Platform-issued trust tokens (addition to the Trust Token API)

Feature: Platform-issued trust tokens (addition to the Trust Token API)

The Trust Token API allows sites to encode coarse-grained notions of user trust (a couple bits worth) across site boundaries. This change will expand the API to allow issuing websites to request that browsers attempt to execute corresponding Trust Tokens operations against the platform environment the browser is operating in: for instance, via some kind of system API or IPC to a system service. More information about the API writ large: https://www.chromestatus.com/feature/5078049450098688

Motivation

Many websites and services that depend on fraud and spam detection presently rely on privacy-invasive techniques such as fingerprinting to identify devices. This proposal introduces a mechanism for the platform to provide a signal via the browser that may be consumed by anti-abuse mechanisms, thus providing a reliable indicator and removing the need for privacy-invasive methods.

Status in Chromium

Blink components: Internals>Network

Implementation status: In development

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

Firefox: No signal
Safari: No signal
Web Developers: No signals

Owner

davidvc@chromium.org

Intent to Prototype url

Intent to Prototype thread

Last updated on 2021-12-10