Re: [w3ctag/design-reviews] FedCM: LoginHint, UserInfo, and RPContext (Issue #839) from Peter Linss on 2024-02-19 (public-webapps-github@w3.org from February 2024)

From: Peter Linss <notifications@github.com>
Date: Mon, 19 Feb 2024 08:53:27 -0800
To: w3ctag/design-reviews <design-reviews@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3ctag/design-reviews/issues/839/1952872785@github.com>

@rhiaro and I took a look at this today (apologies for the long delay), LoginHint and the RPContext seem fine by us, but we have a question about UserInfo.

The explainer mentions that the UA would retain user information even after the user signs out of the IDP. Considering a shared computer, e.g. I sign in to a service at a computer in my library, then sign out, it seems that the next person using that computer gets to see information about my identity, which I would not expect after having signed out. Are we understanding that correctly or are we missing something?

-- 
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/839#issuecomment-1952872785
You are receiving this because you are subscribed to this thread.

Message ID: <w3ctag/design-reviews/issues/839/1952872785@github.com>

Received on Monday, 19 February 2024 16:53:31 UTC