On Thu, Nov 17, 2022 at 11:50 PM Rick Byers <[email protected]> wrote:
> Discussed in the API owners meeting yesterday. It sounds like work is > ongoing to fully resolve issue #5 > <https://github.com/WICG/anonymous-iframe/issues/5> including a good > discussion at WebAppSec WG yesterday (summary in the Mozilla standards > position issue <https://github.com/mozilla/standards-positions/issues/628>). > > issue #5 <https://github.com/WICG/anonymous-iframe/issues/5> has been implemented. Anonymous iframe is now renamed: iframe credentialless. The implementation is ready to ship for M110. After the webappsec meeting with Dan Veditz. I asked on this Mozilla standard position thread <https://github.com/mozilla/standards-positions/issues/628#issuecomment-1318940625> how we might reach agreement or what action to take instead. I don't believe we came to anything close to that. So far, I haven't had any luck getting additional responses. Arthur, let us know when you think decisions are captured sufficiently for > API owners to re-evaluate. > I'm not sure how to progress beyond that. So I think the API owner can now re-evaluate. Arthur @arthursonzogni On Thu, Nov 17, 2022 at 11:50 PM Rick Byers <[email protected]> wrote: > Discussed in the API owners meeting yesterday. It sounds like work is > ongoing to fully resolve issue #5 > <https://github.com/WICG/anonymous-iframe/issues/5> including a good > discussion at WebAppSec WG yesterday (summary in the Mozilla standards > position issue <https://github.com/mozilla/standards-positions/issues/628>). > Arthur, let us know when you think decisions are captured sufficiently for > API owners to re-evaluate. > > Thanks, > Rick > > On Mon, Nov 14, 2022 at 11:22 AM Zheng Wei <[email protected]> wrote: > >> Google Display Ads (GPT specifically) has tried the OT and is satisfied >> with the feature's behavior. Looking forward to it! >> >> On Thursday, November 10, 2022 at 10:06:35 AM UTC-5 Smaug wrote: >> >>> On 11/10/22 10:33, 'Arthur Sonzogni' via blink-dev wrote: >>> > Hi blink-dev, >>> > >>> > * >>> > * >>> > >>> > We decided to address issue #5 < >>> https://github.com/WICG/anonymous-iframe/issues/5>: “rename anonymous >>> iframe into iframe credentialless”. We will >>> > rename <iframe anonymous>to <iframe credentialless>. >>> > >>> > For this adjustment to take place, the new plan is to ship in M110 >>> instead of M109. We do not think the origin trial will need to be extended, >>> since >>> > partners have been or will be able to test up to M108. Therefore, >>> there will be a gap between the original trial and launch version. >>> > >>> > However, renaming from anonymous to credentialless will not answer >>> Mozilla's core argument. They believe that the feature would be best >>> controlled via >>> > multiple new sandbox flags. >>> >>> I don't think anyone from Mozilla has said that. What I have said is >>> that the current way to control how iframes work is getting very >>> complicated and >>> the new attribute adds yet another mechanism. And if most of the users >>> will use both sandbox and credentialless, understanding how those work >>> together >>> can be rather confusing. Also, credentialless isn't exposing the >>> primitives itself, but some unique set of features. I'd rather see >>> primitives to be >>> exposed and other features built on top of them. >>> >>> >>> -Olli >>> >>> >>> We think it is much less ergonomic and makes the feature harder to >>> explain to developers. The integration with sandbox >>> > flags has challenging open questions around edge cases, as listed in >>> this document >>> > < >>> https://github.com/WICG/anonymous-iframe/blob/main/mozilla-sandbox-proposal.md>. >>> >>> > >>> > * >>> > * >>> > >>> > Considering this, we think the current solution is a better one. We >>> have feedback from partners that it solves their needs. Considering that we >>> have >>> > no clear feedback Mozilla would be interested in implementing >>> anonymous iframes even if they were spelled as sandbox flags, we believe we >>> should ship >>> > with what we have implemented. >>> > >>> > >>> > -- >>> > You received this message because you are subscribed to the Google >>> Groups "blink-dev" group. >>> > To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected] >>> > <mailto:[email protected]>. >>> > To view this discussion on the web visit >>> > >>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAAzos5GDYwk7ohTD4Eq2TW43hU%3DrHfXsx2V7%2BVK%3DHdKNd02-TA%40mail.gmail.com >>> > < >>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAAzos5GDYwk7ohTD4Eq2TW43hU%3DrHfXsx2V7%2BVK%3DHdKNd02-TA%40mail.gmail.com?utm_medium=email&utm_source=footer>. >>> >>> >>> -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAAzos5HVNyeEkTqnxjhVN2FUvTonE7FehkKuhZPc5dqR83pfFA%40mail.gmail.com.
