[Openid-specs-ab] Agenda - OIDF Browser Interactions Special Topic Call - 2021-03-24 19:05 UTC
Brian Campbell
bcampbell at pingidentity.com
Wed Mar 24 20:09:57 UTC 2021
It seemed like there was a fair amount of miscommunication at the end of
the call around the "POST" issue that George brought up as an example of an
impactful change. Hopefully I don't further contribute to the
miscommunication but I think he was talking about the [defaulting to
SameSite=]Lax + POST mitigation mentioned in
https://www.chromium.org/updates/same-site/faq and copied here:
> Q: What is the Lax + POST mitigation?This is a specific exception made to
> account for existing cookie usage on some Single Sign-On implementations
> where a CSRF token is expected on a cross-site POST request. This is purely
> a temporary solution and will be removed in the future. It does not add any
> new behavior, but instead is just not applying the new SameSite=Lax default
> in certain scenarios.
>
> Specifically, a cookie that is at most 2 minutes old will be sent on a
> top-level cross-site POST request. However, if you rely on this behavior,
> you should update these cookies with the SameSite=None; Secure attributes
> to ensure they continue to function in the future.
>
On Tue, Mar 23, 2021 at 9:27 AM Tim Cappalli via Openid-specs-ab <
openid-specs-ab at lists.openid.net> wrote:
> Hi all,
>
>
>
> Here's the agenda for tomorrow.
>
> * Intros, reintros, agenda bash
> * Review known use case list
> <https://docs.google.com/document/d/1z9Plb3ntW8s_dg9SSjd6Z7_88I4KhVjaGYYSoEYC40Y>
> and request for contributions
> * Review submitted use cases
> * Topics for next call
> * Open Discussion
>
>
> Meeting Link: https://global.gotomeeting.com/join/379258645 | Time
> <https://www.timeanddate.com/worldclock/converter.html?iso=20210113T190500&p1=22&p2=248&p3=236&p4=438&p5=776&p6=16&p7=1440&p8=43&p9=24&p10=220&p11=234>
>
>
>
> Meeting Agenda / Notes Page: openid / connect / wiki / Browser
> Interactions Special Topics Call - 20210324 — Bitbucket
> <https://bitbucket.org/openid/connect/wiki/Browser%20Interactions%20Special%20Topics%20Call%20-%2020210324>
>
>
> Meeting Landing Page: openid / connect / wiki / Browser Interactions
> Special Topics Call — Bitbucket
> <https://bitbucket.org/openid/connect/wiki/Browser%20Interactions%20Special%20Topics%20Call>
>
>
>
>
> tim
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
--
_CONFIDENTIALITY NOTICE: This email may contain confidential and privileged
material for the sole use of the intended recipient(s). Any review, use,
distribution or disclosure by others is strictly prohibited. If you have
received this communication in error, please notify the sender immediately
by e-mail and delete the message and any file attachments from your
computer. Thank you._
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20210324/ca501428/attachment.html>
More information about the Openid-specs-ab
mailing list