<div dir="ltr">This is not auspicious! Sam went ahead without even responding to some of the comments provided. Note that at its core this proposal would add some requirements on IdP to provide metadata that could be absorbed by the browser. It has been suggested that the user would need to be involved in the process.  Both George & I have suggested that the browser password manager needs to be modified to assure that if the user is hassled, that the user's response be stored and they not be hassled again.<div><br></div><div>My suggestion is that we work on a user experience doc and send that as a CR (bug) to the blink mailing list or perhaps as a comment to the WICG m/l.  I or John could do that.</div><div><br></div><div>In the meantime, I will try to collect a user experience plan. If anyone has suggestions, please forward them to me.</div><div>Can we put this on the agenda for next week?<br clear="all"><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div>Peace ..tom</div></div></div></div><br><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">---------- Forwarded message ---------<br>From: <strong class="gmail_sendername" dir="auto">Sam Goto</strong> <span dir="auto"><<a href="mailto:goto@chromium.org">goto@chromium.org</a>></span><br>Date: Fri, Oct 9, 2020 at 12:21 PM<br>Subject: [blink-dev] Intent to Prototype: WebID<br>To: blink-dev <<a href="mailto:blink-dev@chromium.org">blink-dev@chromium.org</a>><br>Cc: Brad Lassey <<a href="mailto:lassey@chromium.org">lassey@chromium.org</a>>, David Benjamin <<a href="mailto:davidben@chromium.org">davidben@chromium.org</a>>,  <<a href="mailto:mjv@chromium.org">mjv@chromium.org</a>>, Justin Toupin <<a href="mailto:jtoupin@google.com">jtoupin@google.com</a>>,  <<a href="mailto:kenrb@chromium.org">kenrb@chromium.org</a>>, Majid Valipour <<a href="mailto:majidvp@chromium.org">majidvp@chromium.org</a>>,  <<a href="mailto:balfanz@google.com">balfanz@google.com</a>>,  <<a href="mailto:mknowles@chromium.org">mknowles@chromium.org</a>>, Sam Goto <<a href="mailto:goto@google.com">goto@google.com</a>><br></div><br><br><div dir="ltr"><span id="m_649063735830448497gmail-docs-internal-guid-8d53008d-7fff-72d3-833c-5da3a5c67870"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:10pt;font-family:Arial;color:rgb(0,0,0);font-weight:700;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Contact emails</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><a href="mailto:goto@chromium.org" style="text-decoration-line:none" target="_blank"><span style="font-size:10pt;font-family:Arial;font-variant-numeric:normal;font-variant-east-asian:normal;text-decoration-line:underline;vertical-align:baseline;white-space:pre-wrap">goto@google.com</span></a><span style="font-size:10pt;font-family:Arial;color:rgb(0,0,0);font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">, </span><a href="mailto:jtoupin@google.com" style="text-decoration-line:none" target="_blank"><span style="font-size:10pt;font-family:Arial;font-variant-numeric:normal;font-variant-east-asian:normal;text-decoration-line:underline;vertical-align:baseline;white-space:pre-wrap">jtoupin@google.com</span></a><span style="font-size:10pt;font-family:Arial;color:rgb(0,0,0);font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap"> </span></p><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:10pt;font-family:Arial;color:rgb(0,0,0);font-weight:700;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Explainer</span></p><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:10pt;font-family:Arial;color:rgb(0,0,0);font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Link to </span><span style="font-size:10pt;font-family:Arial;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap"><a href="https://github.com/WICG/WebID/" style="text-decoration-line:none" target="_blank">explainer</a> (in <a href="https://wicg.github.io/WebID" target="_blank">HTML</a>)</span><span style="font-size:10pt;font-family:Arial;color:rgb(0,0,0);font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">.</span></p><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:10pt;font-family:Arial;color:rgb(0,0,0);font-weight:700;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Design doc/Spec</span></p><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:10pt;font-family:Arial;color:rgb(0,0,0);font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">We will update this thread when our design doc firms up.</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:10pt;font-family:Arial;color:rgb(0,0,0);font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">We will kick off a TAG review and update this thread as we go along.