search

w3c-fedid / FedCM

A privacy preserving identity exchange Web API
https://w3c-fedid.github.io/FedCM/
Other
383 stars 73 forks source link

User Info API vs. preventSilentAccess #645

Open johannhof opened 2 months ago

johannhof commented 2 months ago

In https://github.com/explainers-by-googlers/storage-access-for-fedcm/issues/1, we discussed how preventSilentAccess impacts Storage Access auto-grants from FedCM and decided that it seems safer to avoid exposing storage access after preventSilentAccess was invoked. This raised the question whether the User Info API should be exposed that way, and what our privacy threat model for FedCM is regarding the preventSilentAccess function.

@yi-gu @bvandersloot-mozilla @ekovac

johannhof commented 2 months ago

@hlflanagan can we tag this for TPAC, please? :)