[OAUTH-WG] Re: Invitation: OAuth WG Virtual Interim - FedCM @ Tue May 7, 2024 12pm - 1pm (EDT) (oauth@ietf.org)

[Neil Madden]

Looking at these slides again, and at the spec, does this even work to defeat tracking? The browser makes two requests to the IdP prior to getting consent from the user: 1. To lookup the accounts of the user (identifying the user) 2. To lookup the metadata of the client (identifying the RP).  Isn’t it rather trivial for a tracker posing as an IDP to correlate these two requests? The privacy considerations talk about IP addresses and timing ways to correlate, but there are plenty of others. — Neil On 8 May 2024, at 13:34, Rifaat Shekh-Yusef <rifaat.s.i...@gmail.com> wrote:  Attached is the slide deck presented during this meeting. The following is a link to the meeting video recording: https://www.youtube.com/watch?v=cngVbSkEYL8 Regards,  Rifaat On Thu, Apr 25, 2024 at 1:01 PM Rifaat Shekh-Yusef <rifaat.s.i...@gmail.com> wrote: OAuth WG Virtual Interim - FedCM The Web Authorization Protocol (oauth) WG will hold a virtual interim meetingon 2024-05-07 from 12:00 to 13:00 America/Toronto (16:00 to 17:00 UTC).Agenda:FedCM update and discussionhttps://fedidcg.gi   The Web Authorization Protocol (oauth) WG will hold a virtual interim meeting on 2024-05-07 from 12:00 to 13:00 America/Toronto (16:00 to 17:00 UTC). Agenda: FedCM update and discussion https://fedidcg.github.io/FedCM/ Information about remote participation: https://meetings.conf.meetecho.com/interim/?group=06583774-aede-401e-aa29-4ed8f23365b8 -- A calendar subscription for all oauth meetings is available at https://datatracker.ietf.org/meeting/upcoming.ics?show=oauth When Tuesday May 7, 2024 ⋅ 12pm – 1pm (Eastern Time - Toronto) Guests Rifaat Shekh-Yusef - organizer oauth@ietf.org View all guest info Reply for oauth@ietf.org Yes No Maybe More options Invitation from Google Calendar You are receiving this email because you are an attendee on the event. To stop receiving future updates for this event, decline this event. Forwarding this invitation could allow any recipient to send a response to the organizer, be added to the guest list, invite others regardless of their own invitation status, or modify your RSVP. Learn more _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth <IETF-OAuthInterim24-FedCM.pdf> _______________________________________________ OAuth mailing list -- oauth@ietf.org To unsubscribe send an email to oauth-le...@ietf.org

_______________________________________________
OAuth mailing list -- oauth@ietf.org
To unsubscribe send an email to oauth-le...@ietf.org