</span></p><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:10pt;font-family:Arial;color:rgb(0,0,0);font-weight:700;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Summary</span></p><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:10pt;font-family:Arial;color:rgb(0,0,0);font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Provide a new API that mediates the exchange of identity-related data between websites (relying parties) and identity providers (e.g. Google Sign In, Apple Sign In, Facebook Login, etc) while mitigating cross-site tracking risks.</span></p><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:10pt;font-family:Arial;color:rgb(0,0,0);font-weight:700;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Motivation</span></p><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:10pt;font-family:Arial;color:rgb(0,0,0);font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Over the last decade, identity federation has played a central role in raising the bar for sign-in on the web, in terms of ease-of-use (e.g. password-free sign-on), security (e.g. improved resistance to phishing and credential stuffing attacks) and trustworthiness compared to its preceding common pattern: per-site usernames and passwords.</span></p><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:10pt;font-family:Arial;color:rgb(0,0,0);font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">However, it has relied on general-purpose primitives (namely top-level redirects, popups and third party cookies) which are subject to identity-agnostic browser policies (e.g. blocking popups used in identity flows). These policies are increasingly getting tightened due to </span><a href="https://blog.chromium.org/2020/01/building-more-private-web-path-towards.html" style="text-decoration-line:none" target="_blank"><span style="font-size:10pt;font-family:Arial;font-variant-numeric:normal;font-variant-east-asian:normal;text-decoration-line:underline;vertical-align:baseline;white-space:pre-wrap">cross-site tracking</span></a><span style="font-size:10pt;font-family:Arial;color:rgb(0,0,0);font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap"> (e.g. by constraining third-party cookies and disabling navigational tracking). In addition to that, federated login distributes global user identifiers (most notably email addresses) which can be joined by multiple relying parties to build a shared profile of the user's activity across those sites.</span></p><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:10pt;font-family:Arial;color:rgb(0,0,0);font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">In this exploration, we plan to prototype a high-level login-oriented API with the goal of ensuring federation on the Web is better streamlined, separable from other types of cross-site information exchanges, and more private for users by default.</span></p><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:10pt;font-family:Arial;color:rgb(0,0,0);font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">We are engaging with identity providers in this process, for both consumers and enterprises.</span></p><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:10pt;font-family:Arial;color:rgb(0,0,0);font-weight:700;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Risks</span></p><br><p dir="ltr" style="line-height:1.38;margin-left:36pt;margin-top:0pt;margin-bottom:0pt"><span style="font-size:10pt;font-family:Arial;color:rgb(0,0,0);font-weight:700;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Interoperability and Compatibility</span></p><br><p dir="ltr" style="line-height:1.38;margin-left:36pt;margin-top:0pt;margin-bottom:0pt"><span style="font-size:10pt;font-family:Arial;color:rgb(0,0,0);font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">This is a hard problem because of the diversity of stakeholders, requirements and existing protocols that exist in the identity ecosystem. Accordingly, we are starting not with a defined solution but rather a framework that can accommodate different levels of browser mediation, each with different sets of usability, privacy and deployment trade-offs. We expect to refine this into an API specification as discussions progress with other browsers, identity providers and relying parties.