One thing that was a surprise to me when I looked into this was that these changes to promote privacy (which seem pretty good to me) will also affect federated identity on the web.
Things like single sign-on are done with the same tech (cookies, redirects) that are used by advertisers, and in some cases are indistinguishable. This is a common use case, though of course small fry compared to the privacy vs ad tracking folks.
Yep, we're seeing the same challenges with Solid [1], where users bring their own backend. That said, that just means there's a problem to solve here: we need to enable such use cases while combating undesirable tracking.
Things like single sign-on are done with the same tech (cookies, redirects) that are used by advertisers, and in some cases are indistinguishable. This is a common use case, though of course small fry compared to the privacy vs ad tracking folks.
If you'd like to learn more about this aspect, here's a video from one of the Auth0 folks: https://identiverse.gallery.video/detail/videos/architecture...
(The video is from 2020. He gave an update at the same conference in 2021, but they haven't posted those videos yet.)
There's also a Federated ID Community Group at the W3C on the same issue: https://www.w3.org/community/fed-id/