Add list of FPWD critical issues (#623)

* Add list of FPWD critical issues List the issues that, cefore publication of the FPWD, the WG and CG identified to be considered before CR publication. * Update spec/index.bs Accept MT's changes Co-authored-by: Martin Thomson <[email protected]> * Update index.bs per 30 July WG call s/resolved/formally addressed/ * Add to issue list (#630) Additional issues per #623 (review) --------- Co-authored-by: Martin Thomson <[email protected]>
w3c-fedid · Aug 14, 2024 · 22ec66d · 22ec66d
1 parent 10794f7
commit 22ec66d
Showing 1 changed file with 39 additions and 0 deletions.
diff --git a/spec/index.bs b/spec/index.bs
@@ -2937,3 +2937,42 @@ Note: write down the Acknowledgements section.
   }
 }
 </pre>
+
+<!-- ====================================================================== -->
+# FPWD Issues # {#openissues}
+<!-- ====================================================================== -->
+Note: The WG has labeled the following issues as critical open issues that must be formally addressed before publication of a Candidate Recommendation.
+
+    <ul id="issueList">
+<ul><li>Issue 240: <a href="https://github.com/fedidcg/FedCM/issues/240">Users can't use IdPs outside of the ones enumerated by RPs</a></li>
+<li>Issue 317: <a href="https://github.com/fedidcg/FedCM/issues/317">concerns about email in Accounts List</a></li>
+<li>Issue 319: <a href="https://github.com/fedidcg/FedCM/issues/319">Allow multiple IDPs to be used</a></li>
+<li>Issue 320: <a href="https://github.com/fedidcg/FedCM/issues/320">Why Sec-FedCM-CSRF and not Sec-Fetch-Mode</a></li>
+<li>Issue 352: <a href="https://github.com/fedidcg/FedCM/issues/352">Share performance measurement with IDP</a></li>
+<li>Issue 407: <a href="https://github.com/fedidcg/FedCM/issues/407">[Context API] - Authz / relation to ability to specificy scope</a></li>
+<li>Issue 428: <a href="https://github.com/fedidcg/FedCM/issues/428">Enforce CORS on the Identity Assertions endpoint</a></li>
+<li>Issue 441: <a href="https://github.com/fedidcg/FedCM/issues/441">The IDP has to support additional infrastructure to support FedCM</a></li>
+<li>Issue 442: <a href="https://github.com/fedidcg/FedCM/issues/442">A not-yet logged in IDP has no route to success with this flow</a></li>
+<li>Issue 467: <a href="https://github.com/fedidcg/FedCM/issues/467">Use cases for Cross-Site Cookie Access through Storage Access API after FedCM grant?</a></li>
+<li>Issue 488: <a href="https://github.com/fedidcg/FedCM/issues/488">Users may be confused after showing intent to sign in but the sign-in is failed</a></li>
+<li>Issue 511: <a href="https://github.com/fedidcg/FedCM/issues/511">Allow signing in to additional account(s)</a></li>
+<li>Issue 517: <a href="https://github.com/fedidcg/FedCM/issues/517">Allow user agents to use "Connected Accounts Set" with flexibility</a></li>
+<li>Issue 537: <a href="https://github.com/fedidcg/FedCM/issues/537">Allow setting IDP login status from same-site subresources</a></li>
+<li>Issue 552: <a href="https://github.com/fedidcg/FedCM/issues/552">Allow IDPs to use multiple config files within an eTLD+1</a></li>
+<li>Issue 553: <a href="https://github.com/fedidcg/FedCM/issues/553">Allowing IDPs to expose different account lists in different contexts</a></li>
+<li>Issue 555: <a href="https://github.com/fedidcg/FedCM/issues/555">Allow IdPs to continue and finish the request in a popup window</a></li>
+<li>Issue 556: <a href="https://github.com/fedidcg/FedCM/issues/556">Passing arbitrary parameters to the ID assertion endpoint</a></li>
+<li>Issue 559: <a href="https://github.com/fedidcg/FedCM/issues/559">Allow RPs to selectively request attributes of the user's profile</a></li>
+<li>Issue 578: <a href="https://github.com/fedidcg/FedCM/issues/578">Allow IdPs to return JSON objects rather than Strings back to RPs</a></li>
+<li>Issue 585: <a href="https://github.com/fedidcg/FedCM/issues/585">Allow IdP registration and RPs to match on a "type"</a></li>
+<li>Issue 587: <a href="https://github.com/fedidcg/FedCM/issues/587">Why must SameSite=none?</a></li>
+<li>Issue 599: <a href="https://github.com/fedidcg/FedCM/issues/599">OAuth profile for FedCM</a></li>
+<li>Issue 609: <a href="https://github.com/fedidcg/FedCM/issues/609">Spec says we send SameSite=Strict cookies</a></li>
+<li>Issue 616: <a href="https://github.com/fedidcg/FedCM/issues/616">Once `params` are merged into the spec, deprecate the `nonce` parameter</a></li>
+<li>Issue 618: <a href="https://github.com/fedidcg/FedCM/issues/618">Support chained authentication flows before reducing heuristics and classifications/lists in navigational tracking mitigations</a></li>
+<li>Issue 620: <a href="https://github.com/fedidcg/FedCM/issues/620">Make it easier to deploy this at the eTLD+1 for registered IdPs</a></li>
+<li>Issue 625: <a href="https://github.com/fedidcg/FedCM/issues/625">Returning accounts go first in getUserInfo</a></li>
+<li>Issue 626: <a href="https://github.com/fedidcg/FedCM/issues/626">PP/TOS requirements are different from auto reauthentication</a></li>
+<li>Issue 627: <a href="https://github.com/fedidcg/FedCM/issues/627">Add webdriver command to open PP/TOS</a></li></ul>
+</body></html>
+