[MINUTES] W3C CCG Credentials CG Call - 2023-01-24

Thanks to Our Robot Overlords and Our Robot Overlords for scribing this week!

The transcript for the call is now available here:

https://w3c-ccg.github.io/meetings/2023-01-24/

Full text of the discussion follows for W3C archival purposes.
Audio of the meeting is available at the following location:

https://w3c-ccg.github.io/meetings/2023-01-24/audio.ogg

----------------------------------------------------------------
W3C CCG Weekly Teleconference Transcript for 2023-01-24

Agenda:
  https://www.w3.org/Search/Mail/Public/advanced_search?hdr-1-name=subject&hdr-1-query=%5BAGENDA&period_month=Jan&period_year=2023&index-grp=Public__FULL&index-type=t&type-index=public-credentials&resultsperpage=20&sortby=date
Topics:
  1. Introductions and Reintroductions
  2. Announcements
  3. CHAPI over FedCM
Organizer:
  Mike Prorock, Kimberly Linson, Harrison Tang
Scribe:
  Our Robot Overlords and Our Robot Overlords
Present:
  Mike Prorock, Orie Steele, Jennie Meier, Samantha Matthews Chase, 
  Brian Richter, Harrison Tang, Chandi Cumaranatunge, Anil John, 
  Will, Sandy Aggarwal, Zachary Tan, Dave Longley, Phil L (P1), Yi 
  Gu, Manu Sporny, John Henderson, Alan Karp, Erica Connell, 
  Gregory Natran, Kimberly Linson, Paul Dietrich GS1, Matt Maggard, 
  Stuart Freeman, FedCM, TallTed // Ted Thibodeau (he/him) 
  (OpenLinkSw.com), Andrew Whitehead, Ryan Grant, BrentZ, Dmitri 
  Zagidulin, Joe Andrieu, Markus Sabadello, Andres, Nate Otto, 
  Kayode Ezike, John Kuo, julien fraichot, James Chartrand, Bryan 
  Luisana, Rebecca Busacca, Territorium, Jeff O - HumanOS, Kerri 
  Lemoie, Mahmoud Alkhraishi, Lucy Yang, David I. Lehn, Juan 
  Caballero, Bob Wyman, Rishi, Nikos Fotiou, Saumya, J Chao, Keith 
  Kowal, Ted Thibodeau

<orie> Hey Sam :)
Our Robot Overlords are scribing.
Mike Prorock:  See manner I see it said that it's started I saw 
  it may have started the transcriber.
Mike Prorock:  We stopped recording and try to restart it here.
Manu Sporny:  We could restart the bridge that will usually do it 
  before everyone else.
Our Robot Overlords are scribing.
Manu Sporny:  There we go.
Mike Prorock: 
  https://lists.w3.org/Archives/Public/public-credentials/2023Jan/0043.html
Mike Prorock:  All right awesome cool thank you all and welcome 
  to the public credentials good old ccg meeting for the week here 
  it is Tuesday January 24th just after 10:00 a.m. my time the 
  we're main topic for today is covering fed CM so Sam go to will 
  be talking through that topic so we'll be handing the ball over 
  to him.
Mike Prorock: \'A0 in a.
Mike Prorock: https://www.w3.org/Consortium/cepc/
Mike Prorock:  To talk about that which I am sure many of us have 
  interested just a quick reminder that this meeting as with all 
  meetings and business with w3c is covered under the code of 
  ethics and professional conduct we typically don't have issues 
  with that here but I do like to call that out I do also want to 
  note from an intellectual property standpoint that anyone can 
  participate in these calls however if you're actually 
  contributing in any way shape or form to Assisi.
Mike Prorock: \'A0 e work item you must be.
Mike Prorock: https://www.w3.org/community/credentials/join
Mike Prorock:  With an IPR agreement signed and it's pretty 
  reasonably straightforward and I'll put the link to join in if 
  you are not a member the we are taking a recording of this and it 
  will be posted to our GitHub we do also use the chat to Q so in 
  the chat or if you're connected to the IRC Bridge you can just 
  type Q followed by plus and it will add you to the Q the letter 
  q.
Mike Prorock: \'A0 q that is plus symbol or.
Mike Prorock:  Cue the minus symbol to remove yourself from the 
  queue we do try to keep things efficient here so do be mindful 
  that other folks may be queuing up I think the hand-raised 
  function is still Linked In nicely to queuing so just so you know 
  if you do pop your hand up I'm going to see it don't worry I am 
  moderating the chat and we'll call on folks as we get the good 
  natural break points for questions so with that I am going to 
  pause and just see if there's any.
Mike Prorock: \'A0 ins for anyone new to this call that has not.
Mike Prorock:  So call today and would like to introduce 
  themselves to the group or folks that have changed affiliations 
  or jobs and would like to let the community know.

Topic: Introductions and Reintroductions

<bryan_luisana> Hello, this is my first meeting.\'a0 I am the new 
  Director of Engineering for Transmute.
Mike Prorock:  Pause here and not seeing any I will note that 
  don't be shy if this is your first meeting you can always if you 
  queue up for instance say hey first meeting here and there's 
  plenty of friendly people here that are happy to intro you two 
  things you may or may not need to know about ccg with that any 
  announcements or reminders from the community any kind of key 
  topics folks should be aware of.
Mike Prorock:  Um oh and I do see an intro before we move into 
  that Brian you want to speak up do you see a new director of 
  engineering for transmute welcome to come off mute and say hi.
Bryan_Luisana: Hello can you hear me.
Bryan_Luisana: Yeah yeah just want to say hello this is obviously 
  my first meeting I started full-time work with transmute this 
  week and yeah and I'm working hand-in-hand to the Orient he asked 
  me to come in here to try to get acclimated to the community.
<manu_sporny> Welcome Bryan! :)
Dave Longley: +1 Welcome, Bryan!
<kerri_lemoie> Welcome Bryan!
Mike Prorock:  Awesome well great to have you and I enjoy 
  collaborating with Ori whenever I get the chance so you're in 
  good company and I could say the same pretty much with everyone 
  in the community here so it's a good crowd so great to have you 
  and looking forward to contributions over time as you get your 
  feet feet under you here.
Bryan_Luisana: Thanks a lot.
<anil_john_[us/dhs/svip]> Welcome Bryan!

