FYI, we're going to extend this OT another 2 milestones, to 129 inclusive. 
(Existing OT tokens will still work, they won't expire IIUC.)

On Tuesday, May 7, 2024 at 11:02:03 AM UTC-4 Mike Taylor wrote:

> LGTM to experiment from 126 to 127 inclusive.
> On 5/7/24 10:52 AM, Chris Fredrickson wrote:
>
> Contact emails
>
> joha...@chromium.org, cfre...@chromium.org, yi...@chromium.org
>
> Explainer
>
> https://github.com/explainers-by-googlers/storage-access-for-fedcm
>
> Specification
>
> None (TBD)
>
> Summary
>
> Reconciles the FedCM and Storage Access APIs by making a prior FedCM grant 
> a valid reason to automatically approve a storage access request.
>
> When a user grants permission for using their identity with a 3rd party 
> Identity Provider (IdP) on a Relying Party (RP), many IdPs require 
> third-party cookies to function correctly and securely. This proposal aims 
> to satisfy that requirement in a private and secure manner by updating the 
> Storage Access API (SAA) permission checks to not only accept the 
> permission grant that is given by a storage access prompt, but also the 
> permission grant that is given by a FedCM prompt.
>
> A key property of this mechanism is limiting the grant to cases explicitly 
> allowed by the RP via the FedCM permissions policy, enforcing a per-frame 
> control for the RP and preventing passive surveillance by the IdP beyond 
> the capabilities that FedCM already grants, as outlined in the Privacy 
> Considerations 
> <https://github.com/explainers-by-googlers/storage-access-for-fedcm?tab=readme-ov-file#privacy-considerations>
> .
>
>
> Blink component
>
> Blink>StorageAccessAPI
>
> TAG review
>
> None
>
> TAG review status
>
> N/A
>
> Risks
>
>
> Interoperability and Compatibility
>
> None
>
>
>
> Gecko: No public signals, positive initial signals 
> <https://docs.google.com/document/d/1jxqW4kvGdclIWsOlWMXWLGpwu1wOorST2Ol6vJKAjDE/edit#heading=h.y0ecc5cfr86n>.
>  
> We will request a formal position.
>
> WebKit: No signal. We will request a formal position.
>
> Web developers: Positive <https://github.com/fedidcg/FedCM/issues/467>
>
> Other signals:
>
> WebView application risks
>
> Does this intent deprecate or change behavior of existing APIs, such that 
> it has potentially high risk for Android WebView-based applications?
>
> N/A, not shipping on Android WebView.
>
> Goals for experimentation
>
> Evaluate the implementation, and the usability of the feature to ensure it 
> adequately solves the problem.
>
> Ongoing technical constraints
>
> None
>
> Debuggability
>
> None
>
> Will this feature be supported on all six Blink platforms (Windows, Mac, 
> Linux, ChromeOS, Android, and Android WebView)?
>
> No. It will not be supported in Android WebView.
>
> Is this feature fully tested by web-platform-tests?
>
> No. The implementation is primarily in permissions code in //chrome, which 
> cannot be tested in WPTs since WPTs use a fake permission manager 
> <https://crsrc.org/c/content/web_test/browser/web_test_permission_manager.h;drc=33b441e83b1f70381158fcafb0ecde9168b79524;l=28>
>  
> in Chromium.
>
> Flag name on chrome://flags
>
> #fedcm-with-storage-access-api
>
> Finch feature name
>
> FedCmWithStorageAccessAPI
>
> Non-finch justification
>
> None
>
> Requires code in //chrome?
>
> True
>
> Estimated milestones
>
> M126 through M127 (inclusive).
>
>
> Link to entry on the Chrome Platform Status
>
> https://chromestatus.com/feature/5116478702747648
>
> Links to previous Intent discussions
>
> Intent to prototype: 
> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAD_OO4iogs7O60r0YcVnDB5aCvs9WUYjWFcuHqcFi5bXLRBOig%40mail.gmail.com
>
> This intent message was generated by Chrome Platform Status.
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "blink-dev" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to blink-dev+...@chromium.org.
> To view this discussion on the web visit 
> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/9a75fe74-ca55-4ddc-93d7-120adfdee49en%40chromium.org
>  
> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/9a75fe74-ca55-4ddc-93d7-120adfdee49en%40chromium.org?utm_medium=email&utm_source=footer>
> .
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to blink-dev+unsubscr...@chromium.org.
To view this discussion on the web visit 
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/0cfd4e4b-9f00-48b5-87b2-7cad43d9f80dn%40chromium.org.

Reply via email to