*LGTM1* On Fri, Sep 10, 2021 at 3:28 PM Arthur Sonzogni <[email protected]> wrote:
> > That makes sense, but maybe there's a way for us to combine this and the > recent PNA intent > <https://groups.google.com/a/chromium.org/g/blink-dev/c/PrB0xnNxaHs/m/jeoxvNjXCAAJ> > and > be more bold there only in the case of a COEP: credentialless embedder? > > That's an interesting idea! I think it's worth considering when PNA will > have an implementation of preflight checks. For now, it doesn't and I would > like to avoid tying two features together during a launch. > Moreover, this would still not bring better than the status-co for now, > because the SAB OT remains. > > However, this is a nice subset to experiment/launch PNA earlier. Maybe we > can be more aggressive here. The subset might be COEP:credentialless, > COEP:X, COI. > This would require adding some metrics to understand exactly how many > pages would be affected by PNA in every subset. I think we will add some > metrics for M96 as well and make a decision based on that. > That sounds perfectly reasonable! > > Arthur @arthursonzogni > > > Le ven. 10 sept. 2021 à 14:22, Yoav Weiss <[email protected]> a > écrit : > >> Thanks for working on this! This seems like a great addition to the >> CrossOriginIsolation story, and will help developers make their users safer >> in the face of non-cooperative third parties. >> >> On Fri, Sep 10, 2021 at 1:17 PM 'Arthur Sonzogni' via blink-dev < >> [email protected]> wrote: >> >>> Contact [email protected], [email protected], >>> [email protected] >>> >>> Explainerhttps://github.com/WICG/credentiallessness >>> >>> Specificationhttps://wicg.github.io/credentiallessness/ >>> >>> Design docs >>> https://github.com/WICG/credentiallessness >>> >>> https://docs.google.com/document/d/1U1pDzS_WJpfkq6QqOeqgmXmba_I4tIbUR-5C1AHzI9o/edit# >>> >>> Summary >>> >>> Introduce Cross-Origin-Embedder-Policy: credentialless. This causes >>> cross-origin no-cors requests to omit credentials (cookies, client >>> certificates, etc). Similarly to COEP:require-corp, it can enable >>> cross-origin isolation. >>> >>> >>> Blink componentBlink>SecurityFeature >>> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3ESecurityFeature> >>> >>> Search tagscoep <https://chromestatus.com/features#tags:coep>, >>> credentialless <https://chromestatus.com/features#tags:credentialless>, >>> coop <https://chromestatus.com/features#tags:coop>, crossoriginisolation >>> <https://chromestatus.com/features#tags:crossoriginisolation>, >>> crossOriginisolated >>> <https://chromestatus.com/features#tags:crossOriginisolated> >>> >>> TAG reviewhttps://github.com/w3ctag/design-reviews/issues/582 >>> >>> TAG review statusPending >>> >>> Link to origin trial feedback summary >>> https://docs.google.com/document/d/1Rcho9z8obW0A7aeM3Zz1QR3fN7KcmTHgjdF_mKEXiRQ >>> >>> Risks >>> >>> >>> Interoperability and Compatibility >>> >>> Compatibility risk: This is an opt-in new feature, so there are no >>> compatibility risks. Interoperability risk: New feature. Risk is failing to >>> become an interoperable part of the web platform. >>> >>> >>> Gecko: Worth prototyping ( >>> https://github.com/mozilla/standards-positions/issues/539#issuecomment-867473836 >>> ) >>> Worth prototyping, but concerns are about the timing in between >>> shipping: COEP:credentialless, Private Network Access (PNA), ORB. See >>> https://github.com/mozilla/standards-positions/issues/539#issuecomment-914418485 >>> >> >> Anne's argument is that shipping this before shipping PNA >> protections would put private resources at extra risk, because the >> documents including them would be considered COI, and therefore would have >> access to high precision timers. >> >> Our argument is that the reverse OT for SAB access without COI already >> enables that in Chrome. >> >> That makes sense, but maybe there's a way for us to combine