Topic: Announcements

Mike Prorock:  All right with that any announcements from folks.
Mike Prorock:  Mr Man Who.
<anil_john_[us/dhs/svip]> LOL
Manu Sporny:  Thanks Mike just real quick a reminder that the 
  verifiable credentials working group meeting is coming up in 
  Miami and mid-February so if you have not booked your tickets and 
  stuff like that and you intended to go reminder that it is you 
  have to be a w3c member to attend or you have to be invited in by 
  the chairs much in the way vampires work so if you.
Manu Sporny: \'A0 you are coming make sure that.
Manu Sporny:  In the lined up that's it.
<phil_l_(p1)> @manu link to reg details?
Mike Prorock:  Yeah thanks thanks very much for that and the if I 
  can skip my wife's birthday for that meeting I am just going to 
  put that as that's should say the level of relative importance as 
  far as how I think that meanings going to go so I plan on being 
  there so I would encourage anyone who is able to join to do so 
  any other announcements before we move into the main agenda for 
  the day.
Mike Prorock: 
  https://lists.w3.org/Archives/Public/public-credentials/2023Jan/0069.html

Topic: CHAPI over FedCM

Mike Prorock:  I'm not seeing any we are going to pass it over to 
  mr. Sam to talk about fed CM I just put a link in the chat here 
  to the slides that man who thankfully sent out to the list here 
  so if you want to pull a copy of the slides you are welcome too 
  and with that Sam over to you.
<mprorock> All, i am watching Queue and will break in at 
  appropriate points for Q&A
Samantha Matthews Chase:  All right well thank you so much for 
  having me I'm super excited to be here man who came to the fella 
  dcg a couple weeks ago and it was just very we just had a 
  wonderful conversation there and so it felt like it was a good 
  time for me to to do the reverse and come to meet you all in the 
  get to know you all so I'm super excited about that my name is 
  senne go to I work at Google I've been at Google for a long time.
Samantha Matthews Chase: \'A0 I worked with mono in the past when 
  I was in Google search doing standards for.
Samantha Matthews Chase:  With Jason Aldean crawling the web and 
  I know a bunch of stuff in this call to so just wonderful to see 
  a lot of you all from the years that I've been involved in web 
  standards but for the last six years or so I came to the Chrome 
  team to do web standards for browsers as opposed to search 
  engines so that's what brings me here today so let me see if I 
  can present see if it can go from there.
Samantha Matthews Chase: \'A0 let's see.
Mike Prorock:  You are coming through so.
Mike Prorock:  Yep y'all good.
Samantha Matthews Chase:  Wonderful all right okay so so I meant 
  this more as a kind of like opening a conversation or so the 
  presentation is so feel free to you know stop me and just kick 
  off conversations as we go along you know the slides are just 
  mostly just a tree points for discussion more so than you know a 
  cohesive and coherent stream of thought is so please feel free to 
  just stop me at any time and and we can go from there.
Samantha Matthews Chase: \'A0 but if.
Samantha Matthews Chase:  Probably content enough for me to talk 
  over so I figured it may be useful for you all to get a sense of 
  what fetch him is in what context it was constructed in what 
  context is operates just kind of like a brief introduction you 
  know where it's at but also kind of get a sense of you know why 
  is it that we build it and where do we expect it to go what 
  opportunities are we excited about it so like a little bit of a 
  sense of.
Samantha Matthews Chase: \'A0 trajectory in the reason if in 
  trajectory is.
Samantha Matthews Chase:  I think you'll find that some of the 
  things that we're excited about I think has an intersection with 
  the things that this community is excited about it so I try to I 
  try to build like a list of shared interests or things that we 
  seem to be agreeing with each other or excited about to and then 
  just so that we are realistic about things also a list of things 
  that we may be intention about.
Samantha Matthews Chase: \'A0 there is it isn't a long list so.
Samantha Matthews Chase:  Hopefully hopefully what we can talk 
  about through these so with that then let me just get started so 
  sort of Court part presentation you know what's what's fed CM 
  introduction about it a bit of a we expect it to go and then how 
  I think there's an intersection with choppy and Perhaps Perhaps 
  the places in which there isn't an intersection choppy.
Samantha Matthews Chase: \'A0 okay so just.
Samantha Matthews Chase:  Section about fit CM any questions so 
  far anyone that's just seemed like a reasonable agenda.
Samantha Matthews Chase:  Cut cut cut you to ask questions in the 
  chat there will we have there there are few Engineers fxcm 
  Engineers on the call with so they may be able to to answer in 
  the queue okay okay so what's fat CM so I guess I guess most of 
  you are all of you are very well versed in the space here so 
  Federation needs no introduction to you all but just to.
Samantha Matthews Chase: \'A0 to contextualize things.
Samantha Matthews Chase:  Federation at least for Consumer 
  consumers being one of the two ways in which you can create 
  accounts with websites you know you can use usernames and 
  passwords or you can use Federation any using username passwords 
  are typically these are backed by e-mail verification or phone 
  number verification so at the core of like creating crania 
  Council website you have only these two mechanisms and in we and.
Samantha Matthews Chase: \'A0 while Federation has its 
  challenges.
Samantha Matthews Chase:  We think it has it has benefits over 
  usernames and passwords so it felt like something worth 
  preserving and maintaining on the web past keys are are evolving 
  a lot to and making usernames and passwords a lot better in many 
  ways it's so this is a moving Target but in and on itself we felt 
  like Federation is something that's worth it seemed like good for 
  the web.
Samantha Matthews Chase:  Or the contest go in which fat cm is in 
  is that Federation as as you will find CHAPI to was was built was 
  designed unintentionally on what browser vendors called low level 
  Primitives these are things like iframes third-party cookies and 
  redirects these are these are low level Primitives because their 
  general purpose the they are general purpose Primitives that can 
  be used for.
Samantha Matthews Chase: \'A0 or a variety of things and just by 
  accident one of the things that.
Samantha Matthews Chase:  Used and abused by the ecosystem is 
  cross-site tracking so cross sidetracking has become a problem on 
  the web and it's the large likely the most active area of 
  Investigation for for web browsers Safari and Firefox and chrome 
  all pushing very hard on preventing tracking on the web and what 
  in the big the big problem is that we call this the 
  classification problem.
Samantha Matthews Chase: \'A0 because as far as a web browser is 
  configured.
Samantha Matthews Chase:  It doesn't know the distinction between 
  tracking versus reasonable uses of vulnerable Primitives because 
  the smaller the classification problem because browsers are 
  having a hard time preventing tracking while maintaining and 
  preserving the valid uses of these Primitives one of which being 
  things like creating accounts or websites with third-party 
  identity providers.
Samantha Matthews Chase:  So you will see specifically in things 
  like chappie for example that uses these low-level Primitives you 
  know them being postmessage iframe third-party cookies and but 
  window pops the browser vendors are more and more trying to 
  constrain in and mitigate tracking and in doing so having an 
