- From: CCG Minutes Bot <minutes@w3c-ccg.org>
- Date: Fri, 27 Jan 2023 23:56:57 +0000
Thanks to Our Robot Overlords and Our Robot Overlords for scribing this week! The transcript for the call is now available here: https://w3c-ccg.github.io/meetings/2023-01-24/ Full text of the discussion follows for W3C archival purposes. Audio of the meeting is available at the following location: https://w3c-ccg.github.io/meetings/2023-01-24/audio.ogg ---------------------------------------------------------------- W3C CCG Weekly Teleconference Transcript for 2023-01-24 Agenda: https://www.w3.org/Search/Mail/Public/advanced_search?hdr-1-name=subject&hdr-1-query=%5BAGENDA&period_month=Jan&period_year=2023&index-grp=Public__FULL&index-type=t&type-index=public-credentials&resultsperpage=20&sortby=date Topics: 1. Introductions and Reintroductions 2. Announcements 3. CHAPI over FedCM Organizer: Mike Prorock, Kimberly Linson, Harrison Tang Scribe: Our Robot Overlords and Our Robot Overlords Present: Mike Prorock, Orie Steele, Jennie Meier, Samantha Matthews Chase, Brian Richter, Harrison Tang, Chandi Cumaranatunge, Anil John, Will, Sandy Aggarwal, Zachary Tan, Dave Longley, Phil L (P1), Yi Gu, Manu Sporny, John Henderson, Alan Karp, Erica Connell, Gregory Natran, Kimberly Linson, Paul Dietrich GS1, Matt Maggard, Stuart Freeman, FedCM, TallTed // Ted Thibodeau (he/him) (OpenLinkSw.com), Andrew Whitehead, Ryan Grant, BrentZ, Dmitri Zagidulin, Joe Andrieu, Markus Sabadello, Andres, Nate Otto, Kayode Ezike, John Kuo, julien fraichot, James Chartrand, Bryan Luisana, Rebecca Busacca, Territorium, Jeff O - HumanOS, Kerri Lemoie, Mahmoud Alkhraishi, Lucy Yang, David I. Lehn, Juan Caballero, Bob Wyman, Rishi, Nikos Fotiou, Saumya, J Chao, Keith Kowal, Ted Thibodeau <orie> Hey Sam :) Our Robot Overlords are scribing. Mike Prorock: See manner I see it said that it's started I saw it may have started the transcriber. Mike Prorock: We stopped recording and try to restart it here. Manu Sporny: We could restart the bridge that will usually do it before everyone else. Our Robot Overlords are scribing. Manu Sporny: There we go. Mike Prorock: https://lists.w3.org/Archives/Public/public-credentials/2023Jan/0043.html Mike Prorock: All right awesome cool thank you all and welcome to the public credentials good old ccg meeting for the week here it is Tuesday January 24th just after 10:00 a.m. my time the we're main topic for today is covering fed CM so Sam go to will be talking through that topic so we'll be handing the ball over to him. Mike Prorock: \'A0 in a. Mike Prorock: https://www.w3.org/Consortium/cepc/ Mike Prorock: To talk about that which I am sure many of us have interested just a quick reminder that this meeting as with all meetings and business with w3c is covered under the code of ethics and professional conduct we typically don't have issues with that here but I do like to call that out I do also want to note from an intellectual property standpoint that anyone can participate in these calls however if you're actually contributing in any way shape or form to Assisi. Mike Prorock: \'A0 e work item you must be. Mike Prorock: https://www.w3.org/community/credentials/join Mike Prorock: With an IPR agreement signed and it's pretty reasonably straightforward and I'll put the link to join in if you are not a member the we are taking a recording of this and it will be posted to our GitHub we do also use the chat to Q so in the chat or if you're connected to the IRC Bridge you can just type Q followed by plus and it will add you to the Q the letter q. Mike Prorock: \'A0 q that is plus symbol or. Mike Prorock: Cue the minus symbol to remove yourself from the queue we do try to keep things efficient here so do be mindful that other folks may be queuing up I think the hand-raised function is still Linked In nicely to queuing so just so you know if you do pop your hand up I'm going to see it don't worry I am moderating the chat and we'll call on folks as we get the good natural break points for questions so with that I am going to pause and just see if there's any. Mike Prorock: \'A0 ins for anyone new to this call that has not. Mike Prorock: So call today and would like to introduce themselves to the group or folks that have changed affiliations or jobs and would like to let the community know. Topic: Introductions and Reintroductions <bryan_luisana> Hello, this is my first meeting.\'a0 I am the new Director of Engineering for Transmute. Mike Prorock: Pause here and not seeing any I will note that don't be shy if this is your first meeting you can always if you queue up for instance say hey first meeting here and there's plenty of friendly people here that are happy to intro you two things you may or may not need to know about ccg with that any announcements or reminders from the community any kind of key topics folks should be aware of. Mike Prorock: Um oh and I do see an intro before we move into that Brian you want to speak up do you see a new director of engineering for transmute welcome to come off mute and say hi. Bryan_Luisana: Hello can you hear me. Bryan_Luisana: Yeah yeah just want to say hello this is obviously my first meeting I started full-time work with transmute this week and yeah and I'm working hand-in-hand to the Orient he asked me to come in here to try to get acclimated to the community. <manu_sporny> Welcome Bryan! :) Dave Longley: +1 Welcome, Bryan! <kerri_lemoie> Welcome Bryan! Mike Prorock: Awesome well great to have you and I enjoy collaborating with Ori whenever I get the chance so you're in good company and I could say the same pretty much with everyone in the community here so it's a good crowd so great to have you and looking forward to contributions over time as you get your feet feet under you here. Bryan_Luisana: Thanks a lot. <anil_john_[us/dhs/svip]> Welcome Bryan! Topic: Announcements Mike Prorock: All right with that any announcements from folks. Mike Prorock: Mr Man Who. <anil_john_[us/dhs/svip]> LOL Manu Sporny: Thanks Mike just real quick a reminder that the verifiable credentials working group meeting is coming up in Miami and mid-February so if you have not booked your tickets and stuff like that and you intended to go reminder that it is you have to be a w3c member to attend or you have to be invited in by the chairs much in the way vampires work so if you. Manu Sporny: \'A0 you are coming make sure that. Manu Sporny: In the lined up that's it. <phil_l_(p1)> @manu link to reg details? Mike Prorock: Yeah thanks thanks very much for that and the if I can skip my wife's birthday for that meeting I am just going to put that as that's should say the level of relative importance as far as how I think that meanings going to go so I plan on being there so I would encourage anyone who is able to join to do so any other announcements before we move into the main agenda for the day. Mike Prorock: https://lists.w3.org/Archives/Public/public-credentials/2023Jan/0069.html Topic: CHAPI over FedCM Mike Prorock: I'm not seeing any we are going to pass it over to mr. Sam to talk about fed CM I just put a link in the chat here to the slides that man who thankfully sent out to the list here so if you want to pull a copy of the slides you are welcome too and with that Sam over to you. <mprorock> All, i am watching Queue and will break in at appropriate points for Q&A Samantha Matthews Chase: All right well thank you so much for having me I'm super excited to be here man who came to the fella dcg a couple weeks ago and it was just very we just had a wonderful conversation there and so it felt like it was a good time for me to to do the reverse and come to meet you all in the get to know you all so I'm super excited about that my name is senne go to I work at Google I've been at Google for a long time. Samantha Matthews Chase: \'A0 I worked with mono in the past when I was in Google search doing standards for. Samantha Matthews Chase: With Jason Aldean crawling the web and I know a bunch of stuff in this call to so just wonderful to see a lot of you all from the years that I've been involved in web standards but for the last six years or so I came to the Chrome team to do web standards for browsers as opposed to search engines so that's what brings me here today so let me see if I can present see if it can go from there. Samantha Matthews Chase: \'A0 let's see. Mike Prorock: You are coming through so. Mike Prorock: Yep y'all good. Samantha Matthews Chase: Wonderful all right okay so so I meant this more as a kind of like opening a conversation or so the presentation is so feel free to you know stop me and just kick off conversations as we go along you know the slides are just mostly just a tree points for discussion more so than you know a cohesive and coherent stream of thought is so please feel free to just stop me at any time and and we can go from there. Samantha Matthews Chase: \'A0 but if. Samantha Matthews Chase: Probably content enough for me to talk over so I figured it may be useful for you all to get a sense of what fetch him is in what context it was constructed in what context is operates just kind of like a brief introduction you know where it's at but also kind of get a sense of you know why is it that we build it and where do we expect it to go what opportunities are we excited about it so like a little bit of a sense of. Samantha Matthews Chase: \'A0 trajectory in the reason if in trajectory is. Samantha Matthews Chase: I think you'll find that some of the things that we're excited about I think has an intersection with the things that this community is excited about it so I try to I try to build like a list of shared interests or things that we seem to be agreeing with each other or excited about to and then just so that we are realistic about things also a list of things that we may be intention about. Samantha Matthews Chase: \'A0 there is it isn't a long list so. Samantha Matthews Chase: Hopefully hopefully what we can talk about through these so with that then let me just get started so sort of Court part presentation you know what's what's fed CM introduction about it a bit of a we expect it to go and then how I think there's an intersection with choppy and Perhaps Perhaps the places in which there isn't an intersection choppy. Samantha Matthews Chase: \'A0 okay so just. Samantha Matthews Chase: Section about fit CM any questions so far anyone that's just seemed like a reasonable agenda. Samantha Matthews Chase: Cut cut cut you to ask questions in the chat there will we have there there are few Engineers fxcm Engineers on the call with so they may be able to to answer in the queue okay okay so what's fat CM so I guess I guess most of you are all of you are very well versed in the space here so Federation needs no introduction to you all but just to. Samantha Matthews Chase: \'A0 to contextualize things. Samantha Matthews Chase: Federation at least for Consumer consumers being one of the two ways in which you can create accounts with websites you know you can use usernames and passwords or you can use Federation any using username passwords are typically these are backed by e-mail verification or phone number verification so at the core of like creating crania Council website you have only these two mechanisms and in we and. Samantha Matthews Chase: \'A0 while Federation has its challenges. Samantha Matthews Chase: We think it has it has benefits over usernames and passwords so it felt like something worth preserving and maintaining on the web past keys are are evolving a lot to and making usernames and passwords a lot better in many ways it's so this is a moving Target but in and on itself we felt like Federation is something that's worth it seemed like good for the web. Samantha Matthews Chase: Or the contest go in which fat cm is in is that Federation as as you will find CHAPI to was was built was designed unintentionally on what browser vendors called low level Primitives these are things like iframes third-party cookies and redirects these are these are low level Primitives because their general purpose the they are general purpose Primitives that can be used for. Samantha Matthews Chase: \'A0 or a variety of things and just by accident one of the things that. Samantha Matthews Chase: Used and abused by the ecosystem is cross-site tracking so cross sidetracking has become a problem on the web and it's the large likely the most active area of Investigation for for web browsers Safari and Firefox and chrome all pushing very hard on preventing tracking on the web and what in the big the big problem is that we call this the classification problem. Samantha Matthews Chase: \'A0 because as far as a web browser is configured. Samantha Matthews Chase: It doesn't know the distinction between tracking versus reasonable uses of vulnerable Primitives because the smaller the classification problem because browsers are having a hard time preventing tracking while maintaining and preserving the valid uses of these Primitives one of which being things like creating accounts or websites with third-party identity providers. Samantha Matthews Chase: So you will see specifically in things like chappie for example that uses these low-level Primitives you know them being postmessage iframe third-party cookies and but window pops the browser vendors are more and more trying to constrain in and mitigate tracking and in doing so having an effect unintended effect on values cases so for chapter specifically. Samantha Matthews Chase: \'A0 in the absence of third party cookies. <dave_longley> your interpretation is right, Sam Samantha Matthews Chase: Think correct me if I'm wrong this is just my interpretation in understanding of chappie so please please do correct me if I might interject interpretation is incorrect here but much like other places in Federation in the absence third-party cookies the protocols that they great they degrade gracefully invite the grading I mean that they lead to an to a user experience that is suboptimal in this specific case you know chappie opens a pop-up window is opposed. Samantha Matthews Chase: \'A0 so an iframe because pop-up window. Samantha Matthews Chase: Are loaded as first-party context as opposed to third-party context and in doing so it has access to first-party cookies but in doing so also you know it also exposes the user unnecessarily to authn.io which is a mediator but it's permitted it's mostly a something that is to be kept you know you know I'll wait outside of what the user needs to know but because pop up. Samantha Matthews Chase: \'A0 Windows do take. Samantha Matthews Chase: The page that that's something that they used is exposed not only from a kind of like user experience perspective but