Formulate response to WebID / IsLoggedIn proposals
Issue #1197
closed
Google’s WebID proposal is looking to tacking 4 core “issues” for users leveraging browsers to navigate the web:
- Block/separate advertising bounce tracking from identity federation flows
- Prevent RP collusion leveraging globally correlateable identifiers shared by the IDP
- Prevent IDPs knowing where the user is logging in before the user actually authenticates
- Separate Authentication flows from authorization flows as many web use cases just require authentication
Apple’s IsLoggedIn proposal is looking to enable the browser to intermediate identity flows and manage a bit for whether the user is logged in.
Comments (7)
-
-
We can continue discussing here as well as in the special calls.
-
Agenda for first special topic call
-
-
assigned issue to
Tim Cappalli
-
assigned issue to
-
- changed status to open
-
OpenID Connect people are significantly engaged in what’s evolved from these proposals in the W3C. I suggest that we close this issue on that basis.
-
- changed status to closed
On the 26-Aug-24 Connect working group call, George suggested that this be closed as having been overcome by events. These efforts are now part of the FedCM work.
- Log in to comment
I would like to rephrase
3. Prevent IDPs knowing where the user is logging in before the user consents.
I know Geo & I disagree, but I think user consent is ALWAYS required here.
nb. user consent can be cached.