  effect unintended effect on values cases so for chapter 
  specifically.
Samantha Matthews Chase: \'A0 in the absence of third party 
  cookies.
<dave_longley> your interpretation is right, Sam
Samantha Matthews Chase:  Think correct me if I'm wrong this is 
  just my interpretation in understanding of chappie so please 
  please do correct me if I might interject interpretation is 
  incorrect here but much like other places in Federation in the 
  absence third-party cookies the protocols that they great they 
  degrade gracefully invite the grading I mean that they lead to an 
  to a user experience that is suboptimal in this specific case you 
  know chappie opens a pop-up window is opposed.
Samantha Matthews Chase: \'A0 so an iframe because pop-up window.
Samantha Matthews Chase:  Are loaded as first-party context as 
  opposed to third-party context and in doing so it has access to 
  first-party cookies but in doing so also you know it also exposes 
  the user unnecessarily to authn.io which is a mediator but it's 
  permitted it's mostly a something that is to be kept you know you 
  know I'll wait outside of what the user needs to know but because 
  pop up.
Samantha Matthews Chase: \'A0 Windows do take.
Samantha Matthews Chase:  The page that that's something that 
  they used is exposed not only from a kind of like user experience 
  perspective but also like the pop-up window per se is probably 
  more disruptive than an iframe by gracefully I mean that why do 
  it degrades it kind of still works it's not like it's the end of 
  the world it partially works and so this is choppy specifically 
  Federation open ID connect and Samuel specifically also the great 
  gracefully and for the most part also work but.
Samantha Matthews Chase: \'A0 break enough that it's worth 
  looking into in providing alternatives to Turf.
<manu_sporny> Yes, great summary of the challenge, Sam.
Samantha Matthews Chase:  That that would perhaps make this 
  process a little bit better so that's the context in which fed cm 
  is in the context in which fed cm is in is that browser vendors 
  are making interventions on third-party cookies and cross-site 
  communication and in doing so it's causing pain for deployment of 
  federation so what phet SIM is is its high level I did you.
Samantha Matthews Chase: \'A0 Eric Brown cherry pie so it's a.
Samantha Matthews Chase:  I but it's one that makes a trade-off 
  between extensibility and control so it's not as expressive as 
  third-party cookies in iframes and postmessage this less 
  expressive than that but it's but because of because it's able to 
  narrow the the language and expressivity it's able to offer the 
  user more control so so so fat Sam is a web platform API so so 
  think of it as an alternative to you know third-party cookies of 
  purpose message.
Samantha Matthews Chase: \'A0 we have always thought of FedCM as 
  kind of like this choose.
Samantha Matthews Chase:  Play meaning that you know it's a it's 
  first and foremost the preservation play you know meaning that 
  there are things in the ecosystem that exists that should be 
  preserved and we don't want it to break so open a disconnect and 
  Sam was specifically their parts of it you know where you have 
  billions of users using it to like from Channel log out or other 
  things that you know these are things that are worth preserving 
  because we don't want to steer users towards usernames and 
  passwords.
Samantha Matthews Chase: \'A0 especially acquiring global global 
  email.
Samantha Matthews Chase:  So there's this there's much to be 
  preserved here but then we always thought that in the process of 
  preservation in the process of making so that we're not breaking 
  the things that exist it would be good to make it so that you 
  know once we take that step it allows us to do things that we 
  wouldn't be able to do otherwise their Federation has massive 
  amount of problems and we thought that maybe by introducing the 
  browser as a neutral intermediator that maybe it would enable 
  things to be.
Samantha Matthews Chase: \'A0 done that wasn't possible.
Samantha Matthews Chase:  The most concrete example is the Nazca 
  flag problem that's got a flag problem with you're all very 
  familiar with because chappie you know it's it's a problem that 
  requires a neutral intermediator you know in your case you'll be 
  invented often dot IO but in fact CM we've constructed that in 
  the browser itself so that it's because they do you don't have to 
  introduce a new origin but it can only be done right because you 
  because you have this neutral party that.
Samantha Matthews Chase: \'A0 it allows identity providers to 
  coordinate.
Samantha Matthews Chase:  That's a bit abstract so I need to turn 
  that into something concrete so but this is precisely concretely 
  what fat skin is actually in production today if you try it so if 
  you went to Chrome stable right if you're using Chrome or very or 
  variant of chrome then it's likely that you will start seeing 
  some of these account Chooser widgets that allows you to log into 
  websites with your identity provider accounts in this specific 
  case.
Samantha Matthews Chase: \'A0 is recipe website.com being a 
  relying party.
<mprorock> shades of what SAML wanted to be
Samantha Matthews Chase:  Being the identity provider but here 
  you see kind of like a brochure mediated you I come in from the 
  bottom you know suggesting your Google accounts to log into 
  recipe website you can pick one of them and it looks like an 
  account Chooser it's partially is and it's constructing such a 
  way that the identity provider doesn't learn about the user going 
  to recipe website up until the point in which the user clicks 
  continuous Eliza meaning that.
Samantha Matthews Chase: \'A0 that it cannot be abused track 
  users over the web.
Samantha Matthews Chase:  This is what it looks like on desktop 
  so so you know it's it doesn't take a lot of imagination you know 
  looks like an account shows are coming up from the from the top 
  this is what it looks like in production so we ran experiments 
  and production experiments with actual websites here you see 
  Peterson Canada and google.com in production but this is what the 
  user experience is more or less like this is what you should use.
Samantha Matthews Chase: \'A0 you're going to start seeing as 
  Google sign in and pin.
Samantha Matthews Chase:  The website start running up we expect 
  that to be done in the next year or so your preparation for the 
  deprecated or party cookies but you know it looks more or less 
  like an account Chooser that pops up for the bottom or from the 
  top right and then you picking one of those accounts you are able 
  to sign into Pinterest.
Samantha Matthews Chase:  Have you all so far.
<manu_sporny> Yes, all good!
Samantha Matthews Chase:  Any any any questions.
<orie> amazing!
Dave Longley: +1 Following along, great presentation.
Mike Prorock:  Very much so I'm not seeing anyone on the Queue 
  but I did have a question I was just about to keep myself to ask 
  you know one of the things you mentioned around 
  privacy-preserving was like oh and then they don't know who you 
  are until you click continue right do you have a mechanism to 
  cover cases where you may want to just signify that the user was 
  say of age or authenticated or some other flag without.
Mike Prorock: \'A0 feeling any other information.
Mike Prorock:  Because this is something that's come up with like 
  I'm thinking of like state of Louisiana legislation recently and 
  some other areas are you looking at those use cases as well or is 
  it primarily to authenticate and actually attached to a user 
  profile for instance.
Mike Prorock:  Excellent perfect well the areola.
Samantha Matthews Chase:  Oh that's a perfect segue to the to the 
  to the the next few slides yeah that's so let me let me save that 
  answer to the next was like sorry I did I get that uh perhaps 
  Dave had a question.
Samantha Matthews Chase: \'A0 I'll just.
Samantha Matthews Chase:  Along other shoes just continue okay 
  okay okay so yeah that's that's what I'm glad that I've connected 
  the flights in a good way then because that will precisely give 
  us that that's precisely what I will go over forward so perhaps 
  the first observation to be made here in terms of trajectory is 
  that we think of fed CM we used to call this web ID and 
  internally large extent we still call this web identity but we 
  think of web identity.
Samantha Matthews Chase: \'A0 T identity as a thing.
<mprorock> gonna let the "where we going" slides roll and then 
  start running through queue
Samantha Matthews Chase:  No to authentication and we like that 
  there are two apis that have did that they do what their name say 
  that they do meaning that we have web often who is just making 
  wonderful progress towards authenticating users to the web in an 
  extremely privacy-preserving way and extremely Safe Way with 
  passkeys and public-private crypto right so we are seeing just.
Samantha Matthews Chase: \'A0 that web often wasn't up until.
Samantha Matthews Chase:  As recoverable as Federation so 
  Federation bundled both on identification as well as 
  identification so it is the case that Federation today is used 
  for signing into websites but if I had to make a projection I 
  would expect a lot of the signing into websites with we 
  Federation to move towards a more secure and private mechanisms 
  such as passkeys so you know we were.
Samantha Matthews Chase: \'A0 working really hard and this is I'm 
  not a direct.
Samantha Matthews Chase:  To web often but I'm within the group 
  that is but we I can say collectively like we're working really 
  hard as browser vendors to make web often extremely successful 
  right it has all the right properties when it comes to 
  authentication and creating and creating accounts websites 
  meaning you know like it discloses as little as possible from the 
  user right it doesn't share the users email or Globe identifiers 
  you know the private keys are directed you know public/private 
  key cryptography.
Samantha Matthews Chase: \'A0 much better than most things 
  combined and it's the user experience is seamless in.
Samantha Matthews Chase:  Wonderful because it's proportional to 
  the amount of risk that users taking right so the first 
  separation perhaps to be made which I think is useful is to know 
  that from a projection perspective we expect and want web off and 
  succeed in allowing users to create a council websites and we 
  expect web identity to to deal with with with with your identity 
  so just that separation is a we.
Samantha Matthews Chase: \'A0 acted to be important as we go 
  along now.
Samantha Matthews Chase:  It's a bit too abstract so let me try 
  to make this into a little bit more concrete so first right like 
  the you creating user names and passwords it's always predicated 
  on something as recoverable as as an email address verification 
  or phone number verification I'm also the editor for web OTP that 
  does this verification phone numbers and email addresses but the 
  but the the idea.
Samantha Matthews Chase:  Fetch him to be something that allows 
  you to express yourself in many different ways so so obviously 
  Federation is much larger than Google itself as you all know it 
  was probably actually the second or third identity provider so 
  you know we're working hard to make it so that identity providers 
  like Facebook and Twitter and apple you know see value in fat cm 
  and in find ways to have their users represented in such a way 
  that it can take there.
Samantha Matthews Chase: \'A0 their accounts their Facebook and 
  Twitter and if Apple accounts into websites.
Samantha Matthews Chase:  We constructed fetch him such that it's 
  not bound to Google as an identity provider because we know that 
  the Federation is much larger than Google and we think that one 
  of the things that we're excited about which I think has a big 
  connection with choppy is that you know it's you know it's it's 
  there's a reason why there's a NASCAR flag right the reason why 
  there's an extra flag is because you know not all users are 
  Facebook users not all users.
Samantha Matthews Chase: \'A0 these are Google users.
Samantha Matthews Chase:  Users have present themselves in one 
  way or another in Choice here I think is it's a good thing to 
  have right but that's our flag has become unsustainable because 
  only so many identity providers can be shown in a four or five 
  role of buttons but if we pretty Kate the if we predicate didn't 
  ask her flag over a counselor you're logged into other two uses 
  and it any provider then the Nazca flat can be much larger almost 
  like an.
Samantha Matthews Chase: \'A0 'not shelf like Amazon's play.
Samantha Matthews Chase:  Have smaller identity providers show up 
  in this list just because users are logged into them so that 
  smaller identity providers can be in this list because it won't 
  they want to be on the way of all the users just users of that at 
  specific identity providers so once you once you may call 
  identity providers kind of like conform and have a uniform 
  interface then it means you can aggregating them in ways that you 
  weren't able before.
Samantha Matthews Chase: \'A0 right and this is what.
Samantha Matthews Chase:  Like about you know you know preserving 
  Federation but doing so in a way that can put you in a place that 
  you wouldn't be able to reach before right so just because you 
  can make the identity providers conform to a uniform interface it 
  means that you can aggregate over them and that might give you 
  the ability to do we've been calling this the multi-port in each 
  provider account Chooser meaning that it's an account culture 
  that can aggregate over all your identities.
<dave_longley> we might want to go to the queue soon before the 
  topic changes too much
Samantha Matthews Chase:  You know just just from a industry from 
  a ecosystem perspective I talked a lot about the social widget 
  like use cases which are largely open ID but there's a there's a 
  Master model deployment of sam'l on the web for students that use 
  their students identities IDs to access University academic 
  resources you know if you.
Samantha Matthews Chase: \'A0 you are students.
Samantha Matthews Chase:  And you'll likely have your MIT or 
  Stanford identity identity and because of that you're able to 
  access things like academic journals for example so so Samuel 
  also parts of sam'l also breaks or degrades gracefully in the 
  absence third-party cookies and is expected to break more as it 
  as browser vendors are making bigger and positions over tracking 
  and so we're working with the salmon.
Samantha Matthews Chase: \'A0 Community to find ways to.
Samantha Matthews Chase:  You know move them away from this 
  general purpose Primitives that are that are that are being you 
  know under under constrained under attack and move them towards a 
  place in which it's a more you know of a more identity specific 
  place you know have in the browser know more about the users 
  identity card such that this can this can be less less less prone 
  to be I did immediately mitigations.
Samantha Matthews Chase: \'A0 so Samuel just takes.
Samantha Matthews Chase:  Certain aspect of it seems work.
Samantha Matthews Chase:  What's a finding that a lot of people 
  have been using open ID and an auto-off to enable things that 
  we've been calling this membership identity cards because the the 
  ACT here isn't so much to log into Publishers but it's to just 
  prove to just to bring your membership card such that you can 
