Thanks for sending this intent! :) It seems like you didn't use the chromestatus.com template, so a few things are missing: * The title is non-standard and hence didn't get caught in our tooling * What's the timeline for which you want to deprecate the use of these URI schemes? When will they be removed? * A short explainer outlining what will be deprecated and removed and how developers should deal with that
On Mon, Mar 20, 2023 at 5:50 PM 'Adam Langley' via blink-dev < blink-dev@chromium.org> wrote: > *Primary eng emails* > > a...@chromium.org, rby...@chromium.org > > *Summary* > > Creating a dedicated secure browser API for mdoc selection to replace > mdoc-scheme URLs on Chrome and Android. > > *Motivation* > > Last month, we sent > <https://groups.google.com/a/chromium.org/g/blink-dev/c/O9A9fq-0IdI/m/sqdVA17iBQAJ> > an intent to prototype for a more secure browser API for mdoc > <https://www.iso.org/obp/ui/fr/#iso:std:69084:en> selection, which we > believe will more safely enable mobile driver’s licenses on the web across > multiple wallets. In addition to allowing sites to request real-world > identity information for opening a bank account, for example, this > dedicated API will also provide users with more transparency and control > into what personal information is then shared with the website requesting > it. > > As prototyping of the new API begins, we are considering blocking the URI > schemes mdoc and mdoc-openid4vp from being forwarded directly to the OS > (e.g. as Intents on Android). These schemes have been proposed as a way to > use Chromium's support for websites opening complementary apps, to instead > open and communicate directly with arbitrary wallet apps. We believe this > mechanism is more prone to security risks for consumers, such as phishing > attacks, by not providing enough information to the browser to be able to > explain the request to the user, and that it prevents the operating system > from mediating such requests. > > For similar reasons, Android is exploring a complementary, API-based > solution, instead of supporting the URL schemes mentioned above. > > Like all Chromium projects, the new API will be developed in the open and > we’ll be engaging with the developers, regulators, and industry groups for > feedback. > > We are collecting feedback and metrics on this deprecation plan and will > follow up with a bug and feature dashboard entry when pertinent. > > -- > You received this message because you are subscribed to the Google Groups > "blink-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to blink-dev+unsubscr...@chromium.org. > To view this discussion on the web visit > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL9PXLycoChNiZAMB33jVCe%3DUvdrFAYkQ%3DiKH%2BXqPK-bgS2VEA%40mail.gmail.com > <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL9PXLycoChNiZAMB33jVCe%3DUvdrFAYkQ%3DiKH%2BXqPK-bgS2VEA%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfUi5yZeJxE-Yr7HLym87Bm-8zXYY-tm23vymLWHLcPhbg%40mail.gmail.com.
