Private State Token API

[dvorak42]

Request for position on an emerging web specification

Information about the spec

• Spec Title: Private State Token API
• Spec URL: https://wicg.github.io/trust-token-api/
• GitHub repository: https://github.com/WICG/trust-token-api

Design reviews and vendor positions

• TAG Design Review: https://github.com/w3ctag/design-reviews/issues/414
• Mozilla standards-positions issue: https://github.com/mozilla/standards-positions/issues/262

Anything else we need to know

The Trust Token is an implementation of an earlier version of privacypass as a method to allow websites to use privacy-preserving tokens. The initial shipped version will be shipping based on earlier privacypass technology, with plans to bring it into alignment with the standardized version of the protocol with a future revision.

[tfpauly]

Since iOS/macOS support what will be the standardized IETF version of privacy pass, I don't think we have any intent of supporting the older versions that trust token wraps up.

[dvorak42]

Putting aside the version of privacypass that Trust Token wraps, does Apple have a position on exposing these sort of tokens as a general token on the web that web-based attesters/issuers could issue and then redeem, versus the private access token approach where the attester is the device manufacturer/operator.

[dvorak42]

FYI: We've renamed this API and added a W3C spec document: https://wicg.github.io/trust-token-api/