  unlock something so you know the before Twitter 44.
Samantha Matthews Chase: \'A0 before the recent changes.
Samantha Matthews Chase:  Twitter had this Twitter blue product 
  that as a Twitter blue subscriber you were able to unlock ads on 
  Publishers because you're a Twitter blue subscriber right and it 
  relied on third-party cookies and but somebody act here isn't so 
  much to log into the Atlantic the ACT here is to use your Twitter 
  blue account on the Atlantic such that you can have an ad-free 
  experience so so it's more fun.
Samantha Matthews Chase: \'A0 kind of like I'm a member of a club 
  kind of kind of kind of.
Samantha Matthews Chase:  More so than necessarily that the user 
  identity is being exchanged to the to the to the Atlantic which 
  is similar to The sam'l Proposition in that you're you're just 
  you just want to unlock content as opposed to sign in okay now 
  that I've been about the the sense of attributes Beyond Identity 
  or things of things along the lines of driver's license and so on 
  so.
Samantha Matthews Chase: \'A0 so it's the case that.
Samantha Matthews Chase:  Is that both open ID and off allow you 
  to be expressive about the things that are exchanged between 
  relying parties and identity providers right so well off with off 
  Scopes and open ID with the claims attribute you're able to say 
  is a relying party you know I want only this many things from the 
  from the identity provider this is extremely useful to us we 
  think because we want to minimize that as much as possible right 
  now Fat Sam is very constrained.
Samantha Matthews Chase: \'A0 I'm in that it's.
Samantha Matthews Chase:  Changing this thus for bits of 
  information that you know the user's name email address perfect 
  picture and user ID and we want to make it so that you can 
  construct things such that the website can ask for fewer things 
  right maybe they don't maybe don't need the users email address 
  in order to continue or even perhaps more things like maybe they 
  don't need the users email address for the elect the users phone 
  number right all the way to things like perhaps just getting the.
Samantha Matthews Chase: \'A0 the users age as opposed to the 
  users email address so there's there's a.
Samantha Matthews Chase:  A stream of.
Samantha Matthews Chase:  Of Investigation which is which is 
  looking into into selectively being able to disclose as little or 
  as you as little information as necessary for you to get your job 
  done.
Samantha Matthews Chase:  Mike's this more or less called this is 
  where I was.
Mike Prorock:  It does and we've got a little bit of a q stacking 
  up are you okay for some questions here.
Samantha Matthews Chase:  If you don't mind I'd let me just 
  finish the section and then I can I can stop at the section at 
  the break of the section because I think I only have a couple 
  more slides okay so just to just to wrap up this in a couple more 
  slides into section here but one of the one of the kind of like 
  you know browser mediated apis have their flaws you know you're 
  always it's the accessibility Manifesto challenge.
Samantha Matthews Chase: \'A0 no the trade-off between the.
<mprorock> question for later if we get to it - phone home... 
  live query of who/which site is asking against the authorizer
Samantha Matthews Chase:  Hi low level Primitives is a trade-off 
  between accessibility expressivity and control but so so we are 
  aware that you know if it's him will always be behind in terms of 
  what it can express in comparison to HTML JavaScript and CSS but 
  the trade-off to be to take allows us to because we take identity 
  as a first class citizen right then we can use that information 
  in places that would otherwise not be accessible typically to 
  content so for.
Samantha Matthews Chase: \'A0 sample the omnibox that URL bar is 
  something that is protected as brown.
Samantha Matthews Chase:  Mediated ux but because this is an 
  identity specific flow then we can construct your ex that is 
  otherwise not available to content some of the exploration that I 
  like the most is to take identity and login status as a first 
  class citizen right into much like you have a locking status 
  indicator to your Chrome profile some of the expiration are most 
  excited about is taking staking login status to the site as a 
  first class citizen.
Samantha Matthews Chase: \'A0 if you think about.
Samantha Matthews Chase:  The web was constructed such that 
  logging in is a user land construct right the web the browser 
  doesn't know if you're logged in or website or not because 
  cookies can express a variety of things so with this we would we 
  would be able to provide user experiences that would otherwise 
  not be possible another example of a few why that is otherwise 
  inaccessible to content that wants you constrain it such that it 
  can be constrained then then then it can be made accessible.
Samantha Matthews Chase: \'A0 is autocomplete right autocomplete 
  is a browser media Dux that only browsers have.
<mprorock> e.g. a state dmv seeing that a user visited planned 
  parenthood and validated their age
Samantha Matthews Chase:  Browsers I mean all the way the user 
  stack right browser vendors and operating system vendors all the 
  way to Hardware vendors but it's vertical stack that is operating 
  on the user's behalf only gives access to these things you know 
  in a way that is very narrow so here's one example where so I'm a 
  big I'm a big guy I feel the pain of e-mail verification and 
  phone number verification so I always come back to this use case 
  but here here's one way in which perhaps you can have.
Samantha Matthews Chase: \'A0 an email provider for example make 
  a.
Samantha Matthews Chase:  It's about email addresses for example 
  or maybe phone up carriers can make verified assertions over 
  phone numbers to and in doing so perhaps you know having the user 
  skip a few steps as they are constructing their accounts alright 
  perfect this is this is the perfect this is a good break let's 
  look at the queue.
Mike Prorock:  Awesome sounds good I think Ryan Grant is up 
  first.
Ryan Grant:  Okay this is an accessibility plea in support of 
  include and exclude lists for turning this technology on and off 
  / website and to related story I have a friend with severe visual 
  impairment who also protects their personally identifying 
  information carefully and offers generally very little trust to 
  most websites this friend is a big fan of little snitch so 
  they've previously.
Ryan Grant: \'A0 obviously related to me.
Mike Prorock: +1 Thank you rgrant! huge topic and everyone 
  forgets about it
Ryan Grant:  They are always terrified that they will 
  accidentally offer their identity to a website that they would 
  prefer to not trust in any way because of the way that these 
  requests pop up and I have also personally now noticed that I'm 
  declining these dialogues multiple times per day due to the way I 
  reset my pii when I engage with websites or kind of directed 
  there from elsewhere but I have no intention to share my.
Ryan Grant: \'A0 e with this website and so I am also.
Ryan Grant:  Not to click that button and looking for the little 
  button over in the corner it's like get away from sharing with 
  somebody I don't want to share with and I feel I'm being judged 
  in a then the wrong way so my question is to restate it what 
  accessibility affordances such as an include and exclude list are 
  being considered to help users like my friend and myself use the 
  web as we prefer to thank you.
Samantha Matthews Chase:  Yeah that's that's a wonderful question 
  thanks for asking I think in many ways the the user agent or the 
  browser is closer to following your interests in comparison to 
