[w3ctag/design-reviews] FedCM multi IDP support (Issue #803) from npm1 on 2023-01-11 (public-webapps-github@w3.org from January 2023)

From: npm1 <notifications@github.com>
Date: Wed, 11 Jan 2023 14:29:54 -0800
To: w3ctag/design-reviews <design-reviews@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3ctag/design-reviews/issues/803@github.com>

Wotcher TAG!

I'm requesting a TAG review of FedCM multi IDP support.

The [Federated Credential Management (FedCM) API](https://fedidcg.github.io/FedCM/) is a Web Platform API which allows users to login to websites with their federated accounts in a privacy preserving manner. Currently, it only supports a single identity provider (IDP) at a time. Users can only login with their federated accounts from a single IDP at a time. With multi IDP support, we want to allow users to login with their federated accounts from a set of IDPs at a time.

  - Explainer: [url](https://github.com/fedidcg/FedCM/blob/main/proposals/multi-idp-api.md)
  - Security and Privacy self-review: [url](https://github.com/fedidcg/FedCM/blob/main/privacy_questionnaire.md): same as the general one for FedCM because I think the answers are the same. Let me know if you have questions or if I have missed something though!
  - GitHub repo: [url](https://github.com/fedidcg/FedCM)
  - Primary contacts (and their relationship to the specification):
      - Nicolás Peña Moreno (@npm1), Google
      - Zachary Tan (@tttzach), Google
      - Benjamin Vandersloot (@bvandersloot-mozilla), Mozilla
  - Organization/project driving the design: Google Chrome, Mozilla
  - External status/issue trackers for this feature (publicly visible, e.g. Chrome Status):
      - [ChromeStatus](https://chromestatus.com/feature/5067784766095360)
      - [Mozilla standards position](https://github.com/mozilla/standards-positions/issues/730)
      - [WebKit standards position](https://github.com/WebKit/standards-positions/issues/120)

Further details:

  - [X] I have reviewed the TAG's [Web Platform Design Principles](https://www.w3.org/TR/design-principles/)
  - The group where the incubation/design work on this is being done (or is intended to be done in the future): FedID CG
  - The group where standardization of this work is intended to be done ("unknown" if not known): unclear
  - Existing major pieces of multi-stakeholder review or discussion of this design: see relevant [issue](https://github.com/fedidcg/FedCM/issues/319)
  - Major unresolved issues with or opposition to this design: the use of onload to ensure that multiple IDPs are loaded by the time the initial UI is shown is not great. But we have not come up with something that is much better given all the constraints and requirements. Ideas welcome!
  - This work is being funded by: Google Chrome, Mozilla

You should also know that the initial FedCM TAG review is [here](https://github.com/w3ctag/design-reviews/issues/718). We're requesting a review specifically on the multi IDP design.

We'd prefer the TAG provide feedback as (please delete all but the desired option):

  💬 leave review feedback as a **comment in this issue** and @-notify @npm1


-- 
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/803

You are receiving this because you are subscribed to this thread.

Message ID: <w3ctag/design-reviews/issues/803@github.com>

Received on Wednesday, 11 January 2023 22:30:06 UTC