fedidcg/FedCM Issues

Last updated May 18, 2024, 5:48:35 AM UTC.

This repository doesn't have the Priority: Eventually label that's used to mark an issue as triaged without giving it an SLO. Until that's added, this summary uses heuristics to guess if each issue has been triaged.

39 out-of-SLO untriaged issues
3 issues on the agenda

Untriaged

Try to triage issues within 7 days. [ More Info ]

Issue	Title	Within SLO	On maintainers' plates for	Time left	Time past SLO
#5	Conceptual Scope w.r.t. OpenID Connect/OAuth 2.0	❌	4.1 years		4.1 years
#47	Leverage the common DID URI scheme and data format for IDs, ID resolution flows, and ID metadata/PKI responses	❌	3.4 years		3.4 years
#65	login fencedframes: exfiltration through show/hide signal?	❌	3.1 years		3 years
#83	delegation-oriented api requires "consequence-free" - must be free of entropy bits which could enable global tracking when IDPs and RPs collude	❌	2.9 years		2.9 years
#217	Clarify and specify the client id's returned as part of the account list	❌	2.2 years		2.2 years
#244	Resource Access 1.1.5 interaction model is vague	❌	2.1 years		2.1 years
#294	[Technical] Better specify AbortController support	❌	1.9 years		1.9 years
#312	Add note about PP / TOS	❌	1.9 years		1.8 years
#336	Validate that account_ids are unique	❌	1.7 years		1.7 years
#340	Disallow multiple get() calls at the same time	❌	1.7 years		1.7 years
#352	Share performance measurement with IDP	❌	1.6 years		1.6 years
#359	Add brief section for root manifest (near "Manifest" section)	❌	1.6 years		1.6 years
#360	Rename manifest mentions	❌	1.6 years		1.6 years
#364	spec mentions that 'nonce' is always included in token POST parameters	❌	1.6 years		1.6 years
#366	Reject simultaneous caller in the iframe case	❌	1.6 years		1.6 years
#371	API should be disabled in Fenced Frames	❌	1.6 years		1.5 years
#384	Add non-normative note about compromised renderer	❌	1.4 years		1.4 years
#386	FedCM issues	❌	1.4 years		1.4 years
#387	Remove language referring to sign-up and sign-in, amplify in browser state machine	❌	1.4 years		1.4 years
#407	[Context API] - Authz / relation to ability to specificy scope	❌	1.3 years		1.3 years
#440	Multiple IDP support requires patching the HTML spec	❌	1.3 years		1.2 years
#441	The IDP has to support additional infrastructure to support FedCM	❌	1.3 years		1.2 years
#469	Align on user flow for initial and returning FedCM prompts	❌	1 year		1 year
#487	Erroneous link to JSON object in automation section of spec	❌	10.3 months		10 months
#493	Should clearing IDP state also clear RP state?	❌	9.2 months		9 months
#495	Should getUserInfo() use an IdentityProviderConfig?	❌	8.8 months		8.6 months
#499	Validate urls once the config fetch occurs	❌	8.5 months		8.3 months
#537	Allow setting IDP login status from same-site subresources	❌	4 months		3.8 months
#540	Evaluate string types in the spec	❌	3.7 months		3.5 months
#550	Mention SameSite cookies in accounts fetch	❌	2.2 months		2 months
#552	Allow IDPs to use multiple config files within an eTLD+1	❌	1.5 months		1.2 months
#553	Allowing IDPs to expose different account lists in different contexts	❌	1.5 months		1.2 months
#559	Allow RPs some control over the Disclosure Prompt	❌	1.1 months		3.6 weeks
#563	FedCM for Research and Education	❌	2.6 weeks		1.6 weeks
#564	FedCM 4 R&E: Filtering IdPs	❌	2.6 weeks		1.6 weeks
#565	FedCM 4 R&E: Technical Considerations	❌	2.6 weeks		1.6 weeks
#566	FedCM 4 R&E: Organization Chooser / WAYF	❌	2.6 weeks		1.6 weeks
#567	Requesting permission for ability to display RP icon, human readable RP name or human readable IDP name	❌	2.2 weeks		1.2 weeks
#575	Allow showing the widget UI for logged-out users	❌	1.2 weeks		2 days
#587	Why must SameSite=none?	✔	12 hours	0.9 weeks
#589	Relax the mimetype check of the .well-known/web-identity file	✔	10 hours	0.9 weeks
#590	Add `interaction_required` error response	✔	8 hours	1 week

Agenda

Try to maintain fewer than 25 agenda items and discuss issues on the agenda within 35 days. [ More Info ] [ See these issues on Github ]

Issue	Title	Within SLO	On the agenda for	Time left
#559	Allow RPs some control over the Disclosure Prompt	✔	4.2 weeks	5 days
#240	Allow IDP registration	✔	2 days	1.1 months
#319	Allow multiple IDPs to be used	✔	2 days	1.1 months