At TPAC, we discussed the future of this repository as well as privacycg/is-logged-in and I believe we reached an agreement that I'd like to record here.
在TPAC,我们讨论了该存储库的未来以及Privacycg/IS-Logged-In,我相信我们达成了我想在这里录制的协议。
Discussion
讨论
WebKit does not fully agree with the shape of the API as currently shipped in Chrome and was surprised this was shipped as-is. I don't think we discussed the full details of their concerns and will need to follow up on that (see next steps below).
Webkit与当前在Chrome中发货的API的形状完全不完全同意,并感到惊讶的是,这已发货。我认为我们没有讨论他们关注的全部细节,需要对此进行跟进(请参阅下面的下一步)。
Chrome / @samuelgoto currently only intends to use this signal as a self-declared low-trust method of informing whether or not to show FedCM UI.
Chrome / @samuelgoto当前仅打算将此信号用作自我宣传的低信任方法,以告知是否显示FEDCM UI。
@johnwilander wants to get a higher trust signal of actual user login state, with the intent to use this signal to inform potential relaxation in anti-tracking policies etc. (see privacycg/is-logged-in)
@johnwilander希望获得更高的实际用户登录状态信号,并意图使用此信号来告知反向跟踪策略等的潜在放松。
We all agree it would be wasteful to have two separate APIs given the underlying semantics"is user logged in" are very similar. We still think last year's decision to unify the APIs with different"trust levels" was a good decision.
我们都同意,鉴于“ IS登录用户”非常相似,拥有两个单独的API是浪费的。我们仍然认为,去年决定以不同的“信任水平”统一API是一个很好的决定。
Chrome / @johannhof does not oppose John's goals overall, but does not think that they're concrete enough to make a good WG work item. We'd like to understand what exactly is being proposed to have an opinion on it, i.e. how a trusted login status would be determined exactly, and which relaxations or other effects this signal would have.
Chrome / @johannhof并不反对约翰的总体目标,但认为它们的具体性不足以制造出良好的WG工作项目。我们想了解到底有什么意见,即如何准确确定可信赖的登录状态,以及该信号将产生哪些放松或其他影响。
Everyone agreed that it seems non-harmful to have the underlying infrastructure for this kind of mechanism available through FedCM's login status anyway.
每个人都同意,无论如何,通过FEDCM的登录状态获得这种机制的基础架构似乎无害。
Next steps
下一步
We will keep both repositories.
我们将保留两个存储库。
This repo in FedID will be used for working on the API itself, with a focus on FedCM but making sure that it is forward-compatible with potential high-trust signal work.
FedID中的此存储库将用于在API本身上工作,重点是FEDCM,但请确保它与潜在的高信任信号工作具有前向兼容。
@johnwilander will join @samuelgoto as an editor and incorporate feedback from the WebKit team to ensure that we get to an interoperable state. TBC whether @bvandersloot-mozilla also wants to be an editor (it might not be necessary).
@johnwilander将加入@SamuelGoto担任编辑,并结合Webkit团队的反馈,以确保我们进入可互操作的状态。tbc @bvandersloot-mozilla是否也想成为一名编辑(可能不是必需的)。
The repository in privacycg/is-logged-in will be renamed (name to-be-bikeshed, maybe privacycg/high-trust-login-signals ?) to clarify the current ambiguity.
Privacycg/Is-ogged-In中的存储库将被重命名(以自行车为单位,也许是Privacycg/High-Trust-Login-Signals?),以阐明当前的歧义。
?) to clarify the current ambiguity. Through that repo, @johnwilander will continue to work on the high trust signal idea in PrivacyCG, specifically what interoperable mechanisms could use this signal today. @johannhof is happy to collaborate and brainstorm. A potential use could be for Bounce Tracking Mitigations (cc @wanderview).
?)澄清当前的歧义。通过该回购,@johnwilander将继续在PrivacyCG中继续研究高信任信号的想法,特别是当今可以使用该信号的互操作机制。@Johannhof很高兴能够合作和集思广益。潜在用途可能是反弹跟踪缓解(CC @Wanderview)。
Can I please get a confirmation from @johnwilander @samuelgoto and @bvandersloot-mozilla that this is a good way forward (or possible corrections)?
我可以从@johnwilander @samuelgoto和 @bvandersloot-Mozilla获得确认,这是前进(或可能的更正)的好方法吗?
cc @hlflanagan
cc @hlflanagan