  Identity providers this so I would expect that as we as we as as 
  the as the user agent is able to inter mediate the The Exchange.
Samantha Matthews Chase: \'A0 between identity providers in it 
  reliable.
Samantha Matthews Chase:  He's it's able to better represent your 
  needs and your interests in the form of for example browser 
  settings for example that it's able to disable this for all the 
  websites you know or perhaps make them less less prominent in the 
  UI or perhaps have more control over them so fat same right now 
  does have some of these settings I can't say that it's probably 
  won't meet your bar but I think from a trajectory and.
Samantha Matthews Chase: \'A0 Direction perspective it's.
Samantha Matthews Chase:  Actually speaking it's it's easier to 
  have the one intermediator control over all the identity 
  providers right in in representing your needs then to have all 
  the identity providers do that by themselves or to regulation and 
  so if I hear you and I believe that from a direction perspective 
  we're going to be in a better place than we are with the status 
  quo Heaven having these things be done in.
Samantha Matthews Chase: \'A0 use our land as opposed to browser 
  land.
Ryan Grant:  I'm I'm not sure that I think you're saying having 
  it done in user land instead of browser land will be better but I 
  certainly have not seen things get better and I don't know where 
  any of those related options are that I would need so I don't see 
  them right now.
Samantha Matthews Chase:  It was more of a trajectory and structs 
  Architectural argument then a snapshot argument I think I think 
  if you look at the ecosystem today you'll be right that the 
  controls the browser vendors in the FED cm is exposed in aren't 
  sufficient but I just wanted to say that I think that 
  architecture Ali this is the better call because it would allow 
  us to do so in a way that is more at scale than it was before so.
Ryan Grant:  Thank you thank you I understand thanks.
Mike Prorock:  Yeah and Sam by the way like my wife just as a 
  random aside Works quite a bit with national Industries for the 
  Blind and they're one of the larger you know employers for folks 
  with visual impairments yourself as visually impaired and I can 
  tell you firsthand like when we like I would encourage the team 
  to just sit down with folks that actually are using screen 
  readers on a day-to-day basis and what an engineer thinks is 
  accessible versus what actually is is something.
Mike Prorock: \'A0 that gets overlooked a lot and when we're 
  talking about things as.
<brentz> big +1 Mike
Mike Prorock:  It's a pretty big deal so awesome topic happy to 
  Deep dive on accessibility in this stuff later and Ryan I did 
  thank you very much for bringing that up Ted I see you on the 
  queue.
<bumblefudge> \uc0\u55357 \u56471 
TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): Yeah yeah 
  I've got a couple I guess I'll just go with the first one first 
  this is about till last sessions which are currently bound to a 
  browser instance I can open up a TLS connection and authenticate 
  with the the apis van.
TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com):\'a0 close my.
TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): My window 
  don't quit the browser just close those items and somebody else 
  can come to that shared workstation open a new window or Tab and 
  they've got the same TLS session and so they've got my permission 
  to cetera.
TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): Currently 
  there's a way to sort of tell the browser login and then.
TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): Over that TLS 
  connection authenticate as the actual user we've sort of patch 
  that together with tools that open like software.
TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): It is a 
  kludge because the browser's don't have the stuff built in and so 
  we've had to do it by extension the primary one is uid.
TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): I'm curious 
  what whether this has been taken into consideration or not at 
  this point.
Samantha Matthews Chase:  Probably not to the extent that you're 
  suggesting from a security threat model perspective access to the 
  device is taken as SS s kind of like you know the well outside of 
  the thread model physical access to the device I mean I'm not I 
  can't say that I'm a security expert up if they're but if you 
  have built an extension it means that there's something in the 
  web platform this missing that you need access to.
Samantha Matthews Chase: \'A0 so we should certainly follow up 
  and I would love.
<yi_gu> re a11y:
Samantha Matthews Chase:  To learn about what specifically you 
  have built such that we can expose that on the web so yeah when 
  we follow up and we can go from there.
<tallted> see https://youid.openlinksw.com/
Mike Prorock:  Cool Ted is that good for a first one and then 
  we'll roll to go Brent and then back all right cool bright.
BrentZ: Yeah I have a couple questions my first one with fed CM 
  the does the ID provider still see everywhere that the user logs 
  in or uses the membership card.
Samantha Matthews Chase:  Yes yes that's correct it does but only 
  after the user consents.
<tallted> also see 
  https://medium.com/openlink-software-blog/verifiable-identity-controlled-by-you-at-web-scale-3d66399cb114
<tallted> also also 
  https://medium.com/virtuoso-blog/web-logic-sentences-and-the-magic-of-being-you-e2a719d01f73
Samantha Matthews Chase:  So so so yes that is that is I want to 
  say what I would call a compromise when it comes to backwards 
  compatibility we like we like a lot of the design that you have 
  picked the coupling holders from issuers such that you can keep 
  the issuer's blind to the presentation but it's not the case that 
  open ID and Samoa operates that way today so we made that 
  compromising and substitute in order to make maintain backwards 
  compatibility but it's not a property that we like.
Samantha Matthews Chase: \'A0 and we're actively working on 
  trying to raise the Privacy partner.
Samantha Matthews Chase:  I just needed interest of time I still 
  have about a third of the deck to go through is it okay if I use 
  the last 15 minutes to do that or is there anyone else.
BrentZ: No the tech nine.
Mike Prorock:  It put that I see you on the Q is with yeah yeah I 
  think there's two additional questions can be rolled Ted then 
  Brent.
TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): This is about 
  that it may have been just covered I'm not sure I understood the 
  answer to it my concern is along the lines of being a member of 
  the Rebel Alliance who's logging into Galactic Empire site and I 
  want to use my Galactic Empire identity and not expose my Rebel 
  Alliance membership so this is partly a question of trusting that 
  middleman is this.
TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com):\'a0 how 
  distributed is this plant.
TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): Years it 
  built to be decentralized and distributed or is it confined to 
  the browser vendors for that sort of thing.
Samantha Matthews Chase:  I mean we do should we would have to 
  get into the specifics to for me to actually answer that question 
  in a concrete and constructive way but we know that Federation is 
  something that is much bigger than any single browser vendor 
  right and so it is we have we have we have constructed pet CM 
  such that there's a passing which other browser vendors can use 
  it to like Firefox and Safari but then in addition to that we 
  also know that you can log into.
Samantha Matthews Chase: \'A0 website you can log into net.
Samantha Matthews Chase:  Over your desktop and then go through 