also like the pop-up window per se is probably more disruptive than an iframe by gracefully I mean that why do it degrades it kind of still works it's not like it's the end of the world it partially works and so this is choppy specifically Federation open ID connect and Samuel specifically also the great gracefully and for the most part also work but. Samantha Matthews Chase: \'A0 break enough that it's worth looking into in providing alternatives to Turf. <manu_sporny> Yes, great summary of the challenge, Sam. Samantha Matthews Chase: That that would perhaps make this process a little bit better so that's the context in which fed cm is in the context in which fed cm is in is that browser vendors are making interventions on third-party cookies and cross-site communication and in doing so it's causing pain for deployment of federation so what phet SIM is is its high level I did you. Samantha Matthews Chase: \'A0 Eric Brown cherry pie so it's a. Samantha Matthews Chase: I but it's one that makes a trade-off between extensibility and control so it's not as expressive as third-party cookies in iframes and postmessage this less expressive than that but it's but because of because it's able to narrow the the language and expressivity it's able to offer the user more control so so so fat Sam is a web platform API so so think of it as an alternative to you know third-party cookies of purpose message. Samantha Matthews Chase: \'A0 we have always thought of FedCM as kind of like this choose. Samantha Matthews Chase: Play meaning that you know it's a it's first and foremost the preservation play you know meaning that there are things in the ecosystem that exists that should be preserved and we don't want it to break so open a disconnect and Sam was specifically their parts of it you know where you have billions of users using it to like from Channel log out or other things that you know these are things that are worth preserving because we don't want to steer users towards usernames and passwords. Samantha Matthews Chase: \'A0 especially acquiring global global email. Samantha Matthews Chase: So there's this there's much to be preserved here but then we always thought that in the process of preservation in the process of making so that we're not breaking the things that exist it would be good to make it so that you know once we take that step it allows us to do things that we wouldn't be able to do otherwise their Federation has massive amount of problems and we thought that maybe by introducing the browser as a neutral intermediator that maybe it would enable things to be. Samantha Matthews Chase: \'A0 done that wasn't possible. Samantha Matthews Chase: The most concrete example is the Nazca flag problem that's got a flag problem with you're all very familiar with because chappie you know it's it's a problem that requires a neutral intermediator you know in your case you'll be invented often dot IO but in fact CM we've constructed that in the browser itself so that it's because they do you don't have to introduce a new origin but it can only be done right because you because you have this neutral party that. Samantha Matthews Chase: \'A0 it allows identity providers to coordinate. Samantha Matthews Chase: That's a bit abstract so I need to turn that into something concrete so but this is precisely concretely what fat skin is actually in production today if you try it so if you went to Chrome stable right if you're using Chrome or very or variant of chrome then it's likely that you will start seeing some of these account Chooser widgets that allows you to log into websites with your identity provider accounts in this specific case. Samantha Matthews Chase: \'A0 is recipe website.com being a relying party. <mprorock> shades of what SAML wanted to be Samantha Matthews Chase: Being the identity provider but here you see kind of like a brochure mediated you I come in from the bottom you know suggesting your Google accounts to log into recipe website you can pick one of them and it looks like an account Chooser it's partially is and it's constructing such a way that the identity provider doesn't learn about the user going to recipe website up until the point in which the user clicks continuous Eliza meaning that. Samantha Matthews Chase: \'A0 that it cannot be abused track users over the web. Samantha Matthews Chase: This is what it looks like on desktop so so you know it's it doesn't take a lot of imagination you know looks like an account shows are coming up from the from the top this is what it looks like in production so we ran experiments and production experiments with actual websites here you see Peterson Canada and google.com in production but this is what the user experience is more or less like this is what you should use. Samantha Matthews Chase: \'A0 you're going to start seeing as Google sign in and pin. Samantha Matthews Chase: The website start running up we expect that to be done in the next year or so your preparation for the deprecated or party cookies but you know it looks more or less like an account Chooser that pops up for the bottom or from the top right and then you picking one of those accounts you are able to sign into Pinterest. Samantha Matthews Chase: Have you all so far. <manu_sporny> Yes, all good! Samantha Matthews Chase: Any any any questions. <orie> amazing! Dave Longley: +1 Following along, great presentation. Mike Prorock: Very much so I'm not seeing anyone on the Queue but I did have a question I was just about to keep myself to ask you know one of the things you mentioned around privacy-preserving was like oh and then they don't know who you are until you click continue right do you have a mechanism to cover cases where you may want to just signify that the user was say of age or authenticated or some other flag without. Mike Prorock: \'A0 feeling any other information. Mike Prorock: Because this is something that's come up with like I'm thinking of like state of Louisiana legislation recently and some other areas are you looking at those use cases as well or is it primarily to authenticate and actually attached to a user profile for instance. Mike Prorock: Excellent perfect well the areola. Samantha Matthews Chase: Oh that's a perfect segue to the to the to the the next few slides yeah that's so let me let me save that answer to the next was like sorry I did I get that uh perhaps Dave had a question. Samantha Matthews Chase: \'A0 I'll just. Samantha Matthews Chase: Along other shoes just continue okay okay okay so yeah that's that's what I'm glad that I've connected the flights in a good way then because that will precisely give us that that's precisely what I will go over forward so perhaps the first observation to be made here in terms of trajectory is that we think of fed CM we used to call this web ID and internally large extent we still call this web identity but we think of web identity. Samantha Matthews Chase: \'A0 T identity as a thing. <mprorock> gonna let the "where we going" slides roll and then start running through queue Samantha Matthews Chase: No to authentication and we like that there are two apis that have did that they do what their name say that they do meaning that we have web often who is just making wonderful progress towards authenticating users to the web in an extremely privacy-preserving way and extremely Safe Way