- From: Christian Biesinger <notifications@github.com>
- Date: Tue, 15 Aug 2023 12:37:42 -0700
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3ctag/design-reviews/issues/884@github.com>
Draft: TAG review request for the IDP SignIn status API
こんにちは TAG-さん!
I'm requesting a TAG review of the IDP SignIn status API (addition to the Federated Credential Management API).
This API provides a way to prevent RPs from **silently** making cross-site credentialed requests to IdPs using the FedCM API while minimizing user annoyance for users who are not logged in to the requested IDP. We call this problem the [timing attack problem](https://github.com/fedidcg/FedCM/blob/main/meetings/2022/FedCM_%20Options%20for%20the%20Timing%20Attack%20Problem%202022-08-31.pdf). In this proposal under review, specifically, when the user agent was not notified that the user is signed in to the IDP, no network request is made and so no UI has to be shown. Otherwise, whenever a credentialed request is made, UI is shown. This discourages use of the API for tracking. (Note, for Chrome’s implementation we allow a once-per-IDP potentially-silent request for bootstrapping purposes)
- Explainer¹ (minimally containing user needs and example code): https://github.com/fedidcg/FedCM/blob/main/proposals/idp-sign-in-status-api.md
- Specification URL: https://github.com/fedidcg/FedCM/pull/436
- Tests: TBD
- User research: n/a
- Security and Privacy self-review²: The original FedCM questionnaire is at https://github.com/fedidcg/FedCM/blob/main/privacy_questionnaire.md. This addition does not expose any new information to origins; it stores one additional per-IDP bit that is not readable with web APIs.
- GitHub repo (if you prefer feedback filed there): https://github.com/fedidcg/FedCM/issues
- Primary contacts (and their relationship to the specification):
- Christian Biesinger (@cbiesinger), Google (Engineer designing and implementing the spec)
- Sam Goto (@samuelgoto), Google (Engineer designing and implementing the spec)
- Organization(s)/project(s) driving the specification: Google Chrome
- Key pieces of existing multi-stakeholder review or discussion of this specification: Discussion in https://github.com/fedidcg/FedCM/pull/436
- External status/issue trackers for this specification (publicly visible, e.g. Chrome Status): https://chromestatus.com/feature/5177628008382464
Further details:
- [X] I have reviewed the TAG's [Web Platform Design Principles](https://www.w3.org/TR/design-principles/)
- Relevant time constraints or deadlines: We’d like to ship this in Chrome 119, branching on Tue, Oct 3, 2023
- The group where the work on this specification is currently being done: https://github.com/fedidcg
- The group where standardization of this work is intended to be done (if current group is a community group or other incubation venue): Unknown
- Major unresolved issues with or opposition to this specification: We are still working on the relationship to the Login Status API aka isLoggedIn (https://github.com/privacycg/is-logged-in). We are planning to use an API that integrates seamlessly with that API as described in https://github.com/samuelgoto/login-status-api
- This work is being funded by: Google LLC
You should also know that...
https://github.com/fedidcg/FedCM/blob/main/meetings/2022/FedCM_%20Options%20for%20the%20Timing%20Attack%20Problem%202022-08-31.pdf contains a lot of background reading
We'd prefer the TAG provide feedback as (please delete all but the desired option):
🐛 open issues in our GitHub repo for **each point of feedback**
--
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/884
You are receiving this because you are subscribed to this thread.
Message ID: <w3ctag/design-reviews/issues/884@github.com>
Received on Tuesday, 15 August 2023 19:37:49 UTC