Browser changes and FedCM

Background:

FedCM ("A privacy preserving federated identity Web API" - quote from GitHub) is several browser vendors go at ensuring users can still use buttons for "Sign in with <third party IdP vendor>..." even as the privacy preserving practices around third party cookies etc. are rolled out - privacy practises that would inevitably break the current login pattern. This baseline will enable us to continue offering our R&E community federated access as long as we take part in its development, and adapt our communities critical software stacks.

Input/Requirements:

• The hackathon experience
• Participation from critical software stacks
• Participants to attend W3C to advocate for resolving any issues raised by R&E stacks

Output:

• Create a TL;DR, a recorded presentation (Geant), and include an initial resource center and find maintainers of the resource center. - Albert Wu Albert Wu Leif Johansson 
• A cadence of communications activities around FedCM in particular and browser changes in general focused on federation communities eg eduGAIN, CACTI/Internet2, etc. 
• Recommendations for how software developers /software stacks and federation operators implement and respond to Fed CM. – Leif J
• Common communication language for larger scale motivation of resources. - Chris P

TL;DR:

<technical shorts>

<proposed flow chart through API at this stage, can be updated as it is adapted>

Call to action:

This new approach to protect end user privacy that browsers are proposing appears to have significant impact to R&E federation access practices. If you have software, have your developers reviewed https://fedidcg.github.io/FedCM/? Are they aware of a hackathon planned in Feb to test R&E tools and provide the W3C with feedback? Have you considered business continuity effects for your systems, especially if your suppliers do not address the new browser controls? A REFEDS working group is proposed for 2023 workplan 2023 Work Plan Preparation.

Resources:

• ACAMP notes https://docs.google.com/document/d/1vKX4MNq1U85GRmKtJeg08IB3VlTrF3cPfWZJ7J24cI0/edit 
• Link to FedCM https://github.com/fedidcg/FedCM
• participation in W3C working group (slack channel in W3C for this community group) to support actual resolution committing technical issues

Zacharias Törnblom, Judith Bush

Chris Phillips Leif Johansson Leif Johansson Nicole Roy Alex Stuart Alan Buxey Adam Snook 

Judith Bush Anass CHABLI Alex Stuart Pål Axelsson Zacharias Törnblom 
+1 from SURF, with the note that we suggest the focus on the strategic level and the policy discussion, not (only) on the technical aspects

Alex Stuart Mario Reale Casper Dreef Guy Halse Albert Wu Adam Snook 

Comment from SURF: possibly first enhance MET to showcase the (meta)data instead on investing time on this topic 

Casper Dreef on behalf of the eduGAIN Steering Group

Pål Axelsson Alan Buxey Guy Halse Albert Wu 

MET (https://met.refeds.org/) is widely used. However the issues list is not being addressed and there are frequently operational issues with the service.

Proposal is to first facilitate the community of MET users to articulate their requirements for a MET service (including but not limited to issues on GitHub) and present some potential ways forward.

The REFEDS White Paper "Service Catalogues in a Federated Context" includes a proposal to consolidate the MET and eduGAIN metadata catalogues so this proposed work item may overlap with Anass CHABLI 's proposal for the work item above.

Matthew Slowe Matt Huckson Nicole Roy Alex Perez Mendez Adam Snook 

+1 from SURF on maintenance, in our view budget is the primary required resource for hiring a maintainer

Nicole Harris  Pål Axelsson