You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Presently any 3P website can query Chrome for tokens issued by a specific Issuer. This results in a couple of challenges:
An Issuer seeking to redeem its own tokens needs to compete with 3P websites to query for tokens before Chrome's per-site Issuer limit kicks in.
There is no way for an Issuer to prevent data leakage to arbitrary 3P websites about the fact that it issued tokens to a user.
There could be an extension that allows enumeration of permitted redeemers, with the default being any. Similar to first-party cookies, the browser could restrict token query and access to specified redeemers. Additionally, this could be a Related Website Set, which should provide more flexibility and simplicity in specifying redeemers.
The text was updated successfully, but these errors were encountered:
Presently any 3P website can query Chrome for tokens issued by a specific Issuer. This results in a couple of challenges:
There could be an extension that allows enumeration of permitted redeemers, with the default being any. Similar to first-party cookies, the browser could restrict token query and access to specified redeemers. Additionally, this could be a Related Website Set, which should provide more flexibility and simplicity in specifying redeemers.
The text was updated successfully, but these errors were encountered: