[w3ctag/design-reviews] FedCM API extension: Error API, AccountAutoSelectedFlag, HostedDomain and Revocation API (Issue #893) from yi-gu on 2023-09-05 (public-webapps-github@w3.org from September 2023)

From: yi-gu <notifications@github.com>
Date: Tue, 05 Sep 2023 06:52:53 -0700
To: w3ctag/design-reviews <design-reviews@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3ctag/design-reviews/issues/893@github.com>

こんにちは TAG-さん!

I'm requesting a TAG review of Error API, AccountAutoSelectedFlag, HostedDomain and Revocation API. These are small additions to the existing [FedCM API](https://fedidcg.github.io/FedCM/) so I'm requesting a single review for all of them together.
   - Summary
    - With the Error API, the browser can inform users with proper error messages when their sign-in request has failed.
    - With the AccountAutoSelected Flag API, the browser could help developers to determine if FedCM token requests were initiated with explicit user permission to improve their services.
    - With the Hosted Domain API, RP can choose to only show the accounts which are associated with a certain domain.
    - With the Revocation API, developers can revoke the connection between RP and IdP upon user request and update the browser to optimize the future flows. 

  - Explainer¹ (minimally containing user needs and example code): (We publish explainers as issues per request from Mozilla. See [more context here](https://github.com/w3ctag/design-reviews/issues/813#issuecomment-1466632934)). For explainers please see the first and second comments of [Error API](https://github.com/fedidcg/FedCM/issues/488), [AccountAutoSelectedFlag](https://github.com/fedidcg/FedCM/issues/497), [HostedDomain](https://github.com/fedidcg/FedCM/issues/427) and [Revocation](https://github.com/fedidcg/FedCM/issues/496).
  - Security and Privacy self-review²: Please see the security and privacy consideration section in the explainers.
  - GitHub repo (if you prefer feedback filed there): [[url](https://github.com/fedidcg/FedCM)]
  - Primary contacts (and their relationship to the specification):
      - Yi Gu (@yi-gu, Google Chrome)
      - Nicolas Pena Moreno (@npm1, Google Chrome)
      - Sam Goto (@samuelgoto, Google Chrome, spec editor)
  - Organization/project driving the design: Google Chrome
  - External status/issue trackers for this feature (publicly visible, e.g. Chrome Status):
    - [Error and AccountAutoSelectedFlag](https://chromestatus.com/feature/5384360374566912)
    - [Hosted Domain and Revocation](https://chromestatus.com/feature/5202286040580096)

Further details:

  - [X] I have reviewed the TAG's [Web Platform Design Principles](https://www.w3.org/TR/design-principles/)
  - The group where the incubation/design work on this is being done (or is intended to be done in the future): FedID CG
  - The group where standardization of this work is intended to be done ("unknown" if not known): unknown
  - Existing major pieces of multi-stakeholder review or discussion of this design: No
  - Major unresolved issues with or opposition to this design: No
  - This work is being funded by: Google Chrome

You should also know that...

We have spec PRs for [Error API ](https://github.com/fedidcg/FedCM/pull/498) and [AccountAutoSelectedFlag API](https://github.com/fedidcg/FedCM/pull/500) since Chrome plans to ship them sooner than the other two.

We'd prefer the TAG provide feedback as

  💬 leave review feedback as a **comment in this issue** and @-notify [@yi-gu, @npm1, @samuelgoto]


-- 
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/893
You are receiving this because you are subscribed to this thread.

Message ID: <w3ctag/design-reviews/issues/893@github.com>

Received on Tuesday, 5 September 2023 13:52:59 UTC