GitHub - w3c-fedid/FedCM: A privacy preserving identity exchange Web API
Skip to content

w3c-fedid/FedCM

Repository files navigation

FedID CG Federated Credentials Management

This is the repository for the W3C's FedID CG Federated Credentials Management API.

Explainer: explainer.md

Work-in-progress specification: https://w3c-fedid.github.io/FedCM/

Introduction

As the web has evolved there have been ongoing privacy-oriented changes (example) and underlying privacy principles. With those changes some underlying assumptions of the web are changing. One of those changes is the deprecation of third-party cookies. While overall good for the web, third-party cookie deprecation leaves holes in how some existing systems on the web were designed and deployed.

Federated Credentials Management API aims to fill the specific hole left by the removal of third-party cookies on federated login. Historically this has relied on third-party cookies or navigational redirects in order to function as they were the primitives provided by the web.

The explainer and spec provide a potential API and the rational behind how that API was designed.

Contributing

Much of the FedCM specification has evolved due to the experimentation detailed in the explorations. The explorations documents give a good overview of the why of the FedCM API. Please read over the documents to understand how the current API has evolved.

There are several ways to contribute to the Federated Credential Management API.

  • If you're an interested party and have potential requirements, they can be submitted to the IDBrowserUseCases repository. There are also discussions ongoing in the Fed-ID CG about the various use cases.

  • If you'd like to try out the current demo of the FedCM API you can follow the HOWTO document.

  • If you're an Identity Provider, there are two sides of the implementation that will be needed and any feedback on either side is appreciated.

    1. The Identity Provider API describes the manifest and API needed server side.
    2. The Browser API describes the JavaScript interface to FedCM which will need to be utilized.
  • If you're a Relying Party (i.e. website) and would like to test the changes out we'd appreciate feedback, you'll need to do something similar to the HOWTO.md to setup a fake IDP which can serve the needed JavaScript. (Until an IDP provides first party JavaScript to work with FedCM this integration will be tricker). You can also review the demo provided by the HOWTO and take a look at the Relying Party API to see what is needed on the RP side.

Code of Conduct

This group operates under W3C's Code of Conduct Policy.