Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Should we pick a better name for this API? And if so, which? Or, do we like FedCM? #331

Closed
samuelgoto opened this issue Aug 22, 2022 · 3 comments

Comments

@samuelgoto
Copy link
Collaborator

samuelgoto commented Aug 22, 2022

We picked a name (FedCM) that was deliberately narrow/convoluted/technical to avoid the distraction of an un-necessary discussion.

As we approach broader availability (e.g. chrome origin trials, firefox prototyping it, etc) this seems like a good time to ask ourselves as a group if / whether / which name we'd like to use for this API (it gets harder to change as we go along).

Keeping our current name is a perfectly valid choice, but we figure it would be good for that to be a deliberately choice rather than unintentional.

We need to find some resolution, because we need to know what to call this and we'd like your input on this :)

Here are a few options that occurred to us (either option could work for us):

  1. Keep FedCM (which could be confused with this this one -- so not ideal)
  2. Pick another name (a few that occurred to us):
    • WebID: taken.
    • Federated Identity API
    • Web Identification API
    • Web Identity API
    • Identity Credential Management API
    • more ideas here
    • other ideas?

A few things to consider:

  1. We used FedCM before because we were subclassing the existing FederatedCredential interface, which we aren't anymore (for good reasons), so if we keep it there'll be technically two Federated Credential Management APIs: this one and this one.
  2. Because we had to avoid the subclassing, for better or for worse, we have, since then, created an IdentityCredential interface in the Credential Management spec and used Web Identity in a few places in the spec (e.g. the in the .well-known/web-identity configuration file). The more we delay on this decision, the more this will start to get baked into the API design and harder to change (because coordinating between multiple implementors is hard-er).
  3. WebID is already taken, we don't want to overload it
  4. The TAG advised us against Web Identity API (too broad), and would rather us use Web Identification API (which could work, specifically because it relates to Web Authentication in a complementary way)
  5. Should align with the TAG's Naming Design Principles
  6. It would be good to have something that aligns well with WebAuthn
  7. Here are some of the feature requests that we got from you all of you in the past (which we haven't committed to, but good to know how others see the API going forward)

This is a discussion about name, rather than scope: none of the spec scope is changing, we just need to finalize what to call the API under its existing scope defined in the spec.

I'm planning to drive some resolution on this issue at TPAC at the FedID CG, which should give people a few weeks to make suggestions here in preparation.

WDYT?

@timcappalli
Copy link

I like Federated Credential Management, but understand the concerns about the existing CredMan surface.

So I'd propose: Federated Identity Exchange API

@alextcone
Copy link

I suspect optics of the optics of “Identity Exchange” are not great.

@samuelgoto
Copy link
Collaborator Author

I'm going to close this as resolved, since we went with the status quo for the time being at least.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants