This week our own David Hübner travelled to the US in as an advocate for the German research community to join a #REFEDS hackathon, and discuss the future of #3rdPartyCookies and their meaning for #SAML, #OIDC and #FedCM with browser vendors like @chrome

For more info on #FedCM check out https://fedidcg.github.io/FedCM/

Sam Goto from the Google #Chrome Team speaking now at the @w3c Credential Community Group about #FedCM (Eliminating Cross-Site Tracking) and its intersection with #CHAPI (i.e. Digital Wallet Selector Mechanism)

https://meet.w3c-ccg.org/weekly

#VerifiableCredentials #DigitalWallet

"The biggest mistake that I made was not understanding the asymmetric nature of the parties involved in identity" ~ Kim Cameron (#IIW Keynote in 2016)

Kim was a giant in the #digitalidentity ecosystem, not just for his technical brilliance but for his willingness to be open and collaborative in bringing disparate parties together. He is sorely missed!

Back in 2016, the organizers of IIW @Identitywoman, Doc Searls and Phil Windley asked Kim to give a keynote on the lessons learned from the "Laws of Identity" 10 years later https://www.identityblog.com/?p=1631

I was in that audience and there was a critical point that Kim made that remains highly relevant to the current conversation on #digitalwallets and #VerifiableCredentials.

There was no video or audio recording of the keynote, so I had to go back into the live-tweets from back in the day and piece that point together (see image)

The current discussions in the #VC/#DID ecosystem continues to ignore this point on asymmetric power relationships when it comes to the nature of who has the agency and decision authority regarding what #digitalwallet will be used and how that is choice is surfaced to them.

I absolutely believe that the choice should be in the hands of the individual and not be left in the hands of the Issuer (identity provider) or Verifier (Relying Party) via the use of the 21st century version of the NASCAR page, which is QR Codes on the Issuer or Verifier site -- for all the reasons noted by Kim in his keynote!

Which is why the conversation regarding the Credential Handler API (#CHAPI) and the #FedCM today at the @w3c is so important!

Details here @ https://lists.w3.org/Archives/Public/public-credentials/2022Dec/0052.html

Alright, time for a #introductionpost.

My name is Patrick. I work in #product at #google - more specifically on #privacy #security #trust #safety - you may have seen some of the products I get to work on with our globally distributed teams: #passwordmanager #autofill #payments #passkeys #fedcm .

I moved over to #Mastodon as many of you frustrated by its new, toxic leadership.

Outside of work, I'm a #dad of three, #climatewrangler as a local politician and councilman, #runner and #coffeeaddict

RT @rocaz@twitter.com

へー！ > Origin Trial

"Chromeのオリジントライアル入門 - Chrome Developers" https://developer.chrome.com/ja/docs/web-platform/origin-trials/

#fedcm

🐦🔗: https://twitter.com/rocaz/status/1539197368176095234

RT @ritou@twitter.com

#openid #technight #fedcm
宣伝してもいいですか？

FedCM入門 その1 ~ ID連携の課題とFedCMのアプローチ - r-weblife https://ritou.hatenablog.com/entry/2022/06/19/070000

🐦🔗: https://twitter.com/ritou/status/1539190433946796032

どうせブラウザだけで扱ってRPには渡されることのない情報なら、アカウントリストエンドポイントにはUID返して、トークンエンドポイントはPPID返せばいいのでは。
#openid #technight #fedcm

RT @ritou@twitter.com

Sec-FedCM-CSRF: ?1
さっきえーじさんがいってたヘッダーはこれです。
ブラウザがつけるもので、RPがIdPにクロスドメインとかで送ろうとしてもつかないよみたいな話。
#OpenID #Technight #FedCM

🐦🔗: https://twitter.com/ritou/status/1539213975761522688

RT @ritou@twitter.com

Sec-FedCM-CSRF: ?1
さっきえーじさんがいってたヘッダーはこれです。
ブラウザがつけるもので、RPがIdPにクロスドメインとかで送ろうとしてもつかないよみたいな話。
#OpenID #Technight #FedCM

🐦🔗: https://twitter.com/ritou/status/1539213975761522688

RT @ayokura@twitter.com

手元のAndroidのChromeでデモがちゃんとうごいたのでニコニコしてる
（demo のURLは https://developer.chrome.com/docs/privacy-sandbox/fedcm/ からもリンクされてたから公開して大丈夫のはず…！）

#OpenID #TechNight
#FedCM

🐦🔗: https://twitter.com/ayokura/status/1539194380384280577

これからOpenID TechNightでFedCMのお話をします。久々のオフライン（ハイブリッド）イベント、楽しみ #openid #technight #fedcm

RT @agektmr@twitter.com

Building a website that doesn't rely on passwords is becoming practical. Learn how you can prepare for it with my Google I/O session "A path to a world without passwords" #io22 #fido #fedcm #webotp
https://youtu.be/6vnQDn3AUbo

🐦🔗: https://twitter.com/agektmr/status/1525987235560009728

Building a website that doesn't rely on passwords is becoming practical. Learn how you can prepare for it with my Google I/O session "A path to a world without passwords" #io22 #fido #fedcm #webotp
https://youtu.be/6vnQDn3AUbo

RT @agektmr@twitter.com

Check out my Google I/O session video // A path to a world without passwords
https://www.youtube.com/watch?v=6vnQDn3AUbo
#io22 #io22jp #fido #passkey #fedcm

🐦🔗: https://twitter.com/agektmr/status/1524902966767255552

Check out my Google I/O session video // A path to a world without passwords
https://www.youtube.com/watch?v=6vnQDn3AUbo
#io22 #io22jp #fido #passkey #fedcm

My Google I/O session "A path to a world without passords" is now available to watch. https://io.google/2022/program/e3bb37a4-2723-4d72-a5b3-1a23abb94ac0/ #io22 #fido #passkeys #webauthn #fedcm #webotp

#FedCM spec URL is moved as the repository has been transferred to fedid cg. https://fedidcg.github.io/FedCM/

Federated Credential Management (f.k.a. WebID) HOWTO guide is updated. #FedCM #Identity // FedCM/HOWTO.md at main · WICG/FedCM · GitHub
https://github.com/WICG/FedCM/blob/main/explainer/HOWTO.md