[Openid-specs-ab] Planned Chrome and WebKit changes potentially impacting OpenID Connect deployments

Hans Zandbelt hans.zandbelt at zmartzone.eu
Wed Aug 21 20:46:37 UTC 2019


For the record:
the same-site cookie issue was raised on the refeds mailing list that
unfortunately does not have a public archive; the impact seemed not very
severe from what I remember.

Also, on the ITP issue there's a doc that Vittorio requested input for
earlier:
https://docs.google.com/document/d/1Rs--DFzZj_SfQjtz8oH9DlLII0ra3viMEHrK7sKsaiU/edit?usp=sharing
and:
https://github.com/whatwg/html/issues/3338#issuecomment-434117847

Hans.

On Wed, Aug 21, 2019 at 8:36 PM Mike Jones via Openid-specs-ab <
openid-specs-ab at lists.openid.net> wrote:

> I wanted to bring two planned browser changes to the working group’s
> attention for your discussion and feedback.  I believe that both of these
> could affect OpenID Connect (and other federated identity) deployments.
>
>
>
>    1. Chrome plans to treat cookies as SameSite=Lax by default if no
>    SameSite attribute is specified. This is described at
>    https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/AknSSyQTGYs/SSB1rTEkBgAJ.
>    As it says there, developers would be able to opt-into the status quo of
>    unrestricted use by explicitly asserting SameSite=None.
>
>
>
>    1. WebKit/Safari plans to change cookie handling to prevent tracking.
>    As described at
>    https://webkit.org/tracking-prevention-policy/#unintended-impact, this
>    is expected to affect “Federated login using a third-party login provider”.
>
>
>
> Some questions:
>
>    - Are people tracking these developments and their expected impacts?
>    - Might code changes be needed to keep things working, and if so, what
>    are they?
>    - Should we be communicating with the Chrome and WebKit developers
>    about the needs of federated identity in advance of these proposed changes?
>
>
>
>                                                        -- Mike
>
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>


-- 
hans.zandbelt at zmartzone.eu
ZmartZone IAM - www.zmartzone.eu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20190821/455e75ed/attachment.html>


More information about the Openid-specs-ab mailing list