prototyping position for FedCM #676

Merged
merged 2 commits into from
Aug 31, 2022
Merged

Add a worth-prototyping position for FedCM #676

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
5690b4c
Add a worth-prototyping position for FedCM
martinthomson Aug 22, 2022
4818b89
new taxonomy
martinthomson Aug 30, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 13 additions & 0 deletions activities.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -472,6 +472,19 @@
"title": "Event Timing API",
"url": "https://wicg.github.io/event-timing/"
},
{
"ciuName": null,
"description": "A Web Platform API that allows users to login to websites with their federated accounts in a privacy preserving manner.",
"id": "fedcm",
"mdnUrl": null,
"mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1782066",
"mozPosition": "positive",
"mozPositionDetail": "Federated login is a widely-used feature on the web with significant user benefits in usability and security. Unfortunately, federated identity on the web relies on the same techniques that are used to track web users. The Federated Credential Management API puts the browser in control of managing cross-site logins. Browsers can use this API as a way to give web users better ability to control and monitor how their identity - and any information related to their identity - is exchanged between sites. Including the browser in a mediating role will adversely affect some cross-site interactions, in some cases making them less efficient or even less usable. However, Mozilla considers it imperative that this change occur so that users can be granted control - and awareness - of all instances where their information is transferred between sites. This proposal provides browsers with the opportunity to provide these capabilities. Note that Mozilla also wants to acknowledge an important privacy compromise in the proposal: identity providers learn when and where the identity they provide is used. Though alternative designs might be technically possible, this approach recognizes the security benefits gained by allowing identity providers the ability to audit logins. Furthermore, though this design enables an authorized identity to track cross-site activity, it only does so with the direct permission and knowledge of users.",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good. It captures the core conflicts in the space and how they are resolved by this proposal at a high level.

"mozPositionIssue": 618,
"org": "Proposal",
"title": "Federated Credential Management API",
"url": "https://fedidcg.github.io/FedCM/"
},
{
"ciuName": null,
"description": "This document defines a set of Fetch metadata request headers that aim to provide servers with enough information to make a priori decisions about whether or not to service a request based on the way it was made, and the context in which it will be used.",
Expand Down