13K/ Browser API: Fedcom + VC + mDL?

From IIW

mDL + FedCM + VC-data-model = ?

Session Convener:

Notes-taker(s): Heather Flanagan (but the notes need fleshing out; tagging Kristina.Yasuda@microsoft.com)

Tags / links to resources / technology discussed, related to this session:

FedCM = https://github.com/fedidcg/FedCM

See also:




SIOP = https://openid.net/specs/openid-connect-self-issued-v2-1_0.html

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

What is FedCM? “The Federated Credential Management API aims to bridge the gap for the federated identity designs which relied on third-party cookies. The API provides the primitives needed to support federated identity when/where it depends on third-party cookies, from sign-in to sign-out and revocation.”

Hope to help fix some of the NASCAR problem.

Data formats? Browser is depending on the IdP to provide the id token. Browser has access to the cookies set by the authentication flow.

Where it might not be satisfying to the VC/mDL model: The RP has to name the IdPs. It’s also very OIDC-specific.

There is a separate proposal (isLoggedIn) that might be of interest

Does the IdP have to be involved? This may be where SIOP is of interest. It’s an open question as to whether FedCM would even be of use where SIOP is practical. Maybe when mediating when SIOPs?

See image(s) for these notes in the IIWXXXIV Book of Proceedings here: