- From: Johann Hofmann <notifications@github.com>
- Date: Mon, 16 Dec 2024 10:34:51 -0800
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3ctag/design-reviews/issues/956/2546358862@github.com>
> Hi @johannhof - We're more concerned with the UI complexity. Specifically, how can we communicate to the end user the nuance of the partitioned identity? Feels like the spec should give an example of good UI - or indicative UI - especially since this informs the user's decision-making process, for example regarding what permissions to agree to, and this will be a new situation that they may not have encountered before? Thanks for the clarification. We're also concerned with UI complexity, which is why we're trying out the "popin" variant. We should follow up on some of this based on the initial UX prototype. Again, it's hard to develop that without the platform primitives in place. :) > It seems like some of these use cases could be solved by a narrow, focused API that is built to solve the specific use case (login flow), rather than by introducing a new technology that also introduces a new kind of partitioned identity, which introduces the potential for user confusion (and abuse). I disagree, for two reasons: 1) This is not a new partitioned identity, it's a continuation of your partitioned identity on the site in a presentation that's more suitable and more secure for some use cases. If this technology helps keep user identity partitioned between sites vs. exposing additional prompts for cross-site identity joining to users, I think it's a win for everyone. 2) A long term goal of this effort is to help pry the ecosystem away from the usage of unpartitioned popups in combination with opener access. FedCM or other APIs may be able to capture some of these use cases, but I don't believe we can entirely replace popups that way. Popups allow for infinite customization of their content and that is arguably a good thing. Additionally, the integration with cookies is valuable to many developers for both security and performance reasons. IMO we should err on the side of building flexible platform primitives that open the door to niche or future use cases when our goals for privacy and security can be achieved to the same degree (and, as mentioned above, even surpassed vs. cross-site identity sharing). -- Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/956#issuecomment-2546358862 You are receiving this because you are subscribed to this thread. Message ID: <w3ctag/design-reviews/issues/956/2546358862@github.com>
Received on Monday, 16 December 2024 18:34:55 UTC