Wiki
Clone wikiconnect / Browser Interactions Special Topics Call - 20210407
OIDC Browser Interactions Special Topics Call
2021-04-07
Attendees
- Tim Cappalli (Microsoft Identity)
- Jared Hanson (Okta)
- Pam Dingle (Microsoft Identity)
- Don Thibeau (OIDF)
- Achim Schlosser (EnID)
- Brian Campbell (Ping)
- Vittorio Bertocci (Auth0)
- David Bantz
- Heather Flanagan
- Brock Allen
- Tony Nadalin
- Adam Lemmon
- Tom Jones
- John Bradley (Yubico)
Agenda
- Intros, reintros, agenda bash
- OIDF Workshop
- PWA Updates (Tom Jones)
- Volunteers for use cases
- Review submitted use cases
- Topics for next call
- Open Discussion
Notes
OIDF Workshop
- [Don] OIDF workshop will include a special session on this topic. Plans to have a join session/discussion in the future (maybe W3C and Internet2), hopefully within a month.
- [Heather] targeting first half of May
- [Don] Progressive agenda based off this call's work. Google's OIDF board member has taken this as a task
Tom PWA Updates
- [Tom] Many balls in the air regarding web apps, difficult to make sense of them.
- [Tom] Would FPS actually work with thousands of domains?
- [Heather] In academia, MIT and Harvard as examples have a bunch of schools under the single uni name
- [Tom] *.mit.edu is valid FPS entry
- [Heather] HBS is hbs.edu
- [Tim] TAG Review Feedback on FPS
- [Achim] Higher level control of what is in an FPS due to potential for misuse
- [Achim] Also came up in ILI proposal
- [Tom] Site and origin are now used instead of domain in many of these proposals
Use Cases
- [Heather] Issues 13, 14, 15, 16, 20 are the most important
- [Vittorio] Teased out the list of issues that are tactical with Google team. Maybe just a prompt to the user instead of a new implementation.
- [Tom] Repros have been important in the past
- [Vittorio] Description of the use case should be enough to recreate. Start with the document and add repro potentially later. You should hint at this.
- [Tom] May be able to helo out with issue 20
- [Heather] Anyone from FinTech?
- [Vittorio] PayPal, for example, doesn't expect to be part of distributed sign out
- [Vittorio] Don't describe how things break. Describe how it works.
- [Heather] Please read and review the existing PR
- [Heather] This one might be a good sample
Other Discussion
- [Tom] Can we get Apple involved?
- [Vittorio] Really only way to get them involved is via W3C
- [Tom] What about the ILI proposal? Can we tie it to session management?
- [Heather] Can we get Firefox into the public setting?
- [John] Mozilla hasn't really actively engaged with OIDF
- [Heather] Some information on the heuristics that Firefox is using to figure out what to allow and what to block: https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Privacy/State_Partitioning & https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Privacy/Storage_access_policy#storage_access_grants
- [Achim] Lots of prompts from heuristics on Firefox
- [Heather] Firefox not happy with the user experience
Updated