Episode 037: 08‐08‐2024 The Rise of Browser Identity APIs - GluuFederation/identerati-office-hours GitHub Wiki

• Host: Mike Schwartz, Founder/CEO Gluu
• Guest: Sam Goto, Senior Staff Software Engineer - Google Chrome

Linkedin Event

Description

In the last few years, there have been a number of new browser APIs proposed and implemented that assist developers to authenticate people or establish identity. This talk will discuss a few of these, like WebAuthn, WebOTP, FedCM, DBSC and the Digital Credentials API.

Homework

• W3C FedCM
• Device Bound Session Credentials
• W3C WebAuthn
• WebOTP
• Digital Credential API

Takeaways

• Current federated identity standards use the built-in capabilties of the browser like cookies, iframes and redirects to solve identity challenges. By adding new built-in browser capabilities, we could build even better identity solutions. In the homework, Sam calls out attention to five such new browser APIs.

• The W3C FedCM API in particular envisions a purpose-built API for federated identity. Using it, we could pehaps solve intractible problems like logout. And also, we could seperate factor out needed identity features from the despised tracking cookies. Identity standards would have to make use of these new browser features.

• It takes a long time for the browser community to arrive at consensus and implement new features. Even if you have a great idea, it might take a decade to come to fruition!

• Adoption by the browser makes a feature available to a huge audience. For identity solutions, that means a possible path to network economies of scale. Anyone can extend the browser via plugins. But default features create the ubiquitous adoption.

Livestream Audio Archive

here