this and the >> recent PNA intent >> <https://groups.google.com/a/chromium.org/g/blink-dev/c/PrB0xnNxaHs/m/jeoxvNjXCAAJ> >> and >> be more bold there only in the case of a COEP: credentialless embedder? >> For example, avoid waiting 2 milestones/letting folks opt-out for 4 more >> milestones if the embedder opted-in to credentialless? >> >> I'm not sure if it makes sense to block on this (or at all), but it could >> be a middle ground that'd timebox those concerns. >> >> >>> >>> WebKit: No signal ( >>> https://lists.webkit.org/pipermail/webkit-dev/2021-June/031898.html) >>> No official replies yet. Safari is currently implementing COOP/COEP, but >>> have no plan yet about COEP:credentialless variant: >>> https://twitter.com/mikewest/status/1434878018191826948< >>> >>> Web developers: Positive ( >>> https://github.com/WICG/proposals/issues/31#issuecomment-858822619) >>> Google Earth, Twitter, Zoom, etc... are positive. >>> >>> Ergonomics >>> >>> Similarly to the existing COEP:require-corp, it will also be often used >>> in tandem with Cross-Origin-Opener-Policy: same-origin (COOP) >>> >>> >>> Activation >>> >>> This is an HTTP header. Developers need to be able to configure their >>> server. This is hard for them when hosting their page on servers they don't >>> really own, like https://github.io pages. >>> >> >> Aside, but maybe our friends at Microsoft know people on the GH side that >> can help fix that? This is a recurrent issue, and it'd be good to solve it >> at some point. >> /cc +Alex Russell <[email protected]> +Eric Lawrence >> <[email protected]> >> >> >>> >>> >>> Debuggability >>> >>> The same devtool features as for COEP:require-corp: 1. Display COEP >>> policy: Devtool > Application > Frames > top > Security & Isolation > >>> Cross-Origin Embedder Policy. 2. Devtool issues: >>> https://source.chromium.org/search?q=file:devtools-frontend%2Fsrc%2Ffront_end%2Fmodels%2Fissues_manager%2Fdescriptions%2FCoep*&ss=chromium >>> <https://source.chromium.org/search?q=file%3Adevtools-frontend%2Fsrc%2Ffront_end%2Fmodels%2Fissues_manager%2Fdescriptions%2FCoep%2A&ss=chromium> >>> >>> >>> Is this feature fully tested by web-platform-tests >>> <https://chromium.googlesource.com/chromium/src/+/master/docs/testing/web_platform_tests.md> >>> ?Yes >>> >>> Flag namechrome://flags/#cross-origin-embedder-policy-credentialless >>> >>> Requires code in //chrome?False >>> >>> Tracking bughttps://crbug.com/1175099 >>> >>> Launch bughttps://bugs.chromium.org/p/chromium/issues/detail?id=1218896 >>> >>> Measurement >>> https://chromestatus.com/metrics/feature/timeline/popularity/3881 >>> >>> Sample links >>> http://coep-credentialless.glitch.me/ >>> >>> Estimated milestones >>> OriginTrial desktop last 95 >>> OriginTrial desktop first 93 >>> DevTrial on desktop 93 >>> OriginTrial android last 95 >>> OriginTrial android first 93 >>> DevTrial on android 93 >>> DevTrial on Webview 93 >>> >>> Link to entry on the Chrome Platform Status >>> https://chromestatus.com/feature/4918234241302528 >>> >>> Links to previous Intent discussionsIntent to prototype: >>> https://groups.google.com/a/chromium.org/g/blink-dev/c/DOtU6R4TuAY/m/kPbID-LAAQAJ >>> Intent to Experiment: >>> https://groups.google.com/a/chromium.org/g/blink-dev/c/Sdc0G1bvKr0/m/YHR8RuWyAAAJ >>> >>> >>> This intent message was generated by Chrome Platform Status >>> <https://www.chromestatus.com/>. >>> Arthur @arthursonzogni >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "blink-dev" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAAzos5GX5UpU_8V5faX0KzvWG9y5FT8BvCDJ5LUQ929LWM3%3DPA%40mail.gmail.com >>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAAzos5GX5UpU_8V5faX0KzvWG9y5FT8BvCDJ5LUQ929LWM3%3DPA%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> >> -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfX4pMEBmd4x08x7xum6oApQcVTMANuc24xB9ZNFvSJ_OQ%40mail.gmail.com.
