Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[pull] main from w3c-fedid:main #52

Merged
merged 3 commits into from
Sep 18, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .pr-preview.json
Original file line number Diff line number Diff line change
Expand Up @@ -4,4 +4,5 @@
"params": {
"force": 1
}

}
10 changes: 5 additions & 5 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ This is the repository for the W3C's FedID CG Federated Credentials Management A

Explainer: [explainer.md](explainer.md)

Work-in-progress specification: <https://fedidcg.github.io/FedCM/>
Work-in-progress specification: <https://w3c-fedid.github.io/FedCM/>

## Introduction

Expand All @@ -21,7 +21,7 @@ the removal of third-party cookies on federated login. Historically this has
relied on third-party cookies or navigational redirects in order to function
as they were the primitives provided by the web.

The [explainer](explainer.md) and [spec](https://fedidcg.github.io/FedCM)
The [explainer](explainer.md) and [spec](https://w3c-fedid.github.io/FedCM)
provide a potential API and the rational behind how that API was designed.

## Contributing
Expand All @@ -44,9 +44,9 @@ There are several ways to contribute to the Federated Credential Management API.
* If you're an Identity Provider, there are two sides of the implementation that
will be needed and any feedback on either side is appreciated.

1. The [Identity Provider API](https://fedidcg.github.io/FedCM/#idp-api) describes
1. The [Identity Provider API](https://w3c-fedid.github.io/FedCM/#idp-api) describes
the manifest and API needed server side.
2. The [Browser API](https://fedidcg.github.io/FedCM/#browser-api) describes the JavaScript
2. The [Browser API](https://w3c-fedid.github.io/FedCM/#browser-api) describes the JavaScript
interface to FedCM which will need to be utilized.

* If you're a Relying Party (i.e. website) and would like to test the changes out
Expand All @@ -55,7 +55,7 @@ There are several ways to contribute to the Federated Credential Management API.
JavaScript. (Until an IDP provides first party JavaScript to work with FedCM
this integration will be tricker). You can also review the demo provided by the
HOWTO and take a look at the
[Relying Party API](https://fedidcg.github.io/FedCM/#rp-api) to see what is needed
[Relying Party API](https://w3c-fedid.github.io/FedCM/#rp) to see what is needed
on the RP side.

## Code of Conduct
Expand Down
4 changes: 2 additions & 2 deletions explorations/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ active exploration into the problem space, potential end states, and possible
solutions. These all serve the purpose of providing context, understanding and
a shared idea of where we _could_ go. For a more specific document on what can
be done right now, please see the
[Federated Credential Management API](https://fedidcg.github.io/FedCM) proposal.
[Federated Credential Management API](https://w3c-fedid.github.io/FedCM) proposal.

This exploration has been broken into several sections.

Expand All @@ -22,7 +22,7 @@ This exploration has been broken into several sections.
* What are some [related problems](related_problems.md)?
* What has been tried [previously](prior.md)?
1. Description of where we [should](proposal.md) be and accompanying
[FedCM API](https://fedidcg.github.io/FedCM) proposal.
[FedCM API](https://w3c-fedid.github.io/FedCM) proposal.
* What [alternatives](alternatives_considered.md) have been explored?
1. Potential [roadmap](roadmap.md) to the [proposal](proposal.md).

Expand Down
2 changes: 1 addition & 1 deletion explorations/alternatives_considered.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# Alternatives Considered

Now that we have a deep understanding of (a) the [problem](README.md) and (b) the [motivations](https://fedidcg.github.io/FedCM/#privacy-threat-model) and [topology](activation.md) of the parties involved, lets look at some **why not**s.
Now that we have a deep understanding of (a) the [problem](README.md) and (b) the [motivations](https://w3c-fedid.github.io/FedCM/#privacy) and [topology](activation.md) of the parties involved, lets look at some **why not**s.

## The Status Quo

Expand Down
4 changes: 2 additions & 2 deletions explorations/cookies.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# Cookies

This is a **proposal** for a high level API to support identity federation under this [threat model](https://fedidcg.github.io/FedCM/#privacy-threat-model).
This is a **proposal** for a high level API to support identity federation under this [threat model](https://w3c-fedid.github.io/FedCM/#privacy).

It is widely known that browsers are either **already** blocking third party cookies or are planning to.

