Adds cross-origin iframe support for the FedCM API via a permissions policy. It enables websites to sandbox the scripts from identity providers which trigger the FedCM API in a cross-origin iframe, so that they do not have full control over the whole page. This also allows use cases where it is the iframe itself which requires a sign-in from the user. In both cases, the parent frame must provide the iframe with the permissions policy 'identity-credentials-get'.
The FedCM API allows sites to enable federated login easily and without relying on third party cookies. But large sites do not want to allow a third-party script to gain control over the top-level frame, so they want to add that script and invoke FedCM from within an iframe. In addition, some iframes may require federated login themselves.
Samples: https://fedcm-main-frame.glitch.me
Explainers: https://docs.google.com/document/d/1eJ6DCkgMO2mIgt3G4LltCXsnSvVA0HLcF9Kq-b2MDbY/edit