Hi Yi, Is this a request for an Origin Trial, or are you requesting to ship for some percentage of Stable users?
On Wednesday, February 15, 2023 at 9:28:14 PM UTC-5 Yi Gu wrote: > Contact emails > > > *y...@chromium.org <y...@chromium.org>*Explainer > > > *https://github.com/fedidcg/FedCM/issues/429 > <https://github.com/fedidcg/FedCM/issues/429>*Summary > > > *An extension to the existing FedCM API that allows a website to provide > its preference for a streamlined UX (automatically, rather than explicitly, > re-authenticating the user) when their users return to them. The API design > requires that the preference is only respected for returning users, that is > if the user has previously and explicitly granted permission for the > Relying Party (RP) and Identity Provider (IdP) communication in the browser > through a FedCM call.*Blink component > > > *Blink > Identity > FedCM > <https://bugs.chromium.org/p/chromium/issues/list?q=component%3ABlink%3EIdentity%3EFedCM&can=2>*TAG > > review > > *https://github.com/w3ctag/design-reviews/issues/813 > <https://github.com/w3ctag/design-reviews/issues/813>* > TAG review status > > > *Pending*Risks > Interoperability and Compatibility > > > > > > > > *Gecko: we have been actively working with Firefox > <https://github.com/fedidcg/FedCM/issues/429#issuecomment-1426162273>to > standardize this API. In general we are aligned on the feature itself. e.g. > auto re-authentication can provide streamlined UX without reducing privacy. > Meanwhile, there are some open questions about what API is more suitable to > achieve this goal. e.g. Firefox proposed to reuse the “mediation mode > <https://www.w3.org/TR/credential-management-1/#mediation-requirements>” in > Credential Management API which is a promising direction as well. We will > keep evaluating all the proposals and reach an alignment before > shipping.WebKit: No signal > <https://github.com/WebKit/standards-positions/issues/131> for “auto > re-authn” yet. Positive for the general FedCM API.No compatibility risk > from an API’s perspective. Auto re-authn is supported by adding a > new boolean to the existing FedCM API which is default to false (defaults > to the existing behavior).On cross-browser interoperability, because the > Auto re-authn API simply controls a UX preference suggested by the relying > party, the UA may choose not to respect it (for example, either across all > relying parties or through browser settings) and fallback to the existing > sign-in flow that requires an explicit user confirmation.Overall, this is a > small addition to the FedCM API, and as such mostly inherits the interop > and compatibility risks from that API. See > https://groups.google.com/a/chromium.org/g/blink-dev/c/URpYPPH-YQ4/m/E9pgS7GEBAAJ > > <https://groups.google.com/a/chromium.org/g/blink-dev/c/URpYPPH-YQ4/m/E9pgS7GEBAAJ> > > for the discussion.*Activation > > > > *Similar to the FedCM API, we deliberately leave the bulk of the work to > the IdP to ensure that minimal RP change is needed (no RP change is needed > for IdPs who have already supported similar flow). This feature, > specifically, is one that can be currently controlled by JS SDKs, so we > expect activation to have a similar profile as FedCM: immediately enabled > to websites (without any redeployment) by IdPs making use of it (by > redeploying their JS SDKs).*WebView Application Risks > > > > *N/A as this feature is not available on WebView.*Goals for > experimentation > > > > > *To learn whether the new streamlined re-authentication experience > performs well with users. We are planning to collect the following data > points: - number of successful re-authentication flows, - how often a user > may want to terminate the flow,- reasonable time for cooldown* > Debuggability > > > *Besides regular FedCM support, we show error messages stating why auto > re-authn is unavailable. *Will this feature be supported on all six Blink > platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)? > > > *NoSimilar to FedCM API, we expect the feature to be available on all > platforms (Windows, Mac, Linux, ChromeOS and Android) except WebView.*Is > this feature fully tested by web-platform-tests > <https://chromium.googlesource.com/chromium/src/+/master/docs/testing/web_platform_tests.md> > ? > > *Yes > <http://third_party/blink/web_tests/external/wpt/credential-management/fedcm-network-requests.https.html>. > (we’re > still working on making tests behave as intended on WPT.fyi)* > Flag name > > > *chrome://flags/#fedcm-auto-re-authn*Requires code in //chrome? > > > *True*Tracking bug > > > *You can track our progress here:https://crbug.com/1304404 > <https://crbug.com/1304404>*Launch bug > > > *https://launch.corp.google.com/launch/4229781 > <https://launch.corp.google.com/launch/4229781>*Estimated milestones > > > *M112*Link to entry on the Chrome Platform Status > > https://chromestatus.com/feature/5108344837111808 > > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/b10558be-2529-4284-baa3-9ed45adc464fn%40chromium.org.