  Android phone and use it to using Federation right and so we have 
  constructed fed cm in such a way that we expect it to be 
  something that is available not only across browser vendors but 
  also across operating systems so so we expect it to be you know 
  it's already desire for this to be pushed down into the stack all 
  the way to operating systems such to Android iOS windows and 
  Linux can can be that intermediator too.
Samantha Matthews Chase: \'A0 so I don't know if that answers 
  your questions but.
Samantha Matthews Chase:  I it we certainly sir.
TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): Almost it 
  sounds like my personal laptop could serve as.
TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): The mediator 
  which would allow me I think to be private or at least that would 
  be the place where both my Rebel Alliance and Empire membership 
  cards could be stored and I could choose clearly and not reveal 
  to anybody else that I have those both membership cards.
TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com):\'a0 is that 
  correct.
Ryan Grant: +1 For deeper OS integration.\'a0 it does sound like 
  a very safe level to operate on identity
Samantha Matthews Chase:  Yeah that would be correct so so if 
  your laptop is a Linux machine then yes I would expect Linux to 
  support this at some point if your laptop is a Mac machine then 
  yes I would expect Mac OS to support that at some point as well 
  as Windows and it's going to be a long term play but yes we 
  Something That We're much like we have often right if you think 
  about the web often play strategy web often cannot succeed unless 
  browser vendors and or prison vendors also supported so.
Samantha Matthews Chase: \'A0 it could just cannot succeed unless 
  Linux supports web often and windows.
Samantha Matthews Chase:  Let's do it.
Mike Prorock:  Awesome cool Brent.
TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): Okay thank 
  you.
BrentZ: All right so you said that the browser knows which idps 
  the user is logged into which is cool it solves that NASCAR 
  problem does that mean that the browser vendor also knows all of 
  the different idps that the that the user has or is logged into 
  or is it the local thing.
Samantha Matthews Chase:  Oh so this will likely vary per browser 
  vendor so but but but if you're locked out of the your browser 
  then likely you're not storing that information back into the 
  browser vendor as servers in fetch him specifically today I 
  believe that if you are logged into Google into your browser we 
  don't send any information back to Google servers so I think it's 
  a local it's a local thing only.
Samantha Matthews Chase: \'A0 they're Engineers on the call 
  where.
Samantha Matthews Chase:  Of first and smarter than myself that 
  can maybe confirma tonight is on the chat but I believe that it 
  yeah csee still it's one of the engineers but yes yeah I believe 
  that the best of my knowledge it is something that is kept 
  locally as opposed to synchronize across your devices.
Mike Prorock:  Awesome alright we got about 10 minutes there you 
  want to fire into the interest because I think there's some great 
  collection points so.
<mprorock> ** starts up network sniffer **
Samantha Matthews Chase:  This is likely the most interesting 
  part I guess but it's also the least well-constructed one so stay 
  with me a bit of a impromptu presentation here but yeah so let's 
  let's just page back your memory this is what we have in in 
  Chrome since 108 which was launched in November so it's still 
  like in its infancy but this is what you have in production today 
  that you can use right now if you wanted to as I said it sucks 
  for a variety of reasons for one you can only use one identity 
  provider at a time which kind of.
Samantha Matthews Chase: \'A0 sucks for two like he has a lot of 
  language here that is signing specific you know and so on.
Samantha Matthews Chase:  But but here but I wanted to give you a 
  sense of projection of the things that were working on that I 
  think will have the connection with choppy so here so here's 
  let's so the first exercise that I went through with Dimitri at 
  iaw left iow what's to look at Champion fed cm in turn and try to 
  compare and contrast we were both looking at this are like huh 
  they seem to be they seem to look at they seem to be similar 
  things here you know what are the commonalities what are the 
  differences here so first.
Samantha Matthews Chase: \'A0 you know I think it's important.
Samantha Matthews Chase:  Both Champion fed CM operate as an 
  intermediary between entities right in the charity case it's a 
  it's a wallet selector in the FED same cases and account selector 
  but both of them operates as a intermediate as a neutral 
  intermediator to the user it's not an important detail but I just 
  wanted to say that architecturally speaking chappie implements 
  this in userland over off and but IO which is to be trusted 
  whereas fed CM implements this in the browser but.
Samantha Matthews Chase: \'A0 if you discuss an implementation 
  detail I think Chuck it was designed such that it could find its 
  way to browse.
Samantha Matthews Chase:  So what you see here is a neutral 
  intermediator that constrains the use two specific things like 
  choosing wallets or choosing accounts it's also similar in many 
  ways in that it connects in intermediates to different things to 
  different these first in the case of chappie for issuance and for 
  presentation you have the issuer and the verifier right saying 
  like I want to start this or I want to get this right and so 
  which is.
Samantha Matthews Chase: \'A0 Advanced GM would call a relying 
  party meaning that it's.
Samantha Matthews Chase:  Say that once the users account right 
  and then you also have in choppy this selector of wallets that 
  you have register in the past of their do you have access to 
  right and in fact seems formulation is what we call an identity 
  provider right but if you look at the threat model here right 
  someone in chappie said we should show the origin of the website 
  which show the origin of the issues so playground the chapter 
  that I owe that is not by.
Samantha Matthews Chase: \'A0 mistake that it's there right that 
  that is a critical thing.
Samantha Matthews Chase:  And then also demo dot various wallet 
  that Dev it's also not by mistake that that orange is over there 
  because that is the threat model that you have I'll put aside the 
  rest of the ux because I think it's easier to see the connection 
  between the two now these are the commonalities perhaps a 
  differences are like I said some of the language here right so 
  for one chappie is you know it's presented to the user as a 
  wallet selector whereas fed cm is predictably users an account 
  selector in chappie you are able to have multiple wallets rights.
Samantha Matthews Chase: \'A0 if that's him right now you can 
  only pick accounts from a single identity provider like I said 
  you have the wallet language.
Samantha Matthews Chase:  Some of the.
Samantha Matthews Chase:  Choices you know one is a modal dialog 
  the others and all modal dialog chappie has a really interesting 
  property of allowing what is to be registered as opposed to 
  announced breastfed CM still operates in a model in which the 
  relying party has to announce which I didn't provide is it won't 
  work what's work with chappie can work with Native apps whereas 
  potassium only works called providers okay but those are the 
  differences but I wanted to give you a sense of the work that 
  we're doing because I think that as we finish that work.
Samantha Matthews Chase: \'A0 work a lot of these differences are 
  going to be decreasing so for one we're working on this thing.
Samantha Matthews Chase:  Identity provider API which allows you 
  to which allows our website to say I can take accounts from all 
  these many different identity providers so what you see here in 
  the specific Mark is it's very subtle so apologies for just being 
  hard to read here but you see accounts coming from fat see em 
  that shit chappie wallet won't a glitched on me which is a 
  different origin from web idea that fat CM that this glitch about 
  me meaning that these are accounts coming from different Origins 
  right just imagine these being Facebook and Google.
Samantha Matthews Chase: \'A0 or Facebook and Twitter right but 
  accounts from coming from multiple identity providers.
Samantha Matthews Chase:  We have the.
Samantha Matthews Chase:  Well behind a flag and we expect to 
  watch this as soon as we can you see here a bit of a demo what 
  that looks like you know it's probably hard to read but this is 
  this is one way in which you can have an identity provider in 
  addition to Google as an identity provider embedded within the 
  same UI dialogue so you see that this is the Google account 
  wasn't come was before okay so with that I think we crossed out 
  one of the.
Samantha Matthews Chase: \'A0 Frances that chappie has multiple 
  wallets in 50m can have.
Samantha Matthews Chase:  Just now multiply deep identity 
  providers.
Samantha Matthews Chase:  Another another API that we've been 
  working on is something that we call the art P contacts API and 
  that is an API that allows relying parties to be more explicit 
  about what context the fat emui problem is being is being used so 
  like I said to you before like with membership cards and at 
  getting access to journals and so on you know signing in isn't 
  the action of the users taking is so RPS want the control to you 
  know just use language that's more appropriate so.
Samantha Matthews Chase: \'A0 right now we have four different 
  options that we implemented you can.
Samantha Matthews Chase:  Language which is use use website with 
  your identity provider or continue to website with your identity 
  provider in addition to signing in in signing up so this gives 
  our Peas the ability to you know just use different language in 
  the dialogue and I think with that I think it's easy to kind of 
  like incrementally add like a at wallet context or you know a % % 
  credential kind of thing where.
Samantha Matthews Chase: \'A0 we're we can move away.
Samantha Matthews Chase:  Fans from the language of identity 
  providers and signing in for language where you can connect with 
  a wallet like language and with that I think we cross all of a 
  bunch of differences to I wanted to show you two like a small 
  prototype that we built for what we call the identity provider 
  registry API but it's an API that looks a lot like if you ever 
  use register protocol Handler it's a very similar API but it's an 
  API that allows an identity provider to register itself it's.
Samantha Matthews Chase: \'A0 to ask for the user's permission to 
  be an identity provider and in doing so allows relying parties.
<orie> ha, register protocol handler.... 
  https://github.com/whatwg/html/issues/5561
Samantha Matthews Chase:  For any registered provider as opposed 
  to having to name them so if you look at the developer console 
  here the API was called in a way that the providers weren't named 
  in that you didn't call for Google as an identity provider or 
  Facebook is a knitted provider it presupposes that you have 
  registered identity providers and that's really wonderful for a 
  variety of reasons in that you can bring your own identity 
  provider to websites but I think we'll see once we do that then 
  it's isomorphic to wallet.
Samantha Matthews Chase:  Okay so with that then we can I think 
  we can also do well at registration so if you remove then all the 
  differences then if you if you make a projection where it fits 
  him is going to be like in a few in a few in a few quarters 
  perhaps at the end of the year then it's likely that we're going 
  to find fewer of these differences between champion and fed cm 
  and so on can we only have a couple more minutes so I just wanted 
  to perhaps and with.
<orie> See also https://github.com/whatwg/html/pull/5482
Samantha Matthews Chase: \'A0 this with this like perhaps because 
  I think it's perhaps the most goals concrete one to bring to this 
  group here.
Samantha Matthews Chase:  I just wanted to kind of like put it on 
  there like Fitz can compete with cross arching tracking and cook 
  third-party cookies and postmessage not with chappie per se so I 
  think what I mean imagine is more like a chappie overfed CM like 
  chappie using fed cm is a third party cookies more so than 
  chappie fetch a meal replacement of chappie and for the large 
  extent it would be wonderful if we could make things backwards 
  compatible so what I mean imagine is more like trying to remove 
  the the the.
Samantha Matthews Chase: \'A0 the awkward parts of chappie being 
  off that are your own interpreter.
Samantha Matthews Chase:  Is our third particle.
Samantha Matthews Chase:  Right but maintained and exchange that 
  to fetch him calls but maintain backwards compatibility between 
  wallets issues and verifier such that they don't have to know 
  that that change happened okay I think I'm going to end here 
  because I think I'm going to run all the time I'm not sure.
Mike Prorock:  Yeah now we're right at the top and I think this 
  is a great ending spot Manu I see you on you I'll let you get 
  probably the second last word outside of my thanks so.
Dave Longley: +1 Thanks, Sam!
<harrison_tang> Thank you, Sam!!
Manu Sporny:  Great thanks yeah just just add thank you Sam that 
  was fantastic thank you for going through all of that and thank 
  you for you know having the slides available so we can go back 
  and review this is fantastic I think that the takeaway to the ccg 
  or for the ccg is that you know there's active work on doing this 
  kind of alignment we don't know if it's going to work out yet but 
  it's headed in a great direction as same demonstrated we're 
  trying to close the gap here.
Manu Sporny: \'A0 we're in an able you know chappie to have more 
  native.
<saumya> thanks Sam
Manu Sporny:  It can call and ideally get to this point where we 
  have you no choice of IDP choice of all its election that kind of 
  thing still quite a bit to go to get there but I think it's great 
  that the Chrome team you know and Sam has put together a plan on 
  how we could possibly get there so thank you Sam for kind 
  presenting again.
<anil_john_[us/dhs/svip]> Enabling Individuals the ability to 
  control the selection of wallets is a HUGE +1 for me (and for DHS 
  USCIS digital credential issuance)
<bumblefudge> thanks so much, Sam!
Mike Prorock:  Yeah no this was excellent really really 
  appreciate the time I think the ten thousand dollar question is 
  you know can we get kind of native detached verifiable credential 
  support via fed cm in some capacity in the future obviously yet 
  to be seen but really really appreciate the time I think there's 
  a huge amount of alignment and love the direction you guys are 
  going I think it's I think you're asking a lot of the right 
  questions and just once again really really.
Mike Prorock: \'A0 appreciate this and just noting and Nils 
  comments in the chat there.
Mike Prorock:  There's a lot.
Mike Prorock:  Use cases especially gov use cases for selection 
  of wallets right can the user select where they are storing 
  things and what they're actually disclosing and more of that 
  older style model rather than the photo model so thanks again and 
  once again just much appreciated so.
Samantha Matthews Chase:  Absolutely thanks for having me.
Mike Prorock:  Kill recording now.

Received on Friday, 27 January 2023 23:56:57 UTC