LGTM1. Note that "consensus in the WG" and "stage 2" are not terribly meaningful signals for the API owners. (Or at least, for me, when trying to fulfill my API owner duties.) We need to judge whether the specification proposed meets the requirements of the Blink process <https://www.chromium.org/blink/launching-features/#new-feature-prepare-to-ship>, which includes features like: is sufficiently detailed that a second implementation could implement; does not have any outstanding significant feedback or open issues; has received sufficient review; etc. In this particular case, until recently there was an outstanding negative review from a Gecko representative, so I wanted to delay LGTMing until that was cleared (which now it is).
Hopefully this perspective is helpful for future feature work, and I'm glad to hear the WG is working on streamlining the process to make this smoother for you all. On Friday, November 15, 2024 at 12:11:28 AM UTC+9 Yi Gu wrote: > Hi Chris, > > Similar to the other I2S > <https://groups.google.com/a/chromium.org/g/blink-dev/c/4arGqVW6V_Y?e=48417069>, > > our team is working with the FedID Working Group for standard work. At TPAC > the proposals got the approval > <https://github.com/w3c-fedid/active-mode/issues/2#issuecomment-2379788096> > to > advance to stage 2 > <https://github.com/w3c-fedid/Administration/blob/main/proposals-CG-WG.md#stage-2-formalization>. > Since > then we brought the spec PRs to the WG calls a couple of times and people > are generally aligned. Since the WG is newly formed this year, the chairs > and members are collaborating to streamline procedures such as merging spec > PRs and we are in the middle of the process. > > Yi > > > > On Wed, Nov 13, 2024 at 11:27 AM Chris Harrelson <chris...@chromium.org> > wrote: > >> >> >> On Thu, Nov 7, 2024 at 2:37 PM Zachary Tan <tanzach...@chromium.org> >> wrote: >> >>> Contact emails >>> >>> y...@chromium.org, tanzach...@chromium.org, cbiesin...@chromium.org >>> >>> Explainer >>> >>> https://github.com/w3c-fedid/active-mode >>> >>> Specification >>> >>> Spec PR for the Mode API: https://github.com/w3c-fedid/FedCM/pull/660 >>> >>> Spec PR for the Use Another Account API: >>> https://github.com/w3c-fedid/FedCM/pull/678 >>> >> >> These spec PRs are still open, is there something blocking finishing and >> landing them? >> >> >>> Summary >>> >>> We intend to ship two new extensions for FedCM to address two issue that >>> were collectively identified as CR blockers >>> <https://github.com/w3c-fedid/FedCM/wiki/Status-of-FPWD%E2%80%90identified-Issues> >>> by >>> the FedID WG: “A not-yet logged in IDP has no route to success” >>> <https://github.com/w3c-fedid/active-mode/issues/2> and “Allow signing >>> in to additional account(s) >>> <https://github.com/w3c-fedid/FedCM/issues/511>”. >>> >>> To address this issue, we intend to introduce the following extensions >>> to FedCM: >>> >>> - Mode: The “active” mode allows websites to call FedCM inside a button >>> click (e.g. clicking on a “Sign-in to IdP” button), which requires FedCM to >>> guarantee it will always respond with a visible user interface (as opposed >>> to in “passive” mode, which doesn’t show any UI when users are logged out). >>> So, calling the FedCM API in “active mode” takes users to login to the >>> Identity Provider (IdP) when users are logged-out. Also, because the active >>> mode is called within an explicit user gesture, the UI is also more >>> prominent (e.g. centered and modal) compared to the UI from the passive >>> mode (which doesn’t require a user gesture requirement and can be called on >>> page load). >>> >>> - Use Other Account: With this extension, an IdP can allow users to sign >>> in to other accounts. >>> >>> In addition, the APIs are solving two related CR blockers >>> <https://github.com/w3c-fedid/FedCM/wiki/Status-of-FPWD%E2%80%90identified-Issues> >>> identified >>> <https://lists.w3.org/Archives/Public/public-fedid-wg/2024Jul/0006.html> by >>> the FedID WG. >>> >>> Feedback from Origin Trial: >>> >>> We