Digital Credentials API #332
Comments
|
Um, I think you mean "WebKit's standards position on the record". But yes, I believe we (WebKit) are supportive of this effort for the reasons you mentioned:
Unless anyone objects, I'd like to mark this as supportive in a week or so. |
|
Whoops, I'm sorry for the silly mistake. Yes of course, I'm only asking for WebKit's position 🙂. Corrected. |
marcoscaceres
added
concerns: interoperability
|
Although we are supportive, it's not without concerns - which I believe are broadly shared by the standards and wider community. AnnoyanceIf Verifiers too liberally grant sites the ability to request credentials, this API could become annoying to users as they will be constantly asked "paper's please?" (e.g., a drivers license) where autofill could have sufficed, or worse, where passing high-value credentials would normally be unnecessary. Further, although issuance is out of scope, issuance could become either an annoyance, or worse (a deliberate) burden to users, where Verifiers abuse their power. For example, having to physically go to a government agency to request a digital credential. InteroperabilityIf the spec doesn't nail down the request format(s), there is a real risk of interop issues with either badly designed request formats, or overly specific or proprietary request formats needing to be supported by wallets or platforms. The bar should be set fairly high for what formats the API supports. SecurityFollowing on from the above, passing arbitrary request content to wallets or the OS should be considered a non-starter. The community should work towards very well specified requests and response data structures for the API. PrivacyThis API has the potential to pull high-value government-issued certified credentials (drivers licenses, passports, etc.) from the browser - so the upmost care needs to be taken that credentials are never passed to unintended parties. There is also making sure that each party involved cannot collude to reveal who is using what credential for what purpose (e.g., government shouldn't know which person purchased an age restricted item or accessed an age restricted website, although the credential may be required to purchase or access a particular service). VenueOn parallel to incubation, the spec needs to find a home at the W3C somewhere. |
marcoscaceres
added
venue: WICG
|
Thanks Marcos. Perhaps it's worth noting that we (Chrome team) share almost all of those concerns. The one place I think we disagree is around security. We believe that without the flexibility to control the format, issuers and wallets will just continue to rely on sending arbitrary data through other (less secure) means like custom schemes and/or their own network connection (eg. it's common for bank apps in Europe to just get a push notification initiated by a checkout flow on a web page). So we see this API more like the Web Share API as an API specifically for communicating arbitrary data to native apps in a way the user and user agent can at least reason about somewhat. While we consider the request to be "arbitrary", we do plan to tailor our security and privacy mitigations based on the contents of the request (not something we can do with the alternative when the request is flowing out-of-band). Anyway, we should keep having this debate in the WICG group. I just wanted to note here for the record that it's an outstanding point of disagreement. |
|
Update on Venue: We also made strides on the OpenID / request format. |
|
Recording that Mozilla's position is up - currently "negative". |
WebKittens
@marcoscaceres @hober
Title of the spec
Digital Credentials
URL to the spec
https://wicg.github.io/digital-credentials/
URL to the spec's repository
https://github.com/WICG/digital-credentials
Issue Tracker URL
No response
Explainer URL
https://github.com/WICG/digital-credentials/blob/main/explainer.md
TAG Design Review URL
No response
Mozilla standards-positions issue URL
mozilla/standards-positions#1003
WebKit Bugzilla URL
https://bugs.webkit.org/show_bug.cgi?id=268516
Radar URL
rdar://problem/122053716
Description
We've been working together for some time on this space, starting with WebKit's first proposal for an mdoc explainer, so I assume WebKit is supportive in some capacity. But we're getting close to doing an intent-to-prototype in Chromium and so I wanted to get WebKit's official standards position on the record. Thanks!
The text was updated successfully, but these errors were encountered: