IdP Registration same-site v same-origin

[philsmart]

IdP registration is currently same-origin, I believe. With the relaxation of the login status API to using same-site over same-origin (https://github.com/fedidcg/FedCM/pull/538), I wondered if the same relaxation would benefit IdP registration. That is, for example, a University welcome page at https://welcome.university.ac.uk (or even https://www.university.ac.uk) could include a button (or something) that could register https://idp.university.ac.uk/fedcm/config.json as an Identity Provider.

Or you already can, and I am being dumb.

[cbiesinger]

In Chrome's implementation it is currently same-origin. It seems fine to change it to same-site.

[judielaine]

So if the university had a identity proxy that redirects authentication to their IDP, the university hospital's IDP, and three different labs/foundations at https//oneuni.university.ac.uk/fedcm/config.json the registration for both the univeristy and the proxy could be done at https://welcome.university.ac.uk but if the hospital's IdP were at http:/idp.unihospital.ac.uk the registration button would be elsewhere.

I think this would be great -- supporting a same site registration capability) because if could bring many intermediary systems under one point of registry.