-
e.g. an endpoint like `/api/v2/preload-list`
The goal would be for all major browsers, including Chrome, to pull the current list from that URL.
That way, the Chromium process doesn't introduce ad…
-
https://w3cping.github.io/privacy-threat-model/#high-level-threats currently starts with
> User agents should attempt to defend their users from a variety of high-level threats or attacker goals, d…
-
We can add more fingerprinting protection through farbling protections to Brave through the following:
(these changes would be in normal and aggressive settings)
- add a session-and-etld+1 deriv…
-
As mentioned in the last working group calls the current proposal does not support more complex federation scenarios well, i.e. scenarios where the IDP setup is more complex and does not rely on a sin…
-
Web application `RP1` and `RP2` offer sign in/sign up functionality for users of identity provider `IDP1`, using any of the following:
* any OpenID Connect flow
* any SAML flow
* any WS-Fed flow
…
-
Cookie や localstorage を経由して他のアーティファクトから展開されたサイトの~~中身~~状態が見えてしまう
-
While implementing a rough clone of Firefox for iOS's logins handling, I noticed that we don't support SQLite's `LIKE` operator for non-fulltext text searching. That's what we use in Firefox for iOS,…
gburd updated
4 years ago
-
Some identity providers (IDPs) want to show different sets of accounts in different contexts. For example, some relying parties (RPs) may want to filter out certain account types such as minors.
Th…
-
reading the manifest specifications more closely, the endpoints are all specified as relative URLs rather than full URLs (which is how the URLs are specified in the OIDC discovery docs)
This presum…
-
Is there any development still happening with this library? Chrome is reporting the following warning when trying to load the Scriptaculous script:
> _A parser-blocking, cross site (i.e. different …