</span></p><br><p dir="ltr" style="line-height:1.38;margin-left:36pt;margin-top:0pt;margin-bottom:0pt"><span style="font-size:10pt;font-family:Arial;color:rgb(0,0,0);font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Edge: No Signals</span></p><p dir="ltr" style="line-height:1.38;margin-left:36pt;margin-top:0pt;margin-bottom:0pt"><span style="font-size:10pt;font-family:Arial;color:rgb(0,0,0);font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Firefox: early discussions</span></p><p dir="ltr" style="line-height:1.38;margin-left:36pt;margin-top:0pt;margin-bottom:0pt"><span style="font-size:10pt;font-family:Arial;color:rgb(0,0,0);font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Safari: No Signals</span></p><p dir="ltr" style="line-height:1.38;margin-left:36pt;margin-top:0pt;margin-bottom:0pt"><span style="font-size:10pt;font-family:Arial;color:rgb(0,0,0);font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Framework developers: early discussions with the Google Sign-In team</span></p><p dir="ltr" style="line-height:1.38;margin-left:36pt;margin-top:0pt;margin-bottom:0pt"><span style="font-size:10pt;font-family:Arial;color:rgb(0,0,0);font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Web developers: early discussions with relying parties, No Signals</span></p><br><p dir="ltr" style="line-height:1.38;margin-left:36pt;margin-top:0pt;margin-bottom:0pt"><span style="font-size:10pt;font-family:Arial;color:rgb(0,0,0);font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">We have also engaged with the OpenID foundation, and there is ongoing public discussion in the </span><a href="https://github.com/WICG/WebID/" style="text-decoration-line:none" target="_blank"><span style="font-size:10pt;font-family:Arial;font-variant-numeric:normal;font-variant-east-asian:normal;text-decoration-line:underline;vertical-align:baseline;white-space:pre-wrap">WICG repository</span></a><span style="font-size:10pt;font-family:Arial;color:rgb(0,0,0);font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">.</span></p><br><p dir="ltr" style="line-height:1.38;margin-left:36pt;margin-top:0pt;margin-bottom:0pt"><span style="font-size:10pt;font-family:Arial;color:rgb(0,0,0);font-weight:700;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Activation</span></p><br><p dir="ltr" style="line-height:1.38;margin-left:36pt;margin-top:0pt;margin-bottom:0pt"><span style="font-size:10pt;font-family:Arial;color:rgb(0,0,0);font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">We expect this project to go through design, implementation and rollout over a long period of time, in conjunction and coordination with IDPs, RPs, browser vendors and evolving privacy enhancements.</span></p><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:10pt;font-family:Arial;color:rgb(0,0,0);font-weight:700;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?</span></p><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:10pt;font-family:Arial;color:rgb(0,0,0);font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Yes.</span></p><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:10pt;font-family:Arial;color:rgb(0,0,0);font-weight:700;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Link to entry on the </span><a href="https://www.chromestatus.com/" style="text-decoration-line:none" target="_blank"><span style="font-size:10pt;font-family:Arial;font-weight:700;font-variant-numeric:normal;font-variant-east-asian:normal;text-decoration-line:underline;vertical-align:baseline;white-space:pre-wrap">feature dashboard</span></a></p><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><a href="https://www.chromestatus.com/feature/6438627087220736" style="text-decoration-line:none" target="_blank"><span style="font-size:10pt;font-family:Arial;font-variant-numeric:normal;font-variant-east-asian:normal;text-decoration-line:underline;vertical-align:baseline;white-space:pre-wrap">https://www.chromestatus.com/feature/6438627087220736</span></a></p><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:10pt;font-family:Arial;color:rgb(0,0,0);font-weight:700;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Requesting approval to ship?</span></p><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:10pt;font-family:Arial;color:rgb(0,0,0);font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">No</span></p></span><br></div>

<p></p>

-- <br>
You received this message because you are subscribed to the Google Groups "blink-dev" group.<br>
To unsubscribe from this group and stop receiving emails from it, send an email to <a href="mailto:blink-dev+unsubscribe@chromium.org" target="_blank">blink-dev+unsubscribe@chromium.org</a>.<br>
To view this discussion on the web visit <a href="https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALdEk-z%2BNtVPWBsU9M2c0P5Kg%2BQxMZbQxD%3D-st0E0zGrBui5mA%40mail.gmail.com?utm_medium=email&utm_source=footer" target="_blank">https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALdEk-z%2BNtVPWBsU9M2c0P5Kg%2BQxMZbQxD%3D-st0E0zGrBui5mA%40mail.gmail.com</a>.<br>
</div></div></div>