Intent to deprecate forwarding of mdoc-scheme URLs as Android Intents
752 views
Skip to first unread message
Adam Langley
Mar 20, 2023, 12:50:37 PM3/20/23
to blink-dev, Rick Byers
Primary eng emails
a...@chromium.org, rby...@chromium.org
Summary
Creating a dedicated secure browser API for mdoc selection to replace mdoc-scheme URLs on Chrome and Android.
Motivation
Last month, we sent an intent to prototype for a more secure browser API for mdoc selection, which we believe will more safely enable mobile driver’s licenses on the web across multiple wallets. In addition to allowing sites to request real-world identity information for opening a bank account, for example, this dedicated API will also provide users with more transparency and control into what personal information is then shared with the website requesting it.
As prototyping of the new API begins, we are considering blocking the URI schemes mdoc and mdoc-openid4vp from being forwarded directly to the OS (e.g. as Intents on Android). These schemes have been proposed as a way to use Chromium's support for websites opening complementary apps, to instead open and communicate directly with arbitrary wallet apps. We believe this mechanism is more prone to security risks for consumers, such as phishing attacks, by not providing enough information to the browser to be able to explain the request to the user, and that it prevents the operating system from mediating such requests.
For similar reasons, Android is exploring a complementary, API-based solution, instead of supporting the URL schemes mentioned above.
Like all Chromium projects, the new API will be developed in the open and we’ll be engaging with the developers, regulators, and industry groups for feedback.
a...@chromium.org, rby...@chromium.org
Summary
Creating a dedicated secure browser API for mdoc selection to replace mdoc-scheme URLs on Chrome and Android.
Motivation
Last month, we sent an intent to prototype for a more secure browser API for mdoc selection, which we believe will more safely enable mobile driver’s licenses on the web across multiple wallets. In addition to allowing sites to request real-world identity information for opening a bank account, for example, this dedicated API will also provide users with more transparency and control into what personal information is then shared with the website requesting it.
As prototyping of the new API begins, we are considering blocking the URI schemes mdoc and mdoc-openid4vp from being forwarded directly to the OS (e.g. as Intents on Android). These schemes have been proposed as a way to use Chromium's support for websites opening complementary apps, to instead open and communicate directly with arbitrary wallet apps. We believe this mechanism is more prone to security risks for consumers, such as phishing attacks, by not providing enough information to the browser to be able to explain the request to the user, and that it prevents the operating system from mediating such requests.
For similar reasons, Android is exploring a complementary, API-based solution, instead of supporting the URL schemes mentioned above.
Like all Chromium projects, the new API will be developed in the open and we’ll be engaging with the developers, regulators, and industry groups for feedback.
We are collecting feedback and metrics on this deprecation plan and will follow up with a bug and feature dashboard entry when pertinent.
Yoav Weiss
Mar 21, 2023, 7:25:46 AM3/21/23
to Adam Langley, blink-dev, Rick Byers
Thanks for sending this intent! :)
It seems like you didn't use the chromestatus.com template, so a few things are missing:
* The title is non-standard and hence didn't get caught in our tooling
* What's the timeline for which you want to deprecate the use of these URI schemes? When will they be removed?
* A short explainer outlining what will be deprecated and removed and how developers should deal with that
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL9PXLycoChNiZAMB33jVCe%3DUvdrFAYkQ%3DiKH%2BXqPK-bgS2VEA%40mail.gmail.com.
Adam Langley
Mar 21, 2023, 10:45:50 AM3/21/23
to Yoav Weiss, blink-dev, Rick Byers
On Tue, Mar 21, 2023 at 4:25 AM Yoav Weiss <yoav...@chromium.org> wrote:
Thanks for sending this intent! :)It seems like you didn't use the chromestatus.com template, so a few things are missing:* The title is non-standard and hence didn't get caught in our tooling* What's the timeline for which you want to deprecate the use of these URI schemes? When will they be removed?* A short explainer outlining what will be deprecated and removed and how developers should deal with that
At this point we are collecting feedback and metrics on this deprecation and a more standard and concrete plan will follow from that. This is not the usual way around, but we hope that by communicating earlier any impact will be reduced.
Cheers
AGL
Nicola Tommasi
Mar 24, 2023, 5:45:49 AM3/24/23
to blink-dev, Adam Langley, blink-dev, Rick Byers, Yoav Weiss
Hi Adam,
Thanks for sending this intent. I'm trying to understand a bit more the proposed deprecation so I have a few questions for you:
- Are these URIs already used by other APIs?If so, could you please make an example?
- Do you plan to block these URIs only for the mdoc presentation API?If the API is not shipped yet, why do we need a deprecation intent?
I'm sorry if the questions may sound trivial, I just wanted to be sure to get the full context around this topic.
Cheers,
Nicola
Adam Langley
Mar 24, 2023, 12:59:48 PM3/24/23
to Nicola Tommasi, blink-dev, Rick Byers, Yoav Weiss
On Fri, Mar 24, 2023 at 2:45 AM Nicola Tommasi <tomm...@chromium.org> wrote:
Hi Adam,Thanks for sending this intent. I'm trying to understand a bit more the proposed deprecation so I have a few questions for you:- Are these URIs already used by other APIs?If so, could you please make an example?
These URIs are specific to mdoc presentation. They are not a web API, they are a way for sites on Android to use Chromium's ability to trigger Android Intents, not to invoke the site's app, but to open an unrelated wallet app that would then communicate directly with the origin server.
- Do you plan to block these URIs only for the mdoc presentation API?If the API is not shipped yet, why do we need a deprecation intent?
These schemes aren't part of a web API. We believe that a web API is the better way to expose mdocs on the web and are sending this notice early to inform the ecosystem of our thinking and hopefully make an eventual deprecation less impactful.
Cheers
AGL
Nicola Tommasi
Mar 29, 2023, 2:32:37 AM3/29/23
to blink-dev, Adam Langley, blink-dev, Rick Byers, Yoav Weiss, Nicola Tommasi
Thanks Adam for providing more info. We discussed this topic within the Web Platform team yesterday and the feedback was positive. Could you please share the deprecation plan as soon as you have more details?
Cheers,
Nicola
Reply all
Reply to author
Forward
0 new messages