Actually, we could disable cross-origin usage and measure attempted usage at the same time (in M96 with merge, in time for v2.0 OT start). Sounds like this would be preferred by Blink Owners? I'll check with others on the team.
On Fri, 15 Oct 2021 at 10:02, Glen Robertson <glen...@chromium.org> wrote: > Probably not before the OT starts, but yes before the OT finishes. I am > adding a metric to see if there's any attempted usage of the API in this > way currently, so we will need to get that out, then wait a milestone to > see the result. That approach was OK'd by privacy review. > Also note that this isn't a change from the v1 API. > > On Thu, 14 Oct 2021 at 19:40, Yoav Weiss <yoavwe...@chromium.org> wrote: > >> Is it possible to disallow delegation for the OT as well? >> >> On Tue, Oct 12, 2021 at 6:46 AM Glen Robertson <glen...@chromium.org> >> wrote: >> >>> Yes, we are planning to disallow delegation before shipping. This was >>> discussed in the privacy review on the launch bug >>> <https://bugs.chromium.org/p/chromium/issues/detail?id=1250123>. >>> >>> On Tue, 12 Oct 2021 at 14:13, 'Matt Menke' via blink-dev < >>> blink-dev@chromium.org> wrote: >>> >>>> All intent emails - including experiment, are reviewed for potential >>>> privacy and security issues. If this is keyed on frame origin, delegating >>>> to cross-origin iframes is a cross-site tracking vector. If cross-origin >>>> iframes have access to it, but keyed on top frame origin rather than iframe >>>> origin, it's not a privacy issue (though haven't thought about security >>>> considerations). Disallowing delegation, or otherwise addressing the >>>> cross-site tracking issue would be needed to launch, so it's good to be >>>> aware of it now, rather than only learning that this is an issue when >>>> trying to ship. >>>> >>>> On Mon, Oct 11, 2021 at 11:03 PM Glen Robertson <glen...@chromium.org> >>>> wrote: >>>> >>>>> In Chrome, the feature is controlled by the "payment" feature policy, >>>>> and is therefore unavailable except in top-level context or when >>>>> explicitly >>>>> delegated to subframes (we are planning to disallow delegation >>>>> <https://bugs.chromium.org/p/chromium/issues/detail?id=1257010> too). >>>>> Digital products managed by the API are specific to an origin. >>>>> IIUC we don't usually specify how user agents should do security >>>>> controls but I've added these as suggestions in the explainer >>>>> <https://github.com/WICG/digital-goods/blob/main/explainer.md#security-and-privacy-considerations> >>>>> . >>>>> >>>>> On Sat, 9 Oct 2021 at 02:40, Matt Menke <mme...@google.com> wrote: >>>>> >>>>>> Skimming over the explainer, I can't determine whether this leaks >>>>>> data cross-site or not. Are these digital products that the API manages >>>>>> exposed across sites, restricted to same-origin frame, restricted to >>>>>> same-origin 1P contexts, or what? >>>>>> >>>>>> On Friday, October 8, 2021 at 3:37:18 AM UTC-4 Glen Robertson wrote: >>>>>> >>>>>>> >>>>>>> Contact emails >>>>>>> >>>>>>> >>>>>>> *mgi...@chromium.org, gle...@chromium.org, rou...@chromium.org* >>>>>>> Explainer >>>>>>> >>>>>>> >>>>>>> *https://github.com/WICG/digital-goods/blob/master/explainer.md >>>>>>> <https://github.com/WICG/digital-goods/blob/master/explainer.md>* >>>>>>> Specification >>>>>>> >>>>>>> >>>>>>> *None yet. Have a spec mentor and aiming to do this by M96 >>>>>>> stable.