"Developed within the W3C, FedCM aims to create a more privacy-preserving web by introducing a browser-native way to handle federated logins. A federated login occurs when one application delegates the login process to another application called an identity provider. The original impetus of FedCM was to provide federated login a better foundation with browser support. Rather than general purpose web primitives, like redirects, iframes,"
"While Google Chrome has pushed the decision about blocking third party cookies to the user, other browsers still block all or many third party cookies by default. With a focus on user privacy, as well as leveraging the native UI elements of a browser, FedCM intends to build a login experience significantly more consistent and secure as well as solve problems that couldn't be addressed without browser functionality. Such problems include when too many identity providers are available (the NASCAR flag problem"
FedCM is a W3C-proposed web API that provides a browser-native, privacy-preserving mechanism for federated logins. The API replaces redirect/iframe/third-party-cookie based flows with native browser UI and primitives to reduce cross-site tracking and improve security. Chromium browsers implement the working-draft API, and vendor positions range from active review to non-opposition while the specification advances toward candidate recommendation. The API simplifies common developer tasks for typical web login flows and addresses usability issues such as excessive identity provider lists. FedCM aims to deliver a more consistent, secure, and frictionless federated authentication experience for end users.
Read at InfoQ
Unable to calculate read time
Collection
[
|
...
]