#FedID CG call (Atlantic), 26 March 2024
-
Moderator: Tim Cappalli
-
Scribe: Michael Knowles
Call-in details: see https://www.w3.org/groups/cg/fed-id/calendar/
Charter: https://github.com/w3c/fedidcg
-
Administrivia
-
Scribe volunteer(s)?
-
Reminders:
-
Federated Identity Working Group — update
-
-
Cross Site Cookie Access Credential
- Integrate more directly with FedCM — issue 4
-
FedCM
-
AOB
-
Simone
-
Will announce the WG imminently
-
Next: Call for Participation
-
And once that’s accomplished, it can officially start
-
Will determine about Virtual meeting vs. face-to-face at or before TPAC
-
-
Tim
- Idea is for FedID CG to still be paired with the FedID WG
-
Sam
- Strategy was to form the WG quickly and then add the Digital Credentials effort after that, as a separate addition
-
Philippe
-
Advisory committee meeting in 2 weeks in Japan (April 8-9)
-
Focus is Identity on the Web
-
Won’t do any more on Digital Credentials until after that meeting
-
Then: Horizontal review of Charter, with consideration of adding Digital Credentials
-
Already asked TAG to review Digital Credentials
-
Will also need review from Privacy people on addition of DCs to the Charter
-
Expected to take about a month
-
Expected by mid-May will have done reviews, then AC review
-
So, by mid-to-end of June, expect to have DCs as part of the Charter
-
Of course, if any objections arise, we would have to address them
-
-
Sam
- Objections so far?
-
Philippe
-
Too early at the moment, but some people had expressed some concerns
-
Will report back after that meeting in 2 weeks in Japan
-
Heather will be remotely attending that meeting
-
(the meeting is not just Digital Credentials, but that is part of it)
-
Also: the TAG can sometimes take 3 months before responding
-
Hopefully will hear from TAG by mid-May
-
-
Ben
-
<presenting Cross Site Cookie Access Credential proposal from GitHub>
-
This is the new work
-
Lighter-weight way to pass credentials to browser between IdPs and RPs
-
New work is how to integrate with FedCM
-
Wanted to bring to group idea of making it part of FedCM as a different operating mode
-
Would be in the same namespace as FedCM
-
Call for interaction on Issue #4
-
Please look at this proposal and we’ll discuss next week
-
-
Sam
-
Just to report back: we’ve been working on this for a while
-
At a point where there is a prototype
-
Rough Privacy & Security guidance that it is a solvable problem
-
Now assessing Developer Demand
-
We put features behind flags and monitor how many people try it out
-
There are instructions on how to use it
-
Encourage people to try it out
-
Won’t move forward until people actually use it and ask for additional development
-
Generally trying to assess product-market fit for Developers
-
So, it will be in this stage until people try it out
-
If no usage / demand in a year, then will likely remove the code
-
-
Tim
- What is the window for people to try it out?
-
Sam
-
Self-imposed deadline
-
Chrome separates DevTrials from Origin Trials / Launching
-
DevTrials asks developers to try it out by turning on flags
-
If lots of demand, it will go to Origin Trials where we expect developers to try it out against real users
-
Then, assuming Origin Trial goes well, it will be launched
-
Also more art than science to know how many developers we’d need to gauge demand
-
But if one big IdP picked it up, that would probably be enough to take it to Origin Trials within a month or so (depending on any changes required)
-
-
Tim
- Anyone already playing with this or intending to?
-
Sam
-
Solid community had said they were interested
-
And a second one — Seamless Access folks maybe?
-
Heard that it was worth building, but will have to see if they find it useful
-
It’s possible that we got it wrong — just need to know where
-
-
Chris
-
R&E Sector is about having clarity for ourselves where discovery of thousands of IdPs happens
-
Will it be played with by us — yes
-
Is it a replacement for Discover-my-idP? Or is it just the registration role?
-
-
Sam
-
Not sure what role it plays — need for people to try it out to see exactly where it fits — and we can figure that out together with people who try it out
-
If there are things we could change to make life better, we should be able to do that
-
It seems that there are various things that can be improved in the R&E space, but need people to try it to see what those things are
-
-
Tim
- Not sure if anyone has had
-
Yi
-
We just sent out Intent to Prototype
-
Patch is up for review
-
Trying to get some feedback and solve more use cases
-
Limitation of SAA and where FedCM could help with that access
-
Idea is to put it behind a flag and let people try it out to see if it actually solves people’s problems or what might need to be changed if needed
-
-
Tim
-
Document started for IIW, for Digital Credentials work
-
Want to be more organized ahead of time to optimize the meeting
-
-
Michael Knowles (Google Chrome)
-
Philippe Le Hegaret (W3C)
-
George Fletcher (Capital One)
-
Brian Daugherty (google identity)
-
Steffi Dobretzberger (DAASI International)
-
Ted Thibodeau (he/him) (OpenLink Software)
-
Zachary Tan (Google Chrome)
-
Chris Fredrickson (Google Chrome)
-
Christian Biesinger (Google Chrome) (joined at :10)
-
Tim Cappalli (Okta, co-chair)
-
Ben VanderSloot (Mozilla)
-
Simone Onofri (W3C)
-
Yi Gu (Google Chrome)
-
Achim Schlosser (Bertelsmann, Co-Chair)