Allow scoping of token query and redemption to specific redeemers

Question

Allow scoping of token query and redemption to specific redeemers

donivatamazondotcom opened this issue 4 months ago · 0 comments

donivatamazondotcom commented 4 months ago

Presently any 3P website can query Chrome for tokens issued by a specific Issuer. This results in a couple of challenges:

An Issuer seeking to redeem its own tokens needs to compete with 3P websites to query for tokens before Chrome's per-site Issuer limit kicks in.
There is no way for an Issuer to prevent data leakage to arbitrary 3P websites about the fact that it issued tokens to a user.

There could be an extension that allows enumeration of permitted redeemers, with the default being any. Similar to first-party cookies, the browser could restrict token query and access to specified redeemers. Additionally, this could be a Related Website Set, which should provide more flexibility and simplicity in specifying redeemers.