with passkeys and public-private crypto right so we are seeing just. Samantha Matthews Chase: \'A0 that web often wasn't up until. Samantha Matthews Chase: As recoverable as Federation so Federation bundled both on identification as well as identification so it is the case that Federation today is used for signing into websites but if I had to make a projection I would expect a lot of the signing into websites with we Federation to move towards a more secure and private mechanisms such as passkeys so you know we were. Samantha Matthews Chase: \'A0 working really hard and this is I'm not a direct. Samantha Matthews Chase: To web often but I'm within the group that is but we I can say collectively like we're working really hard as browser vendors to make web often extremely successful right it has all the right properties when it comes to authentication and creating and creating accounts websites meaning you know like it discloses as little as possible from the user right it doesn't share the users email or Globe identifiers you know the private keys are directed you know public/private key cryptography. Samantha Matthews Chase: \'A0 much better than most things combined and it's the user experience is seamless in. Samantha Matthews Chase: Wonderful because it's proportional to the amount of risk that users taking right so the first separation perhaps to be made which I think is useful is to know that from a projection perspective we expect and want web off and succeed in allowing users to create a council websites and we expect web identity to to deal with with with with your identity so just that separation is a we. Samantha Matthews Chase: \'A0 acted to be important as we go along now. Samantha Matthews Chase: It's a bit too abstract so let me try to make this into a little bit more concrete so first right like the you creating user names and passwords it's always predicated on something as recoverable as as an email address verification or phone number verification I'm also the editor for web OTP that does this verification phone numbers and email addresses but the but the the idea. Samantha Matthews Chase: Fetch him to be something that allows you to express yourself in many different ways so so obviously Federation is much larger than Google itself as you all know it was probably actually the second or third identity provider so you know we're working hard to make it so that identity providers like Facebook and Twitter and apple you know see value in fat cm and in find ways to have their users represented in such a way that it can take there. Samantha Matthews Chase: \'A0 their accounts their Facebook and Twitter and if Apple accounts into websites. Samantha Matthews Chase: We constructed fetch him such that it's not bound to Google as an identity provider because we know that the Federation is much larger than Google and we think that one of the things that we're excited about which I think has a big connection with choppy is that you know it's you know it's it's there's a reason why there's a NASCAR flag right the reason why there's an extra flag is because you know not all users are Facebook users not all users. Samantha Matthews Chase: \'A0 these are Google users. Samantha Matthews Chase: Users have present themselves in one way or another in Choice here I think is it's a good thing to have right but that's our flag has become unsustainable because only so many identity providers can be shown in a four or five role of buttons but if we pretty Kate the if we predicate didn't ask her flag over a counselor you're logged into other two uses and it any provider then the Nazca flat can be much larger almost like an. Samantha Matthews Chase: \'A0 'not shelf like Amazon's play. Samantha Matthews Chase: Have smaller identity providers show up in this list just because users are logged into them so that smaller identity providers can be in this list because it won't they want to be on the way of all the users just users of that at specific identity providers so once you once you may call identity providers kind of like conform and have a uniform interface then it means you can aggregating them in ways that you weren't able before. Samantha Matthews Chase: \'A0 right and this is what. Samantha Matthews Chase: Like about you know you know preserving Federation but doing so in a way that can put you in a place that you wouldn't be able to reach before right so just because you can make the identity providers conform to a uniform interface it means that you can aggregate over them and that might give you the ability to do we've been calling this the multi-port in each provider account Chooser meaning that it's an account culture that can aggregate over all your identities. <dave_longley> we might want to go to the queue soon before the topic changes too much Samantha Matthews Chase: You know just just from a industry from a ecosystem perspective I talked a lot about the social widget like use cases which are largely open ID but there's a there's a Master model deployment of sam'l on the web for students that use their students identities IDs to access University academic resources you know if you. Samantha Matthews Chase: \'A0 you are students. Samantha Matthews Chase: And you'll likely have your MIT or Stanford identity identity and because of that you're able to access things like academic journals for example so so Samuel also parts of sam'l also breaks or degrades gracefully in the absence third-party cookies and is expected to break more as it as browser vendors are making bigger and positions over tracking and so we're working with the salmon. Samantha Matthews Chase: \'A0 Community to find ways to. Samantha Matthews Chase: You know move them away from this general purpose Primitives that are that are that are being you know under under constrained under attack and move them towards a place in which it's a more you know of a more identity specific place you know have in the browser know more about the users identity card such that this can this can be less less less prone to be I did immediately mitigations. Samantha Matthews Chase: \'A0 so Samuel just takes. Samantha Matthews Chase: Certain aspect of it seems work. Samantha Matthews Chase: What's a finding that a lot of people have been using open ID and an auto-off to enable things that we've been calling this membership identity cards because the the ACT here isn't so much to log into Publishers but it's to just prove to just to bring your membership card such that you can unlock something so you know the before Twitter 44. Samantha Matthews Chase: \'A0 before the recent changes. Samantha Matthews Chase: Twitter had this Twitter blue product that as a Twitter blue subscriber you were able to unlock ads on Publishers because you're a Twitter blue subscriber right and it relied on third-party cookies and but somebody act here isn't so much to log into the Atlantic the ACT here is to use your Twitter blue account on the Atlantic such that you can have an ad-free experience so so it's more fun. Samantha Matthews Chase: \'A0 kind of like I'm a member of a club kind of kind of kind of. Samantha Matthews Chase: More so than necessarily that the user identity is being exchanged to the to the to the Atlantic which is similar to The sam'l Proposition in that you're you're just you just want to unlock content as opposed to