Formulate response to WebID / IsLoggedIn proposals
Issue #1197
open
Google’s WebID proposal is looking to tacking 4 core “issues” for users leveraging browsers to navigate the web:
- Block/separate advertising bounce tracking from identity federation flows
- Prevent RP collusion leveraging globally correlateable identifiers shared by the IDP
- Prevent IDPs knowing where the user is logging in before the user actually authenticates
- Separate Authentication flows from authorization flows as many web use cases just require authentication
Apple’s IsLoggedIn proposal is looking to enable the browser to intermediate identity flows and manage a bit for whether the user is logged in.
Comments (5)
-
-
We can continue discussing here as well as in the special calls.
-
Agenda for first special topic call
-
-
assigned issue to
Tim Cappalli
-
assigned issue to
-
- changed status to open
- Log in to comment
I would like to rephrase
3. Prevent IDPs knowing where the user is logging in before the user consents.
I know Geo & I disagree, but I think user consent is ALWAYS required here.
nb. user consent can be cached.