*Design >>>>>>> docs >>>>>>> >>>>>>> >>>>>>> *https://github.com/WICG/digital-goods/blob/master/explainer.md >>>>>>> <https://github.com/WICG/digital-goods/blob/master/explainer.md>https://docs.google.com/document/d/1Jbt2Mzt-xg1cWVlFScBQsoX_pE8Kg1gYpulxUSV8FM0/edit >>>>>>> <https://docs.google.com/document/d/1Jbt2Mzt-xg1cWVlFScBQsoX_pE8Kg1gYpulxUSV8FM0/edit>go/dgapi2 >>>>>>> <https://goto.google.com/dgapi2> (internal)*Summary >>>>>>> >>>>>>> >>>>>>> >>>>>>> *An API for querying and managing digital products to facilitate >>>>>>> in-app purchases from web applications, in conjunction with the Payment >>>>>>> Request API (which is used to make the actual purchases). The API would >>>>>>> be >>>>>>> linked to a digital distribution service connected to via the user >>>>>>> agent. >>>>>>> In Chrome, this is specifically a web API wrapper around the Android >>>>>>> Play >>>>>>> Billing API.*Blink component >>>>>>> >>>>>>> >>>>>>> *Blink>Payments >>>>>>> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3EPayments>*Search >>>>>>> tags >>>>>>> >>>>>>> >>>>>>> *payments <https://chromestatus.com/features#tags:payments>, billing >>>>>>> <https://chromestatus.com/features#tags:billing>*TAG review >>>>>>> >>>>>>> >>>>>>> *https://github.com/w3ctag/design-reviews/issues/571 >>>>>>> <https://github.com/w3ctag/design-reviews/issues/571>TAG recommends >>>>>>> making >>>>>>> a Chrome-specific API. Other issues addressed.*TAG review status >>>>>>> >>>>>>> >>>>>>> *Issues addressed*Risks >>>>>>> >>>>>>> Interoperability and Compatibility >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> *Similar to Payment Request: this API is used to talk to specific >>>>>>> store backends, and so its usage is tailored to the specific store. The >>>>>>> reason it's a proposed web standard is so that the same code (which is >>>>>>> specific to one store) is portable across browsers.Gecko: No signal >>>>>>> (https://github.com/mozilla/standards-positions/issues/349 >>>>>>> <https://github.com/mozilla/standards-positions/issues/349>)WebKit: No >>>>>>> signal >>>>>>> (https://lists.webkit.org/pipermail/webkit-dev/2021-October/032001.html >>>>>>> <https://lists.webkit.org/pipermail/webkit-dev/2021-October/032001.html>) >>>>>>> Microsoft: >>>>>>> Initial discussions, no public signal yet (has been requested).Samsung: >>>>>>> Initial discussions, no public signal yet (has been requested).Web >>>>>>> developers: Positive >>>>>>> (https://discourse.wicg.io/t/proposal-web-payments-digital-product-management-api/4350 >>>>>>> <https://discourse.wicg.io/t/proposal-web-payments-digital-product-management-api/4350>)44/61 >>>>>>> responses of "extremely likely" to continue to use the feature from v1.0 >>>>>>> OT36/61 responses of slightly-to-extremely easy to use the feature (and >>>>>>> 12 >>>>>>> neutral) from v1.0 OT*Ergonomics >>>>>>> >>>>>>> >>>>>>> >>>>>>> *Used in tandem with the Payment Request API.*Goals for >>>>>>> experimentation >>>>>>> >>>>>>> >>>>>>> >>>>>>> *- General API design. Determine whether developers need to access >>>>>>> more data that would be exposed through the Play Billing API but is not >>>>>>> exposed through our web API.- Specifically, we have significantly >>>>>>> reduced >>>>>>> the API surface for v2.0, and would like to know if it is still >>>>>>> acceptable >>>>>>> for developers.- We would also like to know whether the API is suitable >>>>>>> for >>>>>>> abstracting over other non-Play stores. While running an experiment with >>>>>>> the current implementation won't tell us this, it will set up real-world >>>>>>> clients and we can then try their sites on other implementations.*Reason >>>>>>> this experiment is being extended >>>>>>> >>>>>>> >>>>>>> >>>>>>> *An origin trial ran from M88 to M95 and found some areas of >>>>>>> developer friction and new features needed (see bugs labeled >>>>>>> https://bugs.chromium.org/p/chromium/issues/list?q=label%3ADGAPI >>>>>>> <https://bugs.chromium.org/p/chromium/issues/list?q=label%3ADGAPI>). We >>>>>>> also found potential fraud issues in the v1.0 API.The v2.0 API fixes >>>>>>> several of the developer issues raised, and fixes the known fraud >>>>>>> issues. >>>>>>> However, this is a significant change to the API surface. We would like >>>>>>> to >>>>>>> know if the updated API is still acceptable for developers.