- Created by Heather Flanagan, last modified by Zacharias Törnblom on Sep 29, 2023
This is our focus
As browsers continue to threaten the cross-site methods used in authentication protocols to fight navigational tracking, we see that R&E community investment in testing these changes as a way to have a strong influence in the evolution of these changes. The two issues currently unaddressed are IdP picking from a list – and the massive scale they need to support for our in our community, – and the hops that are implemented in many authentication flows involving hub federations, federated proxies, and proxies bridging non-compliant IdPs into the federation.
Overview
FedCM ("A privacy preserving federated identity Web API" - quote from GitHub) is several browser vendors go at ensuring users can still use buttons for "Sign in with <third party IdP vendor>..." even as the privacy preserving practices around third party cookies etc. are rolled out - privacy practises that would inevitably break the current login pattern. This baseline will enable us to continue offering our R&E community federated access as long as we take part in its development, and adapt our community's critical software stacks.
This new approach to protect end-user privacy that browsers are proposing appears to have a significant impact on R&E federation access practices. If you have software, have your developers reviewed https://fedidcg.github.io/FedCM/? Are they aware of a hackathon planned in Feb to test R&E tools and provide the W3C with feedback? Have you considered business continuity effects for your systems, especially if your suppliers do not address the new browser controls?
Meetings
Since September 2023, for the sake of longevity of the REFEDS group, we send out invitations to meetings as needed, see Meetings.
We gather on eduGain Slack (#fedcm) throughout the week and collect our weekly thoughts on Thursdays.
If you have joined the W3C community group, their meetings are weekly on Mondays, with occasional time changes for Asia Pacific participation: Calendar
Deliverables
- Create a TL;DR, a recorded presentation (Geant), and include an initial resource center and find maintainers of the resource center. - Albert Wu Albert Wu Leif Johansson
- A cadence of communications activities around FedID CG in particular and browser changes in general focused on federation communities eg eduGAIN, CACTI/Internet2, etc.
- Recommendations for how software developers /software stacks and federation operators implement and respond to Fed CM. – Leif J
- Common communication language for larger scale motivation of resources. - Chris P
Events
- TNC lightning talks
- TNC side meeting Thursday, 8 June @ 08:30-10:30 in the Vienna room of the Rogner Hotel.
- TNC's REFEDS meeting: short report
- TechEx Sept. 18-22 in Minneapolis, Minn. : proposal accepted
- IIW October
Terms
The following terms apply to all REFEDS Working Groups:
- When a working group is agreed, REFEDS Participants will be asked if they wish to participate. Working Groups tend to be small, so consensus can be achieved quickly between participants.
- A chair for the group is chosen from the REFEDS Participants.
- GÉANT provides facilities for the working group, including meeting support, wiki space, mailing lists and, where appropriate, funding.
- An appropriate output from the group is produced. Currently, this is typically a draft white paper or a wiki page.
- When the Working Group is in agreement, the chair shares the outputs with the wider REFEDS community with an open period for discussion and comment. This is typically a period of 4 weeks, but may be longer if appropriate.
- After this period of time, the REFEDS Steering Committee signs off on the work item. Work is either written up as a formal white paper, left on the wiki but promoted as finished work or occasionally submitted as an Internet Draft.
Resources
Communication
- Mailing list and its archives
- Slack: eduGAIN#fedcm
W3C resources
- Federated Identity Community Group
- SEE THIS PAGE
- calendar
- mailing list archive
- Slack: W3C#Federation
- FedCM https://github.com/fedidcg
- There are directories in one repository that mirror other repositories. Not clear on usage patterns.
- https://github.com/w3c/fedidcg - obsolete "...archived by the owner on Feb 28, 2023. It is now read-only. "
- There are directories in one repository that mirror other repositories. Not clear on usage patterns.
Industry resources
- OASIS discussion April 2023
- Google Privacy Sandbox
Child pages
- Chained Authentication Demos
- Testing and experimenting with FedCM
- State of browser privacy evolution
- Engagement with W3C FedID CG
- Slides, blogs, and videos
- Meetings
- Hackathon 2023-02-28 and 2023-03-01
2023 Conference and other resources
- TechEX session and Unconference
- TNC Side meeting
- Hackathon 2023-02-28 to 03-01
- Legacy proposal
- Legacy proposal
- IIW Side meeting notes
2022 Conference resources
- ACAMP notes https://docs.google.com/document/d/1vKX4MNq1U85GRmKtJeg08IB3VlTrF3cPfWZJ7J24cI0/edit
- Internet Identity Workshop proceedings
- Session #2 "FedCM 101"
- Session #4 "IdP Discovery and FedCM"
- Session #7 "Mapping FedCM to OIDC capabilities"
- Session #8: "CHAPI + FedCM: Wallet > selection"
- No labels