Format change suggestion for quirks: add unrelated domains that may be assumed to be related

Question

Format change suggestion for quirks: add unrelated domains that may be assumed to be related

igor-makarov opened this issue 2 years ago · comments

TL;DR: Sometimes enterprise IT has software that isn't part of their SSO. This causes endless confusion both for users and password managers.

Real life example:
Tel Aviv University has the following websites sharing SSO credentials:

nidp.tau.ac.il
www.ims.tau.ac.il
several others

However, they also have a different subdomain for payroll, ihilanet.tau.ac.il which is run by an outside contractor, a big co with their own identity management system.

Safari, and probably other password managers, assume that these websites are related based on domain suffix and suggests more than one password. It's displayed like so:

The "from this website" gives me a hint that there's a distinction between an exact subdomain match and a password saved from another domain. But for this website, suggesting these other sites amounts to password reuse: this subdomain has a separate credential backend.

So in summary, my suggestion is to add a new rule type to the quirks - to allow to specify a subdomain to be definitively unrelated to another domain or subdomain.

I'm not sure as to how to properly represent a "non-equal" relation type, but here's an attempt at a syntax:

    {
        "from": [
            "*.tau.ac.il"
        ],
        "unrelatedTo": [
            "ihilanet.tau.ac.il"
        ]
    },

Igor Makarov · Answer 1 · Wed Feb 23 2022 16:16:31 GMT+0800 (China Standard Time)

@rmondello what do you think?

P.S. I've noticed that Swift subdomains are also like this:

bugs.swift.org - Jira credentials
forums.swift.org - Discourse credentials + GitHub login