[w3ctag/design-reviews] Question: How to reduce apex domain modifications for IDPs using FedCM (Issue #1217) from Heather Flanagan on 2026-04-07 (public-webapps-github@w3.org from April 2026)

From: Heather Flanagan <notifications@github.com>
Date: Tue, 07 Apr 2026 09:01:09 -0700
To: w3ctag/design-reviews <design-reviews@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3ctag/design-reviews/issues/1217@github.com>

hlflanagan created an issue (w3ctag/design-reviews#1217)

The FedID Working Group and Community Group are trying to resolve a long-standing question on alternatives to .well-known on the apex domain. There is a new proposal under discussion, but the groups have stalled on the best architectural pattern for the web. While using .well-known is technically easy, but implementation-wise, it is not easy for identity providers that do not have direct control of that file.

So, the immediate question is: What is the pattern (or, is there a pattern) for an item that MUST have a cardinality of 1 on the registrable domain? FedCM requires one endpoint for user+relyingParty privacy. Today, the FedCM spec uses the apex domain, which has operational considerations (see the meeting notes from [7 April 2026](https://github.com/w3c-fedid/meetings/blob/main/2026/2026-04-07-FedCM-notes.md#allow-idps-to-delegate-well-known-file-hosting-via-dns-txt-record-821) for the most recent CG/WG discussion on the matter). We are examining: 

1) using an underscored prefixed DNS name (_web-identity.<domain>) or 
2) using a non-underscored prefixed DNS name through HTTP (web-identity.<domain>). 

Does TAG have a preferred pattern for problems like this or have any considerations for choosing between these options?

We also have a question on the use of an underscored prefixed DNS name open with IETF DNSOPS (see <https://mailarchive.ietf.org/arch/msg/dnsop/aLACo0YpxJezsvlXZipp9aL0mFs/>.

The AT Protocol group is discussing a similar and related topic [here](https://atproto.com/specs/handle#dns-txt-method)

<!-- Content below this is maintained by @w3c-tag-bot -->
---

Track conversations at https://tag-github-bot.w3.org/gh/w3ctag/design-reviews/1217


-- 
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/1217
You are receiving this because you are subscribed to this thread.

Message ID: <w3ctag/design-reviews/issues/1217@github.com>

Received on Tuesday, 7 April 2026 16:01:13 UTC