We would like to revive the proposal at #449 (comment)

There are two ways to use iframes with fedcm:

1. The iframe might be an "implementation detail" of the website, e.g. a rp-static.example domain to isolate RP cookies from an IDP-provided SDK
2. The iframe might be a genuine third-party embedded into the top-level website to provide some kind of utility. For example, a book editing website might embed a photo editor, which might want you to log in to access previously saved files

In the first case, the expectation is that the iframe origin will not be shown because that origin is not meaningful to the user; it is conceptually first-party even if it is not same-site.

In the second case, the iframe site is important to the user to make an informed decision and to understand why they are asked to log in.

Because both cases are cross-site, the user agent needs additional information to decide which case the iframe falls into. The proposal I linked at the top solves this by letting the IDP tell the user agent (in the client metadata endpoint) whether the two origins are part of the same client.