sign in okay now that I've been about the the sense of attributes Beyond Identity or things of things along the lines of driver's license and so on so. Samantha Matthews Chase: \'A0 so it's the case that. Samantha Matthews Chase: Is that both open ID and off allow you to be expressive about the things that are exchanged between relying parties and identity providers right so well off with off Scopes and open ID with the claims attribute you're able to say is a relying party you know I want only this many things from the from the identity provider this is extremely useful to us we think because we want to minimize that as much as possible right now Fat Sam is very constrained. Samantha Matthews Chase: \'A0 I'm in that it's. Samantha Matthews Chase: Changing this thus for bits of information that you know the user's name email address perfect picture and user ID and we want to make it so that you can construct things such that the website can ask for fewer things right maybe they don't maybe don't need the users email address in order to continue or even perhaps more things like maybe they don't need the users email address for the elect the users phone number right all the way to things like perhaps just getting the. Samantha Matthews Chase: \'A0 the users age as opposed to the users email address so there's there's a. Samantha Matthews Chase: A stream of. Samantha Matthews Chase: Of Investigation which is which is looking into into selectively being able to disclose as little or as you as little information as necessary for you to get your job done. Samantha Matthews Chase: Mike's this more or less called this is where I was. Mike Prorock: It does and we've got a little bit of a q stacking up are you okay for some questions here. Samantha Matthews Chase: If you don't mind I'd let me just finish the section and then I can I can stop at the section at the break of the section because I think I only have a couple more slides okay so just to just to wrap up this in a couple more slides into section here but one of the one of the kind of like you know browser mediated apis have their flaws you know you're always it's the accessibility Manifesto challenge. Samantha Matthews Chase: \'A0 no the trade-off between the. <mprorock> question for later if we get to it - phone home... live query of who/which site is asking against the authorizer Samantha Matthews Chase: Hi low level Primitives is a trade-off between accessibility expressivity and control but so so we are aware that you know if it's him will always be behind in terms of what it can express in comparison to HTML JavaScript and CSS but the trade-off to be to take allows us to because we take identity as a first class citizen right then we can use that information in places that would otherwise not be accessible typically to content so for. Samantha Matthews Chase: \'A0 sample the omnibox that URL bar is something that is protected as brown. Samantha Matthews Chase: Mediated ux but because this is an identity specific flow then we can construct your ex that is otherwise not available to content some of the exploration that I like the most is to take identity and login status as a first class citizen right into much like you have a locking status indicator to your Chrome profile some of the expiration are most excited about is taking staking login status to the site as a first class citizen. Samantha Matthews Chase: \'A0 if you think about. Samantha Matthews Chase: The web was constructed such that logging in is a user land construct right the web the browser doesn't know if you're logged in or website or not because cookies can express a variety of things so with this we would we would be able to provide user experiences that would otherwise not be possible another example of a few why that is otherwise inaccessible to content that wants you constrain it such that it can be constrained then then then it can be made accessible. Samantha Matthews Chase: \'A0 is autocomplete right autocomplete is a browser media Dux that only browsers have. <mprorock> e.g. a state dmv seeing that a user visited planned parenthood and validated their age Samantha Matthews Chase: Browsers I mean all the way the user stack right browser vendors and operating system vendors all the way to Hardware vendors but it's vertical stack that is operating on the user's behalf only gives access to these things you know in a way that is very narrow so here's one example where so I'm a big I'm a big guy I feel the pain of e-mail verification and phone number verification so I always come back to this use case but here here's one way in which perhaps you can have. Samantha Matthews Chase: \'A0 an email provider for example make a. Samantha Matthews Chase: It's about email addresses for example or maybe phone up carriers can make verified assertions over phone numbers to and in doing so perhaps you know having the user skip a few steps as they are constructing their accounts alright perfect this is this is the perfect this is a good break let's look at the queue. Mike Prorock: Awesome sounds good I think Ryan Grant is up first. Ryan Grant: Okay this is an accessibility plea in support of include and exclude lists for turning this technology on and off / website and to related story I have a friend with severe visual impairment who also protects their personally identifying information carefully and offers generally very little trust to most websites this friend is a big fan of little snitch so they've previously. Ryan Grant: \'A0 obviously related to me. Mike Prorock: +1 Thank you rgrant! huge topic and everyone forgets about it Ryan Grant: They are always terrified that they will accidentally offer their identity to a website that they would prefer to not trust in any way because of the way that these requests pop up and I have also personally now noticed that I'm declining these dialogues multiple times per day due to the way I reset my pii when I engage with websites or kind of directed there from elsewhere but I have no intention to share my. Ryan Grant: \'A0 e with this website and so I am also. Ryan Grant: Not to click that button and looking for the little button over in the corner it's like get away from sharing with somebody I don't want to share with and I feel I'm being judged in a then the wrong way so my question is to restate it what accessibility affordances such as an include and exclude list are being considered to help users like my friend and myself use the web as we prefer to thank you. Samantha Matthews Chase: Yeah that's that's a wonderful question thanks for asking I think in many ways the the user agent or the browser is closer to following your interests in comparison to Identity providers this so I would expect that as we as we as as the as the user agent is able to inter mediate the The Exchange. Samantha Matthews Chase: \'A0 between identity providers in it reliable. Samantha Matthews Chase: He's it's able to better represent your needs and your interests in the form of for example browser settings for example that it's able to disable this for all the websites you know or perhaps make them less less prominent in the UI or perhaps have more control over them so fat same right now does have some of these settings I can't say that it's probably won't meet your bar but I think from a trajectory and. Samantha Matthews Chase: \'A0 