Hi!
Could you please request the various approval bits for the review gates
in your chromestatus entry?
On 1/26/24 11:07 AM, 'Yifan Luo' via blink-dev wrote:
Contact emails
l...@chromium.org, cl...@chromium.org
Explainer
https://github.com/WICG/private-network-access/blob/main/permission_prompt/explainer.md
Specification
https://wicg.github.io/private-network-access
Design docs
https://docs.google.com/document/d/1Q18g4fZoDIYQ9IuxlZTaItgkzfiz_tCqaEAI8J3Y1WY/edit
https://github.com/WICG/private-network-access/blob/main/permission_prompt/security_privacy_self_review.md
Summary
In order to establish connections to devices on a local network that
do not have globally unique names, and therefore cannot obtain TLS
certificates, this feature introduces a new option to `fetch()` to
declare a developers' intent to talk to such a device, a new
policy-controlled feature to gate each sites' access to this
capability, and new headers for the server's preflight response to
provide additional metadata.
Blink component
Blink>SecurityFeature>CORS>PrivateNetworkAccess
<https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3ESecurityFeature%3ECORS%3EPrivateNetworkAccess>
TAG review
https://github.com/w3ctag/design-reviews/issues/751
TAG review status
Issues addressed
Chromium Trial Name
PrivateNetworkAccessPermissionPrompt
Origin Trial documentation link
https://github.com/WICG/private-network-access/blob/main/permission_prompt/explainer.md
WebFeature UseCounter name
kPrivateNetworkAccessPermissionPrompt
Risks
Interoperability and Compatibility
/Gecko/: No signal
/WebKit/: No signal
/Web developers/: Positive
(https://github.com/WICG/private-network-access/issues/23)
/Other signals/:
Ergonomics
This new feature requires users to click on the new permission. This
may lead users to spamming on some websites. However, this is an
intentional move to encourage the websites to provide security
context. The origin trial also aimed to measure the frequency of users
getting the permissions.
Activation
No. This feature attempt to bring developers an easier way to restrict
Private Network Access with secure context.
Security
This is a security positive feature.
WebView application risks
Does this intent deprecate or change behavior of existing APIs, such
that it has potentially high risk for Android WebView-based applications?
None
Debuggability
Relevant information (client and resource IP address space) is already
piped into the DevTools network panel. We’ll likely also represent the
permission state in the settings pages.
Will this feature be supported on all six Blink platforms
(Windows, Mac, Linux, ChromeOS, Android, and Android WebView)?
No
Mac, Windows, Linux, Chrome OS, Fuchsia, Android, WebLayer. Not
Android WebView because of the absence of deprecation trial
integration (though that may be changing soon, see
https://crbug.com/1308425). Not iOS because this requires changes in
Blink and the network service, neither of which are used on iOS.
Is this feature fully tested by web-platform-tests
<https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md>?
No
https://wpt.fyi/results/fetch/private-network-access/mixed-content-fetch.tentative.https.window.html?label=master&label=experimental&aligned&q=private-network-access
<https://wpt.fyi/results/fetch/private-network-access/mixed-content-fetch.tentative.https.window.html?label=master&label=experimental&aligned&q=private-network-access>
Flag name on chrome://flags
Finch feature name
None
Non-finch justification
None
Requires code in //chrome?
True
Tracking bug
https://crbug.com/1338439
Sample links
https://drive.google.com/file/d/1pnyQfIsXdtJnZoCBVSt4xim0yXjZ0Aqc/view?usp=sharing
Estimated milestones
Shipping on desktop 123
OriginTrial desktop last 122
OriginTrial desktop first 120
DevTrial on desktop 120
Anticipated spec changes
Open questions about a feature may be a source of future web compat or
interop issues. Please list open issues (e.g. links to known github
issues in the project for the feature specification) whose resolution
may introduce web compat/interop risk (e.g., changing to naming or
structure of the API in a non-backward-compatible way).
None
Link to entry on the Chrome Platform Status
https://chromestatus.com/feature/5954091755241472
Links to previous Intent discussions
Intent to prototype:
https://groups.google.com/a/chromium.org/g/blink-dev/c/6MczoSFGiHo/m/IigYuhu7AwAJ Intent
to Experiment:
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAG-zKU_ZS1ibT9H7e5UmoUF2OfCUq5ocsDHaCoJ2rShmPmAejQ%40mail.gmail.com
This intent message was generated by Chrome Platform Status
<https://chromestatus.com/>.
--
Yifan
--
You received this message because you are subscribed to the Google
Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to blink-dev+unsubscr...@chromium.org.
To view this discussion on the web visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAG-zKU9p9dAurzeZfAEmFhBRmwz42_tJpnCVf_nmHox5zwzY0A%40mail.gmail.com
<https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAG-zKU9p9dAurzeZfAEmFhBRmwz42_tJpnCVf_nmHox5zwzY0A%40mail.gmail.com?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the Google Groups
"blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to blink-dev+unsubscr...@chromium.org.
To view this discussion on the web visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/a2722e98-baed-43ca-ad9e-b7aeab4bcd66%40chromium.org.