Expand All @@ -18,7 +18,7 @@ This is a proposal to preserve these operations in the absence of third party co

Cross-site communication is used throughout the entire lifecycle of the user signing in to a RP with an IDP, beginning at signing-up a new user all the way through managing the sessions (e.g. signing in, signing out or renewing refresh tokens).

From a [privacy threat model](https://fedidcg.github.io/FedCM/#privacy-threat-model) perspective, the design of this proposal is anchored on the observation that the most critical moment is when the identities between the RP and the IDP are joined for the very first time, namely when the user creates a new account in the RP using the identifiers from the IDP or when a user signs-in to an RP with an IDP for the first time in the browser: once the identities are joined, any arbitrary/uncontrolled cross-side communication can happen (with or without the browser's permission, e.g. via backchannel or cookie-less requests).
From a [privacy threat model](https://w3c-fedid.github.io/FedCM/#privacy) perspective, the design of this proposal is anchored on the observation that the most critical moment is when the identities between the RP and the IDP are joined for the very first time, namely when the user creates a new account in the RP using the identifiers from the IDP or when a user signs-in to an RP with an IDP for the first time in the browser: once the identities are joined, any arbitrary/uncontrolled cross-side communication can happen (with or without the browser's permission, e.g. via backchannel or cookie-less requests).

In this proposal, the browser:

Expand Down
2 changes: 1 addition & 1 deletion explorations/directed_identifiers.md
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@
# Directed identifiers
This document explores the ideas of [directed identifiers](glossary.md#directed-identifier) and [verifiably directed identifiers](glossary.md#verifiably-directed-identifier) in FedCM.

Directed identifiers are included in the FedCM proposal as an attempt to mitigate [Relying Party tracking](README.md#the-rp-tracking-problem) of users by means of [identifier correlation](https://fedidcg.github.io/FedCM/#attack-scenarios-by-rp-cross-site-correlation). As traditional tracking mechanisms have become less accessible, a fallback method for following user activity across the web has been for web sites with account systems to correlate personal identifiers associated with each account. For example, all sites that require users to use email addresses as login identifiers can collude to uniquely identify a given user across all of those sites, and profile that user's full activity across them.
Directed identifiers are included in the FedCM proposal as an attempt to mitigate [Relying Party tracking](README.md#the-rp-tracking-problem) of users by means of [identifier correlation](https://w3c-fedid.github.io/FedCM#attack-scenarios-by-rp-cross-site-correlation). As traditional tracking mechanisms have become less accessible, a fallback method for following user activity across the web has been for web sites with account systems to correlate personal identifiers associated with each account. For example, all sites that require users to use email addresses as login identifiers can collude to uniquely identify a given user across all of those sites, and profile that user's full activity across them.

Conceptually, a directed identifer is a limited-scope identifier that has a one-way mapping from a user identifier that is known to an Identity Provider. The original identifier cannot practically be derived from the directed identifier by anyone other than the IdP or possibly the user.

Expand Down
4 changes: 2 additions & 2 deletions explorations/glossary.md
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,7 @@ References: [OIDC terminology](https://openid.net/specs/openid-connect-core-1_0.
### IDP tracking
* _A privacy threat in which an [Identity Provider](#identity-provider-idp) is able to surveil or correlate user activity across the web._

References: [FedCM Threat Model](https://fedidcg.github.io/FedCM/#attack-scenarios-by-idp)
References: [FedCM Threat Model](https://w3c-fedid.github.io/FedCM/#idp-intrusion)


### Relying Party (RP)
Expand All @@ -106,7 +106,7 @@ References: [OIDC terminology](https://openid.net/specs/openid-connect-core-1_0.
### RP tracking
* _A privacy threat in which a [Relying Party](#relying-party-rp) is able to surveil or correlate user activity across the web._

References: [FedCM Threat Model](https://fedidcg.github.io/FedCM/#attack-scenarios-by-rp)
References: [FedCM Threat Model](https://w3c-fedid.github.io/FedCM/#rp-fingerprinting)


### Standard claims
Expand Down
8 changes: 4 additions & 4 deletions explorations/navigations.md
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
# Navigations

This is an **early exploration** of the design alternatives to address [bounce tracking](README.md#stage-2-bounce-tracking) under [this threat model](https://fedidcg.github.io/FedCM/#privacy-threat-model).
This is an **early exploration** of the design alternatives to address [bounce tracking](README.md#stage-2-bounce-tracking) under [this threat model](https://w3cping.github.io/privacy-threat-model/).

