Wiki
Clone wikiconnect / Browser Interactions Special Topics Call - 20210505
OIDC Browser Interactions Special Topics Call
2021-05-05
Attendees
- Tim Cappalli (Microsoft Identity)
- Tony Nadalin
- Bjorn Hjelm (Verizon)
- Vittorio Bertocci (Auth0/Okta)
- Brock Allen
- David Waite (Ping)
- Heather Flanagan
- Sam Goto (Google/Chromium)
- Jared Hanson (Okta)
- Tom Jones
- John Bradley (Yubico)
- Edmund Jay
- Brian Campbell (Ping)
Agenda
- Intros, reintros, agenda bash
- Open discussion: Highlights from OIDF workshop or IIW
- Workshop updates (Heather)
- R&E Federation Updates (Heather / Tim / Vittorio)
- Review Front-Channel Logout Use Case
- Volunteers for use cases
- Topics for next call
- Open Discussion
Notes
Workshop updates
- {Heather} May 25/26 are still the targeted dates, but may change. Google, Microsoft and Facebook are all confirmed for participation. Still trying to get Apple and Mozilla involved. Go/No Go coming soon
R&E Federation Meeting
{Heather}
-
Meeting was very well attended (60 people)
-
Discussion around adding a new attribute to a cookie to clear on browser close
-
{Vittorio} People asked: "Why are browsers preserving session on browser close?". Many apps want a persistent cookie so many will use persistent anyway.
-
{Vittorio} Before engaging with HTTP folks at IETF, should discuss further with Scott and team
-
{Heather} Having the tool in the toolbox would be helpful
-
{Vittorio} SameSite is still draft at IETF. Seems some of these cookies attributes are born elsewhere.
-
{Sam Goto} Each browser has their own process. Chrome uses this https://www.chromium.org/blink/launching-features. Intent to ship is the last call (often after a year of work). Intent to Experiment is a stronger signal where real users are exposed. TAG reviews happen here and also ask for other browser positions.
-
{Vittorio} Something lower level like a cookie attribute
-
{Sam Goto} should have been same process for SameSite https://groups.google.com/a/chromium.org/g/blink-dev/c/-unZxHbw8Pc
-
{Heather} First time many folks understood that this wasn't just about 3P cooies, ex: link decoration. Hopefully will trigger more interest and engagement
Use Case Discussions
- {Heather} Multilateral SAML one doesn't touch on 3P cookies
- {Sam Goto} Concerned about premature generalization. Prefer a few well written ones
- {Vittorio} Scenarios are designed to have information in a way that's easy to be consumed
- {Heather} Trying to avoid suggesting solutions in these use cases
- {Sam Goto} Someone needs to look at the layers all the way through
- {Heather} would like to have some kind of pipeline for use cases
Updated