Decentralizing FedCM: A New Era for Federated Identity Management

The Challenge of FedCM

The Federated Credential Management API (FedCM) is a promising new standard from the W3C's FedID Working Group, designed to streamline federated identity management in web applications. By allowing browsers to mediate the authentication process, users can sign in without the cumbersome OAuth/OIDC redirects. However, as Emelia Smith points out in her recent blog post, FedCM's current architecture is ill-suited for the decentralized social web, where countless authorization servers exist, each potentially supporting different protocols.

In its current form, FedCM assumes a known set of authorization servers, limiting its applicability in a decentralized environment. Instead of simply asking the browser for credentials tied to a specific provider, users in the open social web need a more flexible solution. The proposal for Identity Provider Registration, currently in Stage 1 of development, aims to address this gap by allowing browsers to retrieve credentials based on the supported protocol rather than a specific provider.

Funding the Future

Recognizing the need for advocacy within the FedID Working Group, Smith applied for Invited Expert status, which would enable her to represent the decentralized web's interests. Her application was approved, paving the way for her to engage directly with browser implementers. However, funding was essential to sustain her efforts. Enter Bluesky Social PBC, which stepped up to provide a $39,000 grant over 12 months, allowing Smith to work independently while collaborating with various communities focused on IndieAuth, Solid, and the AT Protocol.

This grant is more than just financial support; it signifies a commitment to ensuring that the decentralized web's needs are front and center in the ongoing development of FedCM. Smith's extensive background in protocols like ActivityPub and Solid, combined with her experience in OAuth and OIDC, positions her as a valuable advocate for this cause.

A Collaborative Path Forward

As Smith embarks on this journey, the implications for practitioners in the decentralized web space are significant. The successful adaptation of FedCM could lead to a more cohesive user experience across diverse applications, enabling seamless authentication regardless of the underlying protocol. This would not only enhance usability but also empower developers to create more interconnected and user-friendly decentralized applications.

In a world where digital identity management is increasingly complex, the push to decentralize FedCM could be a game-changer. Will this initiative pave the way for a more inclusive and robust open social web? Only time will tell, but with dedicated advocates like Smith at the helm, the future looks promising.