Presently any 3P website can query Chrome for tokens issued by a specific Issuer. This results in a couple of challenges:
An Issuer seeking to redeem its own tokens needs to compete with 3P websites to query for tokens before Chrome's per-site Issuer limit kicks in.
There is no way for an Issuer to prevent data leakage to arbitrary 3P websites about the fact that it issued tokens to a user.
There could be an extension that allows enumeration of permitted redeemers, with the default being any. Similar to first-party cookies, the browser could restrict token query and access to specified redeemers. Additionally, this could be a Related Website Set, which should provide more flexibility and simplicity in specifying redeemers.
Presently any 3P website can query Chrome for tokens issued by a specific Issuer. This results in a couple of challenges:
There could be an extension that allows enumeration of permitted redeemers, with the default being any. Similar to first-party cookies, the browser could restrict token query and access to specified redeemers. Additionally, this could be a Related Website Set, which should provide more flexibility and simplicity in specifying redeemers.