Hadley: [leaves comment about lack of explainer]

Amy: I think this is too early.. still going back and forth with group members on this in an issue. There's no privacy & security questionnaire.

• Breakout Rollup
• Issue Triage

Hadley: we weren't happy with explainer - asked them for a proper explainer - they have not responded.

Posted a question about user consent and possibly replay issues.

Hadley: looked at in the tokyo face to face. I'm not sure their reply addresses Peter's question. My main concern.. prevent silent access.. the site calling the browser after the user clicks sign out... sounds like credentials are still in the browser.. could there be ways to override that? On the other hand the browser as the UA is the place we've decided to trust for all this stuff anyway. So I think it's okay.

Peter: in saml in a lot of implementations you can sign out of the RP without signing out of the IDP. You're just closing the session. So if you revisit the same app it autorelogs you in.

Hadley: so you have multiple steps to sign out, that don't necessarily feel intuitive? That's not good for the user

Peter: in saml there's the possibility that when you sign out of an app you can feed it upstream and sign it out of the idp as well. And that can kill sessions of other RPs, but that's very rarely implemented. I don't know if this flow is an issue in FedCM. In my experiecne most users don't undrestand the difference between signing into an RP vs an IDP. If you're on a computer that isn't yours, most cases people will think they have signed out but haven't. Concerned about people walking away from active sessions that they don't realise they're walking away form.

Hadley: I think that's worth making explicit

Peter: this might be addressed elsewhere in FedCM, don't want to add noise. Need more time - plenary.

Amy: They've asked "since there's no new API should we close this review"?

Yves: and they've said they align with firefox.

set to proposed closing and bumped to f2f to close