Direction perspective it's. Samantha Matthews Chase: Actually speaking it's it's easier to have the one intermediator control over all the identity providers right in in representing your needs then to have all the identity providers do that by themselves or to regulation and so if I hear you and I believe that from a direction perspective we're going to be in a better place than we are with the status quo Heaven having these things be done in. Samantha Matthews Chase: \'A0 use our land as opposed to browser land. Ryan Grant: I'm I'm not sure that I think you're saying having it done in user land instead of browser land will be better but I certainly have not seen things get better and I don't know where any of those related options are that I would need so I don't see them right now. Samantha Matthews Chase: It was more of a trajectory and structs Architectural argument then a snapshot argument I think I think if you look at the ecosystem today you'll be right that the controls the browser vendors in the FED cm is exposed in aren't sufficient but I just wanted to say that I think that architecture Ali this is the better call because it would allow us to do so in a way that is more at scale than it was before so. Ryan Grant: Thank you thank you I understand thanks. Mike Prorock: Yeah and Sam by the way like my wife just as a random aside Works quite a bit with national Industries for the Blind and they're one of the larger you know employers for folks with visual impairments yourself as visually impaired and I can tell you firsthand like when we like I would encourage the team to just sit down with folks that actually are using screen readers on a day-to-day basis and what an engineer thinks is accessible versus what actually is is something. Mike Prorock: \'A0 that gets overlooked a lot and when we're talking about things as. <brentz> big +1 Mike Mike Prorock: It's a pretty big deal so awesome topic happy to Deep dive on accessibility in this stuff later and Ryan I did thank you very much for bringing that up Ted I see you on the queue. <bumblefudge> \uc0\u55357 \u56471 TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): Yeah yeah I've got a couple I guess I'll just go with the first one first this is about till last sessions which are currently bound to a browser instance I can open up a TLS connection and authenticate with the the apis van. TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com):\'a0 close my. TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): My window don't quit the browser just close those items and somebody else can come to that shared workstation open a new window or Tab and they've got the same TLS session and so they've got my permission to cetera. TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): Currently there's a way to sort of tell the browser login and then. TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): Over that TLS connection authenticate as the actual user we've sort of patch that together with tools that open like software. TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): It is a kludge because the browser's don't have the stuff built in and so we've had to do it by extension the primary one is uid. TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): I'm curious what whether this has been taken into consideration or not at this point. Samantha Matthews Chase: Probably not to the extent that you're suggesting from a security threat model perspective access to the device is taken as SS s kind of like you know the well outside of the thread model physical access to the device I mean I'm not I can't say that I'm a security expert up if they're but if you have built an extension it means that there's something in the web platform this missing that you need access to. Samantha Matthews Chase: \'A0 so we should certainly follow up and I would love. <yi_gu> re a11y: Samantha Matthews Chase: To learn about what specifically you have built such that we can expose that on the web so yeah when we follow up and we can go from there. <tallted> see https://youid.openlinksw.com/ Mike Prorock: Cool Ted is that good for a first one and then we'll roll to go Brent and then back all right cool bright. BrentZ: Yeah I have a couple questions my first one with fed CM the does the ID provider still see everywhere that the user logs in or uses the membership card. Samantha Matthews Chase: Yes yes that's correct it does but only after the user consents. <tallted> also see https://medium.com/openlink-software-blog/verifiable-identity-controlled-by-you-at-web-scale-3d66399cb114 <tallted> also also https://medium.com/virtuoso-blog/web-logic-sentences-and-the-magic-of-being-you-e2a719d01f73 Samantha Matthews Chase: So so so yes that is that is I want to say what I would call a compromise when it comes to backwards compatibility we like we like a lot of the design that you have picked the coupling holders from issuers such that you can keep the issuer's blind to the presentation but it's not the case that open ID and Samoa operates that way today so we made that compromising and substitute in order to make maintain backwards compatibility but it's not a property that we like. Samantha Matthews Chase: \'A0 and we're actively working on trying to raise the Privacy partner. Samantha Matthews Chase: I just needed interest of time I still have about a third of the deck to go through is it okay if I use the last 15 minutes to do that or is there anyone else. BrentZ: No the tech nine. Mike Prorock: It put that I see you on the Q is with yeah yeah I think there's two additional questions can be rolled Ted then Brent. TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): This is about that it may have been just covered I'm not sure I understood the answer to it my concern is along the lines of being a member of the Rebel Alliance who's logging into Galactic Empire site and I want to use my Galactic Empire identity and not expose my Rebel Alliance membership so this is partly a question of trusting that middleman is this. TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com):\'a0 how distributed is this plant. TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): Years it built to be decentralized and distributed or is it confined to the browser vendors for that sort of thing. Samantha Matthews Chase: I mean we do should we would have to get into the specifics to for me to actually answer that question in a concrete and constructive way but we know that Federation is something that is much bigger than any single browser vendor right and so it is we have we have we have constructed pet CM such that there's a passing which other browser vendors can use it to like Firefox and Safari but then in addition to that we also know that you can log into. Samantha Matthews Chase: \'A0 website you can log into net. Samantha Matthews Chase: Over your desktop and then go through Android phone and use it to using Federation right and so we have constructed fed cm in such a way that we expect it to be something that is available not only across browser vendors but also across operating systems so so we expect it to be you know it's already desire for this to be pushed down into the stack all the way to operating systems such to Android iOS windows and Linux can can be that intermediator too. Samantha Matthews Chase: \'A0 so I don't know if that answers your questions but. Samantha Matthews Chase: I it we certainly sir. TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): Almost it sounds like my personal laptop could serve as. TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): The mediator which would allow me I think to be private or at least that would be the place where both my Rebel Alliance and Empire membership cards could be stored and I could choose clearly and not reveal to anybody else that I have those both membership cards. TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com):\'a0 is that correct. Ryan Grant: +1 For deeper OS integration.\'a0 it does sound like a very safe level to operate on identity Samantha Matthews Chase: Yeah that would be correct so so if your laptop is a Linux machine then yes I would expect Linux to support this at some point if your laptop is a Mac machine then yes I would expect Mac OS to support that at some point as well as Windows and it's going to be a long term play but yes we Something That We're much like we have often right if you think about the web often play strategy web often cannot succeed unless browser vendors and or prison vendors also supported so. Samantha Matthews Chase: \'A0 it could just cannot succeed unless Linux supports web often and windows. Samantha Matthews Chase: Let's do it. Mike Prorock: Awesome cool Brent. TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): Okay thank you. BrentZ: All right so you said that the browser knows which idps the user is logged into which is cool it solves that NASCAR problem does that mean that the browser vendor also knows all of the different idps that the that the user has or is logged into or is it the local thing. Samantha Matthews Chase: Oh so this will likely vary per browser vendor so but but but if you're locked out of the your browser then likely you're not storing that information back into the browser vendor as servers in fetch him specifically today I believe that if you are logged into Google into your browser we don't send any information back to Google servers so I think it's a local it's a local thing only. Samantha Matthews Chase: \'A0 they're Engineers on the call where. Samantha Matthews Chase: Of first and smarter than myself that can maybe confirma tonight is on the chat but I believe that it yeah csee still it's one of the engineers but yes yeah I believe that the best of my knowledge it is something that is kept locally as opposed to synchronize across your devices. Mike Prorock: Awesome alright we got about 10 minutes there you want to fire into the interest because I think there's some great collection points so. <mprorock> ** starts up network sniffer ** Samantha Matthews Chase: This is likely the most interesting part I guess but it's also the least well-constructed one so stay with me a bit of a impromptu presentation here but yeah so let's let's just page back your memory this is what we have in in Chrome since 108 which was launched in November so it's still like in its infancy but this is what you have in production today that you can use right now if you wanted to as I said it sucks for a variety of reasons for one you can only use one identity provider at a time which kind of. Samantha Matthews Chase: \'A0 sucks for two like he has a lot of language here that is signing specific you know and so on. Samantha Matthews Chase: But but here but I wanted to give you a sense of projection of the things that were working on that I think will have the connection with choppy so here so here's let's so the first exercise that I went through with Dimitri at iaw left iow what's to look at Champion fed cm in turn and try to compare and contrast we were both looking at this are like huh they seem to be they seem to look at they seem to be similar things here you know what are the commonalities what are the differences here so first. Samantha Matthews Chase: \'A0 you know I think it's important. Samantha Matthews Chase: Both Champion fed CM operate as an intermediary between entities right in the charity case it's a it's a wallet selector in the FED same cases and account selector but both of them operates as a intermediate as a neutral intermediator to the user it's not an important detail but I just wanted to say that architecturally speaking chappie implements this in userland over off and but IO which is to be trusted whereas fed CM implements this in the browser but. Samantha Matthews Chase: \'A0 if you discuss an implementation detail I think Chuck it was designed such that it could find its way to browse. Samantha Matthews Chase: So what you see here is a neutral intermediator that constrains the use two specific things like choosing wallets or choosing accounts it's also similar in many ways in that it connects in intermediates to different things to different these first in the case of chappie for issuance and for presentation you have the issuer and the verifier right saying like I want to start this or I want to get this right and so which is. Samantha Matthews Chase: \'A0 Advanced GM would call a relying party meaning that it's. Samantha Matthews Chase: Say that once the users account right and then you also have in choppy this selector of wallets that you have register in the past of their do you have access to right and in fact seems formulation is what we call an identity provider right but if you look at the threat model here right someone in chappie said we should show the origin of the website which show the origin of the issues so playground the chapter that I owe that is not by. Samantha Matthews Chase: \'A0 mistake that it's there right that that is a critical thing. Samantha Matthews Chase: And then also demo dot various wallet that Dev it's also not by mistake that that orange is over there because that is the threat model that you have I'll put aside the rest of the ux because I think it's easier to see the connection between the two now these are the commonalities perhaps a differences are like I said some of the language here right so for one chappie is you know it's presented to the user as a wallet selector whereas fed cm is predictably users an account selector in chappie you are able to have multiple wallets rights. Samantha Matthews Chase: \'A0 if that's him right now you can only pick accounts from a single identity provider like I said you have the wallet language. Samantha Matthews Chase: Some of the. Samantha Matthews Chase: Choices you know one is a modal dialog the others and all modal dialog chappie has a really interesting property of allowing what is to be registered as opposed to announced breastfed CM still operates in a model in which the relying party has to announce which I didn't provide is it won't work what's work with chappie can work with Native apps whereas potassium only works called providers okay but those are the differences but I wanted to give you a sense of the work that we're doing because I think that as we finish that work. Samantha Matthews Chase: \'A0 work a lot of these differences are going to be decreasing so for one we're working on this thing. Samantha Matthews Chase: Identity provider API which allows you to which allows our website to say I can take accounts from all these many different identity providers so what you see here in the specific Mark is it's very subtle so apologies for just