ran the Origin Trial >>> <https://developer.chrome.com/origintrials/#/view_trial/2288391560657633281> >>> with >>> 30+ registrants. The feedback we got was positive. >>> >>> From the extension’s perspective, this proposal is sufficient >>> <https://github.com/w3c-fedid/active-mode/issues/2#issuecomment-2341644914> >>> to assist the users who are not signed in to their IdP when FedCM >>> extension is invoked. We also renamed the extension from “button” mode to >>> “active” mode to untie from certain UI affordances which was well >>> received >>> <https://github.com/w3c-fedid/FedCM/pull/660#issuecomment-2414525421> by >>> partners as well. >>> >>> From UX’s perspective, we have been iterating on the Chrome >>> implementation based on feedback to address potential usability issues and >>> provide users better context about their login. >>> >>> Blink component >>> >>> Blink>Identity>FedCM >>> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3EIdentity%3EFedCM> >>> >>> Search tags >>> >>> fedcm <https://chromestatus.com/features#tags:fedcm> >>> >>> TAG review >>> >>> https://github.com/w3ctag/design-reviews/issues/935 >>> >>> TAG review status >>> >>> Pending >>> >>> Chromium Trial Name >>> >>> FedCmButtonMode, FedCmUseOtherAccount >>> >>> Origin Trial documentation link >>> >>> >>> https://developers.google.com/privacy-sandbox/blog/fedcm-chrome-125-updates#button-mode-api >>> >>> WebFeature UseCounter name >>> >>> kFedCmButtonMode, kFedCmUseOtherAccount >>> >>> Risks >>> Interoperability and Compatibility >>> >>> Gecko: Not filing a standards position request for small additions at >>> the explicit request from Firefox (they prefer PRs). Positive on the >>> “active” mode based on TPAC discussions and GitHub issues >>> <https://github.com/w3c-fedid/active-mode/issues/2#issuecomment-2341644914> >>> . >>> >>> WebKit: No signal on the particular FedCM extensions. Positive >>> <https://github.com/WebKit/standards-positions/issues/309#issuecomment-2008324563> >>> on >>> the initial FedCM API. Standards position requests for FedCM extensions >>> have been merged >>> <https://github.com/WebKit/standards-positions/issues/309> so not >>> filing a new one. >>> >>> Web developers: Positive <https://github.com/fedidcg/FedCM/issues/442> >>> These >>> features are being developed to address existing feedback for the FedCM API. >>> >>> Other signals: N/A >>> >>> Activation >>> Similar to the FedCM API, we deliberately leave the bulk of the work to >>> the IdP to ensure that minimal RP change is needed. >>> >>> This feature, specifically, is one that can be currently controlled by >>> JS SDKs, so we expect activation to have a similar profile as FedCM: >>> immediately enabled to websites (without redeployment) by IdPs making use >>> of it (by redeploying their JS SDKs). >>> >>> Security >>> >>> The active mode shares all of the security properties from the passive >>> mode. e.g. honoring CSP, CORS, using security headers, not asking users to >>> type in the browser UI etc. >>> >>> It’s worth noting that the pop-up window has the same web platform >>> properties as what one would get with >>> window.open(url,””,”popup,noopener,noreferrer”)) that loads the login_url. >>> There's no communication between the website and this pop-up is allowed >>> (e.g. no postMessage, no window.opener). >>> >>> WebView application risks >>> >>> Does this intent deprecate or change behavior of existing APIs, such >>> that it has potentially high risk for Android WebView-based applications? >>> >>> None >>> >>> Debuggability >>> >>> Same as FedCM in general – console messages in devtools and general JS >>> debugging. e.g. we show messages when transient activation is missing when >>> invoking an active mode, or when a passive flow is terminated in favor of >>> an active flow etc. >>> >>> Will this feature be supported on all six Blink platforms (Windows, Mac, >>> Linux, ChromeOS, Android, and Android WebView)? >>> >>> No, FedCM API is not available in WebView >>> >>> Is this feature fully tested by