WebID feedback

Alternatives Considered

Now that we have a deep understanding of (a) the problem and (b) the motivations and topology of the parties involved, lets look at some why nots.

The Status Quo

A trivial alternative that is worth noting as a baseline is to "do nothing" and keep federation using low-level primitives like redirects and popups.

That seemed clear to reject based on:

From here, the next incremental step we could look at is the requestStorageAccess API.

The RequestStorageAccess API

The Document.requestStorageAccess() API grants first-party storage to cross-origin subframes. In conjunction with iframes, an IDP could expose its service via cross-site postMessage communication once first-party storage has been granted.

This approach has a couple of downsides:

From here, let's try to break down the problem into smaller parts.