*Ongoing >>>>>>> technical constraints >>>>>>> >>>>>>> >>>>>>> *None*Debuggability >>>>>>> >>>>>>> >>>>>>> *We have had several requests from developers to make the API easier >>>>>>> to debug, but it is difficult due to the interaction with a backing >>>>>>> service >>>>>>> based in an app/store context. We are looking for suggestions >>>>>>> <https://github.com/WICG/digital-goods/issues/33> on how we might >>>>>>> improve >>>>>>> the debuggability of the API.*Will this feature be supported on all >>>>>>> six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and >>>>>>> Android >>>>>>> WebView)? >>>>>>> >>>>>>> >>>>>>> >>>>>>> *NoNo, Android and Chrome OS only (the two platforms where we have >>>>>>> Play Store integration).*Is this feature fully tested by >>>>>>> web-platform-tests >>>>>>> <https://chromium.googlesource.com/chromium/src/+/master/docs/testing/web_platform_tests.md> >>>>>>> ? >>>>>>> >>>>>>> >>>>>>> *No. The JS<->mojo interface (Blink code) is tested >>>>>>> <https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/web_tests/wpt_internal/digital-goods/> >>>>>>> but the backing app/store context is unavailable in WPT.*Flag name >>>>>>> >>>>>>> >>>>>>> *DigitalGoods*Requires code in //chrome? >>>>>>> >>>>>>> >>>>>>> *False*Tracking bug >>>>>>> >>>>>>> >>>>>>> *https://crbug.com/1248319 <https://crbug.com/1248319>*Launch bug >>>>>>> >>>>>>> >>>>>>> *https://crbug.com/1250123 <https://crbug.com/1250123>*Estimated >>>>>>> milestones >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> *OriginTrial desktop last99OriginTrial desktop first96OriginTrial >>>>>>> android last99OriginTrial android first96*Link to entry on the >>>>>>> Chrome Platform Status >>>>>>> >>>>>>> >>>>>>> *https://chromestatus.com/feature/5339955595313152 >>>>>>> <https://chromestatus.com/feature/5339955595313152>*Links to >>>>>>> previous Intent discussions >>>>>>> >>>>>>> Intent to prototype: >>>>>>> https://groups.google.com/a/chromium.org/g/blink-dev/c/vkS3k30lWNs >>>>>>> >>>>>>> Intent to Experiment (DGAPI v1.0): >>>>>>> https://groups.google.com/a/chromium.org/g/blink-dev/c/syI9_M9dANY/m/3lt-QGMHAgAJ >>>>>>> >>>>>>> Intent to Continue Experimenting (DGAPI v1.0): >>>>>>> >>>>>>> https://groups.google.com/a/chromium.org/g/blink-dev/c/uoTx_cRuL5o >>>>>>> >>>>>>> >>>>>>> This intent message was generated by Chrome Platform Status >>>>>>> <https://www.chromestatus.com/>. >>>>>>> >>>>>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "blink-dev" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to blink-dev+unsubscr...@chromium.org. >>>> To view this discussion on the web visit >>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAEK7mvpq1krCWQfTc_hi1mRSW9rwznRScDWa4dyUQPGPYt2jtQ%40mail.gmail.com >>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAEK7mvpq1krCWQfTc_hi1mRSW9rwznRScDWa4dyUQPGPYt2jtQ%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>> . >>>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "blink-dev" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to blink-dev+unsubscr...@chromium.org. >>> To view this discussion on the web visit >>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAPV%2BSg_%3D%3DywYCB%2B6ZsaXAndHpX9c_c_mBtU47KBEmX6Qm1J6vA%40mail.gmail.com >>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAPV%2BSg_%3D%3DywYCB%2B6ZsaXAndHpX9c_c_mBtU47KBEmX6Qm1J6vA%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> >> -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAPV%2BSg-PTFujPC4QyVfq%2Bz%3DLkXUp_MBd1fHhS1akQcN68ZCvYw%40mail.gmail.com.