web-platform-tests >>> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> >>> ? >>> >>> Yes >>> <https://wpt.fyi/results/fedcm/fedcm-button-and-other-account?label=master&label=experimental&aligned&q=fedcm%2Ffedcm-button-and-other-account%2F> >>> >>> Flag name on chrome://flags >>> >>> FedCmButtonMode, FedCmUseOtherAccount >>> >>> Finch feature name >>> >>> FedCmButtonMode, FedCmUseOtherAccount >>> >>> Requires code in //chrome? >>> >>> True >>> >>> Tracking bug >>> >>> https://crbug.com/1490588, https://crbug.com/40939658 >>> >>> Launch bug >>> >>> https://launch.corp.google.com/launch/4348674 >>> >>> Sample links >>> >>> https://fedcm-button.glitch.me >>> >>> Estimated milestones >>> >>> Shipping on desktop >>> >>> 132 >>> >>> Origin trial desktop first >>> >>> 125 >>> >>> Origin trial desktop last >>> >>> 133 >>> >>> Origin trial extension 1 end milestone >>> >>> 130 >>> >>> Origin trial extension 2 end milestone >>> >>> 133 >>> >>> DevTrial on desktop >>> >>> 124 >>> >>> Shipping on Android >>> >>> 132 >>> >>> Origin trial Android first >>> >>> 128 >>> >>> Origin trial Android last >>> >>> 133 >>> >>> DevTrial on Android >>> >>> 125 >>> >>> >>> Anticipated spec changes >>> >>> Open questions about a feature may be a source of future web compat or >>> interop issues. Please list open issues (e.g. links to known github issues >>> in the project for the feature specification) whose resolution may >>> introduce web compat/interop risk (e.g., changing to naming or structure of >>> the API in a non-backward-compatible way). >>> >>> None >>> >>> Link to entry on the Chrome Platform Status >>> >>> https://chromestatus.com/feature/4689551782313984?gate=4942283999019008 >>> >>> Links to previous Intent discussions >>> >>> Intent to Prototype: >>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CACh2XCPzJ1beiSbsmQqvu9x24zmf6LkGuup%3DgPVyXEx%2Bux9%3Dyg%40mail.gmail.com >>> >>> Intent to Experiment: >>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/1745ebe7-6c98-49c7-9d98-94b25d39b409n%40chromium.org >>> >>> Intent to Extend Experiment 1: >>> https://groups.google.com/a/chromium.org/g/blink-dev/c/bQqXXv2S9q0/m/yHvhuFL3AQAJ >>> Intent to Extend Experiment 2: >>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CACh2XCMPQ9s2hUR2UYuTTkRDra0qfjxBXA0bOme2baQGbPE6NA%40mail.gmail.com >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "blink-dev" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to blink-dev+unsubscr...@chromium.org. >>> To view this discussion visit >>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAK9HhFkgmbC_UG8G5yYguB609UZY%3DV66qrJrVor3PdStbadY6g%40mail.gmail.com >>> >>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAK9HhFkgmbC_UG8G5yYguB609UZY%3DV66qrJrVor3PdStbadY6g%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> >> -- >> > You received this message because you are subscribed to the Google Groups >> "web-identity-core" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to web-identity-core+unsubscr...@google.com. >> To view this discussion visit >> https://groups.google.com/a/google.com/d/msgid/web-identity-core/CAOMQ%2Bw90Jj7RBzmjrrQFD274KthUpLLQ5u_XxvOxYHECzquxQQ%40mail.gmail.com >> >> <https://groups.google.com/a/google.com/d/msgid/web-identity-core/CAOMQ%2Bw90Jj7RBzmjrrQFD274KthUpLLQ5u_XxvOxYHECzquxQQ%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/a/google.com/d/optout. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "web-identity-xfn" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to web-identity-xfn+unsubscr...@google.com. >> To view this discussion visit >> https://groups.google.com/a/google.com/d/msgid/web-identity-xfn/CAOMQ%2Bw90Jj7RBzmjrrQFD274KthUpLLQ5u_XxvOxYHECzquxQQ%40mail.gmail.com >> >> <https://groups.google.com/a/google.com/d/msgid/web-identity-xfn/CAOMQ%2Bw90Jj7RBzmjrrQFD274KthUpLLQ5u_XxvOxYHECzquxQQ%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/a/google.com/d/optout. >> > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/aeca46bd-5aca-439e-a07d-95d6eea5f0b8n%40chromium.org.
