Intent to Extend Experiment: Federated Credentials Management API (FedCM)

465 views
Skip to first unread message

Yi Gu

unread,
Aug 15, 2022, 10:25:05 AM8/15/22
to blink-dev

Contact emails

yi...@chromium.org, go...@chromium.org 

 

Spec (Copied from I2E)

https://fedidcg.github.io/FedCM/

 

Summary (Copied from I2E)

A Web Platform API that allows users to login to websites with their federated accounts in a manner compatible with improvements to browser privacy.

 

In this origin trial, we are interested in experimenting with an account chooser for federated accounts, which we expect to be a foundational infrastructure for the Web going forward.

 

Blink component (Copied from I2E)

Blink > Identity > FedCM

 

Goals for experimentation (Copied from I2E)

To learn about:

  • requirements: what aspects of federated identity are going to be affected by phasing out third party cookies?

  • demand: who is going to be affected? and how important is it for them?

  • deployment viability: is it a practical solution?

  • user acceptance: does our implementation perform well with users?

 

TAG review (Updated)

Spec reviewed: https://github.com/w3ctag/design-reviews/issues/718 

Early reviewed: https://github.com/w3ctag/design-reviews/issues/622  

 

Links to previous Intent discussions (Updated)

 

Link to blogs (Updated)

 

Experimental timeline (Updated)

The experiment started in M101 on Android and M103 on desktop platforms and is currently scheduled to run until M105 (August 30th, 2022).

 

We would like to extend the experiment through M107 (inclusive, Oct 25, 2022)

 

Reasons this experiment is being extended (New)

  • First, Identity Providers are gathering more and more production experience by gradually increasing their deployment reach to relying parties. Because that’s done on real users on production traffic in such a sensitive area (authentication), it is being done very carefully. In doing so, they are teaching us a lot about corner cases that we had not anticipated (e.g. CSP issues, supporting the API to be called inside iframes and UX needs) We addressed most production challenges that we ran into, but we’d like to extend our origin trials to see if we run into more. Here are some features/extensions that we developed that we’d like to gather data on during an extended origin trial:

  • A new endpoint that helps all partners to measure performance

  • Supporting the API in cross-origin iframes with proper Permissions Policy (default to opt-out)

  • Minor UI tweaks

  • Second, Browser vendors have also been giving us guidance that we’d like to learn from and experiment with more. Specifically, we want to work with Firefox during the origin trial extension to explore two suggestions: (a) supporting multiple identity providers in the account chooser and (b) exploring more privacy-preserving architectural choices to  fetch the user accounts (aka “The Pull vs Push Models”).

 

Debuggability (Copied from I2E)

Basic devtools integration supported. More to come as we learn.

https://github.com/fedidcg/FedCM/blob/main/explorations/HOWTO.md

https://bugs.chromium.org/p/chromium/issues/detail?id=1291653

 

Will this feature be supported on all five Blink platforms supported by Origin Trials (Windows, Mac, Linux, Chrome OS, and Android)? (Copied from I2E)

Yes.

 

Is this feature fully tested by web-platform-tests? (Copied from I2E)

Yes.

 

 

Link to entry on the feature dashboard (Copied from I2E)

https://chromestatus.com/feature/6438627087220736


Mike Taylor

unread,
Aug 15, 2022, 10:44:49 AM8/15/22
to Yi Gu, blink-dev
LGTM to extend to 107 inclusive. That bumps mobile to 7 milestones (desktop to 5), but I believe you've cleared the bar for demonstrated substantial progress towards shipping.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CACh2XCNzU99Uy6EHMkj9uPhH-eCvkgvhsNLVQ_Tk%3D7u2txLgCQ%40mail.gmail.com.


Yi Gu

unread,
Aug 15, 2022, 11:12:24 AM8/15/22
to Mike Taylor, Yi Gu, blink-dev
Thanks Mike!

Clarification: the dates listed after the planned milestone are the stable release dates.
Reply all
Reply to author
Forward
0 new messages