search

w3c-fedid / FedCM

A privacy preserving identity exchange Web API
https://w3c-fedid.github.io/FedCM/
Other
375 stars 72 forks source link

Should we pick a better name for this API? And if so, which? Or, do we like FedCM? #331

Closed samuelgoto closed 1 year ago

samuelgoto commented 2 years ago

We picked a name (FedCM) that was deliberately narrow/convoluted/technical to avoid the distraction of an un-necessary discussion.

As we approach broader availability (e.g. chrome origin trials, firefox prototyping it, etc) this seems like a good time to ask ourselves as a group if / whether / which name we'd like to use for this API (it gets harder to change as we go along).

Keeping our current name is a perfectly valid choice, but we figure it would be good for that to be a deliberately choice rather than unintentional.

We need to find some resolution, because we need to know what to call this and we'd like your input on this :)

Here are a few options that occurred to us (either option could work for us):

  1. Keep FedCM (which could be confused with this this one -- so not ideal)
  2. Pick another name (a few that occurred to us):
    • WebID: taken.
    • Federated Identity API
    • Web Identification API
    • Web Identity API
    • Identity Credential Management API
    • more ideas here
    • other ideas?

A few things to consider:

  1. We used FedCM before because we were subclassing the existing FederatedCredential interface, which we aren't anymore (for good reasons), so if we keep it there'll be technically two Federated Credential Management APIs: this one and this one.
  2. Because we had to avoid the subclassing, for better or for worse, we have, since then, created an IdentityCredential interface in the Credential Management spec and used Web Identity in a few places in the spec (e.g. the in the .well-known/web-identity configuration file). The more we delay on this decision, the more this will start to get baked into the API design and harder to change (because coordinating between multiple implementors is hard-er).
  3. WebID is already taken, we don't want to overload it
  4. The TAG advised us against Web Identity API (too broad), and would rather us use Web Identification API (which could work, specifically because it relates to Web Authentication in a complementary way)
  5. Should align with the TAG's Naming Design Principles
  6. It would be good to have something that aligns well with WebAuthn
  7. Here are some of the feature requests that we got from you all of you in the past (which we haven't committed to, but good to know how others see the API going forward)

This is a discussion about name, rather than scope: none of the spec scope is changing, we just need to finalize what to call the API under its existing scope defined in the spec.

I'm planning to drive some resolution on this issue at TPAC at the FedID CG, which should give people a few weeks to make suggestions here in preparation.

WDYT?

timcappalli commented 2 years ago

I like Federated Credential Management, but understand the concerns about the existing CredMan surface.

So I'd propose: Federated Identity Exchange API

alextcone commented 2 years ago

I suspect optics of the optics of “Identity Exchange” are not great.

samuelgoto commented 1 year ago

I'm going to close this as resolved, since we went with the status quo for the time being at least.