On 7/4/23 5:35 AM, 'Sergii Bykov' via blink-dev wrote:
Contact emails
[email protected]
Explainer
https://github.com/Ananubis/WebApiDevice/blob/master/Explainer.md
I see that getAnnotatedAssetId(), getAnnotatedLocation(),
getDirectoryId(), and getSerialNumber() are all defined as uniquely
identifying a device. Forgive my ignorance, but can you expand on the
use cases for each of these unique IDs in the explainer (and why there
are so many of them)?
Specification
https://wicg.github.io/WebApiDevice/device_attributes
Summary
Device Attributes Web API is a subset of Managed Device Web API, that
provides web applications the capability to query device information
(device ID, serial number, location, etc).
Blink component
Blink <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink>
TAG review
https://github.com/w3ctag/design-reviews/issues/606 There was no
indication of implementation support from browsers other than Chrome.
And reviewers were concerned by the risk of pervasive monitoring of
employees. Privacy concerns were addressed in 'Permission control' and
'privacy consideration' paragraphs of the spec. But TAG reviewers
didn't endorse adding this as a general mechanism to the Web platform.
TAG review status
Issues addressed
Risks
Interoperability and Compatibility
navigator.managed object includes managed configuration and this
device attributes API. These APIs only work in managed applications
and return an error in other contexts. Thus navigator.managed exposure
may be reduced in the future to managed environments only. This will
be done as a separate chrome feature and after an investigation with
usage counters.
Can you clarify what you intend to ship vs "exposure may be reduced in
the future"? Mozilla had a good suggestion
<https://github.com/mozilla/standards-positions/issues/815#issuecomment-1593801419>,
but it's not clear to me if it's being incorporated or not.
/Gecko/: Neutral
(https://github.com/mozilla/standards-positions/issues/815) Mozilla
decided not to take a position. Also suggested to limit the exposure
(see proposal in Interoperability and Compatibility).
/WebKit/: Neutral
(https://github.com/WebKit/standards-positions/issues/198) Mixed
signals from WebKit. Offering to leave it as an extension API or do
not expose it everywhere. Exposure addressed in Interoperability and
Compatibility
/Web developers/: Positive
(https://github.com/WICG/proposals/issues/14) Web developers request
this API as they migrate from deprecated ChromeApps to PWAs
/Other signals/:
Ergonomics
Frequently used with managed configuration. No performance risks.
Activation
No activation challenges for developers. API is straighforward to use.
ChromeOS Admins will need to set up the force-installed or kiosk app
and the allowlist policy correctly.
Security
Please see 'Permission control' and 'privacy consideration' paragraphs
in the API spec.
WebView application risks
Does this intent deprecate or change behavior of existing APIs, such
that it has potentially high risk for Android WebView-based applications?
This feature does not deprecate or change behavior of existing APIs.
Debuggability
Verified that all five new methods show up in the DevTools Console
autocomplete functionality.
Will this feature be supported on all six Blink platforms
(Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?
No
Is this feature fully tested by web-platform-tests
<https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md>?
No
DevTrial instructions
https://github.com/WICG/WebApiDevice/blob/main/README.md
Flag name on chrome://flags
enable-restricted-web-apis
Finch feature name
Non-finch justification
None
Requires code in //chrome?
False
Tracking bug
https://bugs.chromium.org/p/chromium/issues/detail?id=1132865
Launch bug
https://bugs.chromium.org/p/chromium/issues/detail?id=1217848
Availability expectation
Feature is available only in ChromeOS (Ash and Lacros) browsers for
the foreseeable future.
Adoption expectation
Feature will be used by Web App developers for Kiosk and other managed
apps on ChromeOS as a part of migration from ChromeApps to PWAs within
12 months of launch in Chrome.
Adoption plan
A new setting in dpanel kiosk settings will allow admins of managed
chrome to configure 'trusted' apps access to API usage via existing
policy 'DeviceAttributesAllowedForOrigins'. This setting will be
enabled for trusted testers end of Q2 2023.
Non-OSS dependencies
Does the feature depend on any code or APIs outside the Chromium open
source repository and its open-source dependencies to function?
Yes. Policy for managed devices is used to control apps that can
access this API. For example, after the launch
navigator.managed.getAnnotatedAssetId will be defined for 'trusted'
origins (kiosk or force-installed web app), but it will return an
error if origin is not allowlisted in
'DeviceAttributesAllowedForOrigins' policy.
Sample links
https://github.com/WICG/WebApiDevice/blob/master/README.md
Estimated milestones
Shipping on desktop 117
OriginTrial desktop last 98
OriginTrial desktop first 93
OriginTrial Android last 98
Anticipated spec changes
Open questions about a feature may be a source of future web compat or
interop issues. Please list open issues (e.g. links to known github
issues in the project for the feature specification) whose resolution
may introduce web compat/interop risk (e.g., changing to naming or
structure of the API in a non-backward-compatible way).
Spec changes are not expected in the near future. Current spec is
consistent with a similar extension API.
Link to entry on the Chrome Platform Status
https://chromestatus.com/feature/5694001745231872
Links to previous Intent discussions
Intent to prototype:
https://groups.google.com/a/chromium.org/g/blink-dev/c/oYRwgx8SwTA/m/OTfKKCMZBQAJ Intent
to Experiment:
https://groups.google.com/a/chromium.org/g/blink-dev/c/dJQgwZ_1jk0/m/eo5aXO8eAgAJ
This intent message was generated by Chrome Platform Status
<https://chromestatus.com/>.
--
Sergii Bykov
Software Engineer
[email protected]+49 174 2575015
Google Germany GmbH
Erika-Mann-Straße 33
80636 München
Geschäftsführer: Paul Manicle, Liana Sebastian
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
Diese E-Mail ist vertraulich. Falls Sie diese fälschlicherweise
erhalten haben sollten, leiten Sie diese bitte nicht an jemand anderes
weiter, löschen Sie alle Kopien und Anhänge davon und lassen Sie mich
bitte wissen, dass die E-Mail an die falsche Person gesendet wurde.
This e-mail is confidential. If you received this communication by
mistake, please don't forward it to anyone else, please erase all
copies and attachments, and please let me know that it has gone to the
wrong person.
--
You received this message because you are subscribed to the Google
Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAEBayjL7AyE-m7A90NxnKbsXUtqreD7GNH5qWSy4ydSpv3_4AQ%40mail.gmail.com
<https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAEBayjL7AyE-m7A90NxnKbsXUtqreD7GNH5qWSy4ydSpv3_4AQ%40mail.gmail.com?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the Google Groups
"blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/c6761cdc-aadb-ca8a-6dae-95a4f34f0043%40chromium.org.
