> That makes sense, but maybe there's a way for us to combine this and the recent PNA intent <https://groups.google.com/a/chromium.org/g/blink-dev/c/PrB0xnNxaHs/m/jeoxvNjXCAAJ> and be more bold there only in the case of a COEP: credentialless embedder?
That's an interesting idea! I think it's worth considering when PNA will have an implementation of preflight checks. For now, it doesn't and I would like to avoid tying two features together during a launch. Moreover, this would still not bring better than the status-co for now, because the SAB OT remains. However, this is a nice subset to experiment/launch PNA earlier. Maybe we can be more aggressive here. The subset might be COEP:credentialless, COEP:X, COI. This would require adding some metrics to understand exactly how many pages would be affected by PNA in every subset. I think we will add some metrics for M96 as well and make a decision based on that. Arthur @arthursonzogni Le ven. 10 sept. 2021 à 14:22, Yoav Weiss <yoavwe...@chromium.org> a écrit : > Thanks for working on this! This seems like a great addition to the > CrossOriginIsolation story, and will help developers make their users safer > in the face of non-cooperative third parties. > > On Fri, Sep 10, 2021 at 1:17 PM 'Arthur Sonzogni' via blink-dev < > blink-dev@chromium.org> wrote: > >> Contact emailsarthursonzo...@chromium.org, cl...@chromium.org, >> mk...@chromium.org >> >> Explainerhttps://github.com/WICG/credentiallessness >> >> Specificationhttps://wicg.github.io/credentiallessness/ >> >> Design docs >> https://github.com/WICG/credentiallessness >> >> https://docs.google.com/document/d/1U1pDzS_WJpfkq6QqOeqgmXmba_I4tIbUR-5C1AHzI9o/edit# >> >> Summary >> >> Introduce Cross-Origin-Embedder-Policy: credentialless. This causes >> cross-origin no-cors requests to omit credentials (cookies, client >> certificates, etc). Similarly to COEP:require-corp, it can enable >> cross-origin isolation. >> >> >> Blink componentBlink>SecurityFeature >> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3ESecurityFeature> >> >> Search tagscoep <https://chromestatus.com/features#tags:coep>, >> credentialless <https://chromestatus.com/features#tags:credentialless>, >> coop <https://chromestatus.com/features#tags:coop>, crossoriginisolation >> <https://chromestatus.com/features#tags:crossoriginisolation>, >> crossOriginisolated >> <https://chromestatus.com/features#tags:crossOriginisolated> >> >> TAG reviewhttps://github.com/w3ctag/design-reviews/issues/582 >> >> TAG review statusPending >> >> Link to origin trial feedback summary >> https://docs.google.com/document/d/1Rcho9z8obW0A7aeM3Zz1QR3fN7KcmTHgjdF_mKEXiRQ >> >> Risks >> >> >> Interoperability and Compatibility >> >> Compatibility risk: This is an opt-in new feature, so there are no >> compatibility risks. Interoperability risk: New feature. Risk is failing to >> become an interoperable part of the web platform. >> >> >> Gecko: Worth prototyping ( >> https://github.com/mozilla/standards-positions/issues/539#issuecomment-867473836 >> ) >> Worth prototyping, but concerns are about the timing in between shipping: >> COEP:credentialless, Private Network Access (PNA), ORB. See >> https://github.com/mozilla/standards-positions/issues/539#issuecomment-914418485 >> > > Anne's argument is that shipping this before shipping PNA > protections would put private resources at extra risk, because the > documents including them would be considered COI, and therefore would have > access to high precision timers. > > Our argument is that the reverse OT for SAB access without COI already > enables that in Chrome. > > That makes sense, but maybe there's a way for us to combine this and the > recent PNA intent > <https://groups.google.com/a/chromium.org/g/blink-dev/c/PrB0xnNxaHs/m/jeoxvNjXCAAJ> > and > be