being hard to read here but you see accounts coming from fat see em that shit chappie wallet won't a glitched on me which is a different origin from web idea that fat CM that this glitch about me meaning that these are accounts coming from different Origins right just imagine these being Facebook and Google. Samantha Matthews Chase: \'A0 or Facebook and Twitter right but accounts from coming from multiple identity providers. Samantha Matthews Chase: We have the. Samantha Matthews Chase: Well behind a flag and we expect to watch this as soon as we can you see here a bit of a demo what that looks like you know it's probably hard to read but this is this is one way in which you can have an identity provider in addition to Google as an identity provider embedded within the same UI dialogue so you see that this is the Google account wasn't come was before okay so with that I think we crossed out one of the. Samantha Matthews Chase: \'A0 Frances that chappie has multiple wallets in 50m can have. Samantha Matthews Chase: Just now multiply deep identity providers. Samantha Matthews Chase: Another another API that we've been working on is something that we call the art P contacts API and that is an API that allows relying parties to be more explicit about what context the fat emui problem is being is being used so like I said to you before like with membership cards and at getting access to journals and so on you know signing in isn't the action of the users taking is so RPS want the control to you know just use language that's more appropriate so. Samantha Matthews Chase: \'A0 right now we have four different options that we implemented you can. Samantha Matthews Chase: Language which is use use website with your identity provider or continue to website with your identity provider in addition to signing in in signing up so this gives our Peas the ability to you know just use different language in the dialogue and I think with that I think it's easy to kind of like incrementally add like a at wallet context or you know a % % credential kind of thing where. Samantha Matthews Chase: \'A0 we're we can move away. Samantha Matthews Chase: Fans from the language of identity providers and signing in for language where you can connect with a wallet like language and with that I think we cross all of a bunch of differences to I wanted to show you two like a small prototype that we built for what we call the identity provider registry API but it's an API that looks a lot like if you ever use register protocol Handler it's a very similar API but it's an API that allows an identity provider to register itself it's. Samantha Matthews Chase: \'A0 to ask for the user's permission to be an identity provider and in doing so allows relying parties. <orie> ha, register protocol handler.... https://github.com/whatwg/html/issues/5561 Samantha Matthews Chase: For any registered provider as opposed to having to name them so if you look at the developer console here the API was called in a way that the providers weren't named in that you didn't call for Google as an identity provider or Facebook is a knitted provider it presupposes that you have registered identity providers and that's really wonderful for a variety of reasons in that you can bring your own identity provider to websites but I think we'll see once we do that then it's isomorphic to wallet. Samantha Matthews Chase: Okay so with that then we can I think we can also do well at registration so if you remove then all the differences then if you if you make a projection where it fits him is going to be like in a few in a few in a few quarters perhaps at the end of the year then it's likely that we're going to find fewer of these differences between champion and fed cm and so on can we only have a couple more minutes so I just wanted to perhaps and with. <orie> See also https://github.com/whatwg/html/pull/5482 Samantha Matthews Chase: \'A0 this with this like perhaps because I think it's perhaps the most goals concrete one to bring to this group here. Samantha Matthews Chase: I just wanted to kind of like put it on there like Fitz can compete with cross arching tracking and cook third-party cookies and postmessage not with chappie per se so I think what I mean imagine is more like a chappie overfed CM like chappie using fed cm is a third party cookies more so than chappie fetch a meal replacement of chappie and for the large extent it would be wonderful if we could make things backwards compatible so what I mean imagine is more like trying to remove the the the. Samantha Matthews Chase: \'A0 the awkward parts of chappie being off that are your own interpreter. Samantha Matthews Chase: Is our third particle. Samantha Matthews Chase: Right but maintained and exchange that to fetch him calls but maintain backwards compatibility between wallets issues and verifier such that they don't have to know that that change happened okay I think I'm going to end here because I think I'm going to run all the time I'm not sure. Mike Prorock: Yeah now we're right at the top and I think this is a great ending spot Manu I see you on you I'll let you get probably the second last word outside of my thanks so. Dave Longley: +1 Thanks, Sam! <harrison_tang> Thank you, Sam!! Manu Sporny: Great thanks yeah just just add thank you Sam that was fantastic thank you for going through all of that and thank you for you know having the slides available so we can go back and review this is fantastic I think that the takeaway to the ccg or for the ccg is that you know there's active work on doing this kind of alignment we don't know if it's going to work out yet but it's headed in a great direction as same demonstrated we're trying to close the gap here. Manu Sporny: \'A0 we're in an able you know chappie to have more native. <saumya> thanks Sam Manu Sporny: It can call and ideally get to this point where we have you no choice of IDP choice of all its election that kind of thing still quite a bit to go to get there but I think it's great that the Chrome team you know and Sam has put together a plan on how we could possibly get there so thank you Sam for kind presenting again. <anil_john_[us/dhs/svip]> Enabling Individuals the ability to control the selection of wallets is a HUGE +1 for me (and for DHS USCIS digital credential issuance) <bumblefudge> thanks so much, Sam! Mike Prorock: Yeah no this was excellent really really appreciate the time I think the ten thousand dollar question is you know can we get kind of native detached verifiable credential support via fed cm in some capacity in the future obviously yet to be seen but really really appreciate the time I think there's a huge amount of alignment and love the direction you guys are going I think it's I think you're asking a lot of the right questions and just once again really really. Mike Prorock: \'A0 appreciate this and just noting and Nils comments in the chat there. Mike Prorock: There's a lot. Mike Prorock: Use cases especially gov use cases for selection of wallets right can the user select where they are storing things and what they're actually disclosing and more of that older style model rather than the photo model so thanks again and once again just much appreciated so. Samantha Matthews Chase: Absolutely thanks for having me. Mike Prorock: Kill recording now.
Received on Friday, 27 January 2023 23:56:57 UTC