This section goes over the **what** and the **how**. It presuposes that you have read and started from:

- The **why**: the [problem statement](problem.md) and the [motivations](https://fedidcg.github.io/FedCM/#privacy-threat-model) and the [topology](activation.md) of the parties involved.
- The **why**: the [problem statement](problem.md) and the [motivations](https://w3cping.github.io/privacy-threat-model/) and the [topology](activation.md) of the parties involved.
- The **why not**: the [alternatives considered](alternatives_considered.md) (e.g. the [prior art](prior.md), the [status quo](alternatives_considered.md#the-status-quo) and the [requestStorageAccess API](alternatives_considered.md#the-request-storage-access-api)).

We'll then go over the [high-level overview](#high-level-design) and a breakdown into two smaller problems:
Expand Down Expand Up @@ -39,7 +39,7 @@ We'll go over each of these separately next.

The consumer API is the Web Platform privacy-oriented API that relying parties call to request information from a specific identity provider, to be used in replacement of the current redirect/popup affordances that are currently used.

From the perspective of [The Privacy Threat Model](https://fedidcg.github.io/FedCM/#privacy-threat-model), there are two notably distinct uses of federation:
From the perspective of [The Privacy Threat Model](https://w3cping.github.io/privacy-threat-model/), there are two notably distinct uses of federation:

* [signing-in](glossary.md#federated-sign-in) and
* [authorization](glossary.md#authorization)
Expand Down Expand Up @@ -128,7 +128,7 @@ Now that we looked at the surface area introduced for relying parties, lets turn

The purpose of the Provider API is to fulfill the invocation of [The Consumer API](#the-Consumer-api) by coordinating with the identity provider.

From the perspective of [The Privacy Threat Model](https://fedidcg.github.io/FedCM/#privacy-threat-model), the Provider API has a much wider set of choices and trade-offs:
From the perspective of [The Privacy Threat Model](https://w3cping.github.io/privacy-threat-model/), the Provider API has a much wider set of choices and trade-offs:

1. Because of the [classification problem](README.md#the-classification-problem), we want to prevent a tracker from abusing this API by impersonating an IDP to track users.
1. Because of the [RP tracking problem](README.md#the-rp-tracking-problem), we want to promote directed identifiers as much as we can.
Expand Down
4 changes: 2 additions & 2 deletions explorations/proposal.md
Original file line number Diff line number Diff line change
Expand Up @@ -127,7 +127,7 @@ Notably, for cases where the IDP controls the deployment of the JavaScript runni
```javascript
// This is just a possible starting point, largely TBD.
//
// Note, this historical, see https://fedidcg.github.io/FedCM for the current API.
// Note, this historical, see https://w3c-fedid.github.io/FedCM for the current API.
//
let {idToken} = await navigator.credentials.get({
provider: 'https://accounts.example.com',
Expand All @@ -151,7 +151,7 @@ In this formulation, the triggering of the API works similarly as before, but th
```javascript
// This is just a possible starting point, largely TBD.
//
// Note, this historical, see https://fedidcg.github.io/FedCM for the current API.
// Note, this historical, see https://w3c-fedid.github.io/FedCM for the current API.
//
let {idToken} = await navigator.credentials.get({
provider: 'https://accounts.example.com',
Expand Down
4 changes: 2 additions & 2 deletions privacy_questionnaire.md
Original file line number Diff line number Diff line change
Expand Up @@ -107,8 +107,8 @@ resulting from browsing in incognito mode should be cleared once the user ends t

### 15. Does this specification have both "Security Considerations" and "Privacy Considerations" sections?

Security section is work in progress: https://fedidcg.github.io/FedCM/#security Privacy is discussed
more in depth: https://fedidcg.github.io/FedCM/#privacy
Security section is work in progress: https://w3c-fedid.github.io/FedCM/#security Privacy is discussed
more in depth: https://w3c-fedid.github.io/FedCM#privacy

### 16. Do features in your specification enable origins to downgrade default security protections?

Expand Down
2 changes: 1 addition & 1 deletion spec/index.bs
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ Text Macro: TRUE <code>true</code>
Text Macro: RP Relying Party
Text Macro: IDP Identity Provider

Abstract: A Web Platform API that allows users to login to websites with their federated accounts in a privacy preserving manner.
Abstract: A Web Platform API that allows users to login to websites with their federated accounts in a privacy-preserving manner.

Test Suite: https://github.com/web-platform-tests/wpt/tree/master/fedcm
</pre>
Expand Down
Loading