more bold there only in the case of a COEP: credentialless embedder? > For example, avoid waiting 2 milestones/letting folks opt-out for 4 more > milestones if the embedder opted-in to credentialless? > > I'm not sure if it makes sense to block on this (or at all), but it could > be a middle ground that'd timebox those concerns. > > >> >> WebKit: No signal ( >> https://lists.webkit.org/pipermail/webkit-dev/2021-June/031898.html) >> No official replies yet. Safari is currently implementing COOP/COEP, but >> have no plan yet about COEP:credentialless variant: >> https://twitter.com/mikewest/status/1434878018191826948< >> >> Web developers: Positive ( >> https://github.com/WICG/proposals/issues/31#issuecomment-858822619) >> Google Earth, Twitter, Zoom, etc... are positive. >> >> Ergonomics >> >> Similarly to the existing COEP:require-corp, it will also be often used >> in tandem with Cross-Origin-Opener-Policy: same-origin (COOP) >> >> >> Activation >> >> This is an HTTP header. Developers need to be able to configure their >> server. This is hard for them when hosting their page on servers they don't >> really own, like https://github.io pages. >> > > Aside, but maybe our friends at Microsoft know people on the GH side that > can help fix that? This is a recurrent issue, and it'd be good to solve it > at some point. > /cc +Alex Russell <slightly...@chromium.org> +Eric Lawrence > <eric.lawre...@microsoft.com> > > >> >> >> Debuggability >> >> The same devtool features as for COEP:require-corp: 1. Display COEP >> policy: Devtool > Application > Frames > top > Security & Isolation > >> Cross-Origin Embedder Policy. 2. Devtool issues: >> https://source.chromium.org/search?q=file:devtools-frontend%2Fsrc%2Ffront_end%2Fmodels%2Fissues_manager%2Fdescriptions%2FCoep*&ss=chromium >> <https://source.chromium.org/search?q=file%3Adevtools-frontend%2Fsrc%2Ffront_end%2Fmodels%2Fissues_manager%2Fdescriptions%2FCoep%2A&ss=chromium> >> >> >> Is this feature fully tested by web-platform-tests >> <https://chromium.googlesource.com/chromium/src/+/master/docs/testing/web_platform_tests.md> >> ?Yes >> >> Flag namechrome://flags/#cross-origin-embedder-policy-credentialless >> >> Requires code in //chrome?False >> >> Tracking bughttps://crbug.com/1175099 >> >> Launch bughttps://bugs.chromium.org/p/chromium/issues/detail?id=1218896 >> >> Measurement >> https://chromestatus.com/metrics/feature/timeline/popularity/3881 >> >> Sample links >> http://coep-credentialless.glitch.me/ >> >> Estimated milestones >> OriginTrial desktop last 95 >> OriginTrial desktop first 93 >> DevTrial on desktop 93 >> OriginTrial android last 95 >> OriginTrial android first 93 >> DevTrial on android 93 >> DevTrial on Webview 93 >> >> Link to entry on the Chrome Platform Status >> https://chromestatus.com/feature/4918234241302528 >> >> Links to previous Intent discussionsIntent to prototype: >> https://groups.google.com/a/chromium.org/g/blink-dev/c/DOtU6R4TuAY/m/kPbID-LAAQAJ >> Intent to Experiment: >> https://groups.google.com/a/chromium.org/g/blink-dev/c/Sdc0G1bvKr0/m/YHR8RuWyAAAJ >> >> >> This intent message was generated by Chrome Platform Status >> <https://www.chromestatus.com/>. >> Arthur @arthursonzogni >> >> -- >> You received this message because you are subscribed to the Google Groups >> "blink-dev" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to blink-dev+unsubscr...@chromium.org. >> To view this discussion on the web visit >> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAAzos5GX5UpU_8V5faX0KzvWG9y5FT8BvCDJ5LUQ929LWM3%3DPA%40mail.gmail.com >> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAAzos5GX5UpU_8V5faX0KzvWG9y5FT8BvCDJ5LUQ929LWM3%3DPA%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAAzos5G%2Bmha107wHFJP0%3DKcXyaA5GHRbceeUb1LK93-3DrLvSA%40mail.gmail.com.