OAuth WG Interim
Meeting - IsLoggedIn/WebID
November 2, 2020
Note taker: Seán
- Browser steps to limit tracking involve limiting
browser primitives (e.g. redirects, cookies, etc.), because the browser
doesn’t know if these primitives are being used for tracking.
- Silent refresh can neccesitate
the use of “interstitials” (“are you still logged in?”") when
using SameSite cookies
in order to keep ATs fresh.
- The “explainer” section is recommended reading.
- Some problems:
- ILI wants to wipe all data on logout, which
implicitly puts the user into the “untrusted” flow.
- “The untrusted flow is much more annoying to the
user than the trusted flow.”
- Should we attempt to influence the course of the
development of these initiatives?
- Browser vendors can have very strong and different
assumptions to us so it can be difficult to find common ground.
- Community groups (CGs) can drum up interest under
the umbrella of W3C, but hasn’t the capacity to
create standards; the next step is generally to create a new WG.
- The Privacy CG is where a fair slice of
the privacy issues and mechanisms are being discussed.
- The WICG is where the WebID API is being discussed.
- Are we open to collaborating with other members of
the identity community, remembering that we’re a subset of the identity
community, not the whole community. Consider
including OIDC and Kantara, for example.
- How could such a document be developed?
- Vittorio and George have been volunteered to lead
the document and are open to adding structure and framing of the
- The recommended development of the document is to
have different companies contribute their use cases and requirements, and
to then refine this.
- Advice from Sam Goto: To
approach the browser teams with an open mind - they’re mainly approaching
this from a privacy perspective.
- Vittorio: Overview of the current problems we’re
- George: Overview of the current proposals (WebID and ILI).
- Discourse on “discussion vs document”.
- Discussion on document process and goals.
- Justin Richer
- Hannes Tschofenig
- Rifaat Shekh-Yusef
- Brian Campbell
- Mike Jones
- Seán Kelleher
- Jeff Craig
- Yaron Sheffer
- Francis Pouatcha
- Vittorio Bertocci
- David Brossard
- Tim Cappalli
- Filip Skokan
- Sam Goto
- Janak Amarasena
- Mike O’Neill
- Anthony Nadalin
- Ken Buchanan
- Michael Knowles
- Aaron Parecki
- Senthalan Kanagalingam
- George Fletcher
- Roman Danyliw
- Jeff Hodges
- Sam Weiler
- Dick Hardt
- Majid Valipour
- Vladimir Dzhuvinov
- Cristofer Gonzales
- Yi Gu
- Daniel Rojas