Status of FPWD‐identified Issues

This is a tracking list of issues the WG labeled as critical open issues during the FPWD process that must be formally addressed before publication of a Candidate Recommendation.

Issue	Stage	Action / Meeting
Issue 428: Enforce CORS on the Identity Assertions endpoint	2	See PR 547
Issue 537: Allow setting IDP login status from same-site subresources	2	See PR 538
Issue 442: A not-yet logged in IDP has no route to success with this flow – Active Mode	1	Proposing to Advance to Stage 2
Issue 555: Allow IdPs to continue and finish the request in a popup window – Continuation API	1	Proposing to Advance to Stage 2
Issue 511: Allow signing in to additional account(s)	1	Proposing to advance to Stage 2
Issue 552: Allow IDPs to use multiple config files within an eTLD+1	1	Proposing to advance to Stage 2
Issue 488: Users may be confused after showing intent to sign in but the sign-in is failed	1	Proposing to Advance to Stage 2
Issue 319: Allow multiple IDPs to be used	1
Issue 467: Use cases for Cross-Site Cookie Access through Storage Access API after FedCM grant? – SAA Auto-grant	1	Proposing to Advance to Stage 2
Issue 517: Allow user agents to use "Connected Accounts Set" with flexibility	1	Proposing to Advance to Stage 2
Issue 352: Share performance measurement with IDP	1	Proposing to advance to Stage 2
Issue 407: [Context API] - Authz / relation to ability to specify scope	1	Proposing to Advance to Stage 2
Issue 320: Why Sec-FedCM-CSRF and not Sec-Fetch-Mode
Issue 240: Users can’t use IdPs outside of the ones enumerated by RPs — IdP Registration	1
Issue 441: The IDP has to support additional infrastructure to support FedCM – Lightweight	1
Issue 317: concerns about email in Accounts List	0	Proposal to move to Stage 1
Issue 553: Allowing IDPs to expose different account lists in different contexts	0
Issue 556: Passing arbitrary parameters to the ID assertion endpoint	0
Issue 559: Allow RPs to selectively request attributes of the user’s profile	0
Issue 578: Allow IdPs to return JSON objects rather than Strings back to RPs	0
Issue 585: Allow IdP registration and RPs to match on a "type" – IdP Registration	0
Issue 587: Why must SameSite=none?	0
Issue 599: OAuth profile for FedCM	0
Issue 609: Spec says we send SameSite=Strict cookies	0
Issue 616: Once params are merged into the spec, deprecate the nonce parameter	0
Issue 618: Support chained authentication flows before reducing heuristics and classifications/lists in navigational tracking mitigations	0
Issue 620: Make it easier to deploy this at the eTLD+1 for registered IdPs	0
Issue 625: Returning accounts go first in getUserInfo	0
Issue 626: PP/TOS requirements are different from auto reauthentication	0
Issue 627: Add webdriver command to open PP/TOS	0