- From: Adam Solove <notifications@github.com>
- Date: Thu, 07 Nov 2019 19:39:10 -0800
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3ctag/design-reviews/issues/427/551371086@github.com>
I am very much not an expert on browsers and standards, but I do have a couple userland thoughts on why treating this as more similar to a top-level page are useful: - For payments, we want to be able to use webauthentication from parties like a bank or payment system that is not the owner of the main page, but does have the marked origin in the modal. We believe that, with the right restrictions on the secure modal, this would be a net-win for both privacy and security over current methods, that rely on tracking in iframes and problematic SMS-based authentication. - Some payment systems currently block iframing using x-frame-options and require full redirects or popups because they involve entering passwords and would therefore be phishable. Because the secure modal is clearly separate from the underlying page, and clearly marks the origin and security status of the connection, we believe these payment systems should be able to continue blocking iframing while allowing themsleves to appear within this secure modal. - Having access to 1p cookies is also important for use-cases involving authentication. Many federated authentication systems today depend on iframes and invisible redirects in ways that are indistinguishable from malicious trackers. But if the user is consciously choosing to interact with them, in order to pursue a clear purpose that is also clearly tied to an origin, it would be great for secure modal to support that. This would allow browsers to hasten the death of iframe and redirect attacks _without_ breaking things like embedded payment forms and embedded federated authentication workflows that seem to be legitimate and are willing to be subject to having a visible origin and clear user consent. Obviously, I understand concerns about this API being used for problematic cases that trigger security and privacy concerns. But I would love to see if you all can creatively support many of the use-cases above, so that third-party systems in payments and authentication can get rid of the much-worse status quo systems and replace them with secure modal. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/427#issuecomment-551371086
Received on Friday, 8 November 2019 03:39:14 UTC