Re: Coming back to CREDENTIAL. from Mike West on 2015-08-10 (public-webappsec@w3.org from August 2015)

From: Mike West <mkwst@google.com>
Date: Mon, 10 Aug 2015 14:31:22 +0200
To: Anne van Kesteren <annevk@annevk.nl>
Cc: Adrian Hope-Bailie <adrian@hopebailie.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Dave Longley <dlongley@digitalbazaar.com>, Manu Sporny <msporny@digitalbazaar.com>, Brad Hill <hillbrad@gmail.com>, timeless <timeless@gmail.com>
Message-ID: <CAKXHy=eHQ8=q19ZaxEZLf7=Rp7c6w+Dha4kLvOfMJ65+jmdBTQ@mail.gmail.com>

On Mon, Aug 10, 2015 at 2:29 PM, Anne van Kesteren <annevk@annevk.nl> wrote:

> On Mon, Aug 10, 2015 at 2:24 PM, Mike West <mkwst@google.com> wrote:
> > According to the (internal, sorry!) `ClearBrowsingData_Cookies` counter,
> > ~11.1% of Chrome users who opted into sharing statistics cleared their
> > cookies in the past 7 days. I imagine (with no data to back me up) that
> the
> > percentage is higher for users who chose not to opt in.
>
> Do we know how many of them use a federated identity?

1. For the sake of my argument, let's say all of them. :)

2. No, we don't. Which is somewhat the point: the user agent has zero
understanding of federations today, so this isn't something we can reason
about at all. I think the (reasonable!) argument you and Adrian are making
is that the API doesn't provide full understanding of federations. My
(hopefully reasonable?) response is that I think it provides enough of a
hook to be valuable in itself, and lays the groundwork for additions in the
future.

-mike

Received on Monday, 10 August 2015 12:32:10 UTC