Closed johannhof closed 5 months ago
I'm supportive of incubating this. It intuitively makes sense to me that an identity link opt in provides better UI/UX and FedCM already breaks the site privacy boundary.
The chairs discussed this and concluded that there was sufficient support to incubate. Consider this OK to start incubating into SAA. We'll defer to the editors on how they want to manage the details, but we can use https://github.com/privacycg/storage-access/issues/196 to track the effort.
Thanks Martin! We'll follow up with a PR on SAA. With regards to https://github.com/explainers-by-googlers/storage-access-for-fedcm, would you like me to move the explainer to this org?
Well, that's a different question. We'd appreciate having some explanation, so adding the document -- or its content -- to the existing storage access explainer(s) seems the right thing to do.
See https://github.com/privacycg/storage-access/issues/196, this was intended to live in FedID CG but chairs thought that because of the way it integrates with SAA it may actually be a potential PrivacyCG work item. Comment from https://github.com/privacycg/storage-access/issues/196:
In the FedID CG we have been https://github.com/fedidcg/FedCM/issues/467 the merits of autogranting Storage Access calls based on existing FedCM grants. Based on the positive reception of this idea we wrote up an explainer of how we think this should work from a technical perspective: https://github.com/explainers-by-googlers/storage-access-for-fedcm
Relevant for this specification is that instead of simply creating a new storage-access permission on a successful FedCM prompt, we'd update Storage Access to look at existing FedCM accounts connections to establish whether storage access can be granted without an additional prompt. Benefits to this include the ability to scope the grant to the privacy boundaries of FedCM, and avoiding two simultaneous permission grants for the user (agent) to manage.
This issue is tracking discussion and integration on the Privacy CG side.
cc @bvandersloot-mozilla @annevk @martinthomson @cfredric @hflanagan @samuelgoto @yi-gu