Difference between revisions of "Browser Identity Interactions"

From MgmtWiki
Jump to: navigation, search
(Problems)
(Context)
Line 6: Line 6:
 
* This protocol worked its magic by a method now known as front-channel even though that term does not appear in the [[OpenID Connect]] spec.
 
* This protocol worked its magic by a method now known as front-channel even though that term does not appear in the [[OpenID Connect]] spec.
 
** Front channel communications relies on communications from the IdP to the RP to flow through the user's browser, rather than the back channel flow directly between the Idp and RP.
 
** Front channel communications relies on communications from the IdP to the RP to flow through the user's browser, rather than the back channel flow directly between the Idp and RP.
 +
** The problem occurs when the RP and IdP are not in the same domain (or origin see wiki page [[]] for descriptions of those terms.
 
* The password manager (PM) is a pluggable feature in the browser. Generally the HTTP hooks are standardized, but the manager itself does not appear to be.
 
* The password manager (PM) is a pluggable feature in the browser. Generally the HTTP hooks are standardized, but the manager itself does not appear to be.
 
** The PM can recognize when a user has been at a site before and that the site is asking for a user name and password.
 
** The PM can recognize when a user has been at a site before and that the site is asking for a user name and password.

Revision as of 09:04, 3 June 2021

Full Title or Meme

The full range of Browser Identity Interactions from the initial identity creation to large scale federation interactions.

Context

  • The OpenID Connect protocol was the first major successful method to create Single Sign On functionality in commonly available browsers.
  • This protocol worked its magic by a method now known as front-channel even though that term does not appear in the OpenID Connect spec.
    • Front channel communications relies on communications from the IdP to the RP to flow through the user's browser, rather than the back channel flow directly between the Idp and RP.
    • The problem occurs when the RP and IdP are not in the same domain (or origin see wiki page [[]] for descriptions of those terms.
  • The password manager (PM) is a pluggable feature in the browser. Generally the HTTP hooks are standardized, but the manager itself does not appear to be.
    • The PM can recognize when a user has been at a site before and that the site is asking for a user name and password.

Problems

  • The use of third party cookies to track the user from the RP to the IdP is the same method used by advertisers to track user behavior on the Web.
  • The browsers all block some use of third party cookies in 2020 and are set to soon block all use of third party cookies.
  • Most of the money made on the web is through advertising. Companies like Google cannot afford the loss of their primary revenue stream.

References