[w3ctag/design-reviews] FedCM (was WebID) (Issue #718) from sam goto on 2022-03-10 (public-webapps-github@w3.org from March 2022)

From: sam goto <notifications@github.com>
Date: Thu, 10 Mar 2022 11:52:03 -0800
To: w3ctag/design-reviews <design-reviews@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3ctag/design-reviews/issues/718@github.com>

Braw mornin' TAG!

I'm requesting a TAG review of [feature name].

[One paragraph summary of idea, ideally copy-pasted from Explainer introduction]

  - [Explainer¹](https://github.com/fedidcg/FedCM/blob/main/explainer.md)
  - [Specification](https://fedidcg.github.io/FedCM/)
  - [Web Platform Tests](https://github.com/web-platform-tests/wpt/tree/master/credential-management)
  - User Research
      > TODO(goto): report back here
  - [Security and Privacy self-review²](https://fedidcg.github.io/FedCM/#privacy ) 
      > TODO(goto): fill out the questionnaire
  - [GitHub repo](https://github.com/fedidcg/FedCM/issues)
  - Primary contacts (and their relationship to the specification):
      - Sam Goto @samuelgoto Google
  - Organization(s)/project(s) driving the specification: Google / Chrome
  - Key pieces of existing multi-stakeholder review or discussion of this specification:
      > TODO(goto): add links positions requests     
  - External status/issue trackers for this specification (publicly visible, e.g. Chrome Status): 
      - [Chrome Status](https://chromestatus.com/feature/6438627087220736)
      - [Intent To Prototype](https://groups.google.com/a/chromium.org/g/blink-dev/c/2B4TJ7j2U4M/m/1X5T3OszCAAJ)
      - [Ready For Trial](https://groups.google.com/a/chromium.org/g/blink-dev/c/jlV_1m7uUAg)
      - Intent To Experiment: 
          > TODO(goto): report back here

Further details:

  - [x] I have reviewed the TAG's [Web Platform Design Principles](https://www.w3.org/TR/design-principles/)
  - Relevant time constraints or deadlines:
    - We are planning to start an origin trial in chrome's M101 (April) until M105 
    - We are working under the [Privacy Sandbox Timelines](https://privacysandbox.com/open-web/#the-privacy-sandbox-timeline) along with other proposals
  - The group where the work on this specification is currently being done: The [FedID CG](https://www.w3.org/community/fed-id/)
  - The group where standardization of this work is intended to be done: Unclear, but best guess is the [WebAppSec WG](https://www.w3.org/2011/webappsec/)
  - Major unresolved issues with or opposition to this specification:
  - This work is being funded by: Google/Chrome

You should also know that...

- We presented our work at TPAC 2020/2021, here is [a good introduction](https://watch.videodelivery.net/29bab61e04e8cabf1517e5885c9fe4cf) that may be easier to consume than the specification/explainer
- 2020 we raised [the problem](https://discourse.wicg.io/t/proposal-webid-privacy-preserving-federated-sign-in-api/4661) at the WICG and incubated
- 2020-2021 we prototyped a few alternatives / variations 
- 2021 we ran an "early" TAG review [here](https://github.com/w3ctag/design-reviews/issues/622) around a year ago and didn't hear any major existential / directionally incorrect feedback

We'd prefer the TAG provide feedback as (please delete all but the desired option):

  🐛 open issues in our GitHub repo for **each point of feedback**

> NOTE(goto): ACK on the missing Security and Privacy questionnaire, will get back to you on that.
> ² A Security and Privacy questionnaire helps us understand potential security and privacy issues and mitigations for your design, and can save us asking redundant questions. See https://www.w3.org/TR/security-privacy-questionnaire/.



-- 
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/718

You are receiving this because you are subscribed to this thread.

Message ID: <w3ctag/design-reviews/issues/718@github.com>

Received on Thursday, 10 March 2022 19:52:16 UTC