OT findings: https://docs.google.com/spreadsheets/d/15b2kCikEqw6P0xZFXQKMiKk_WnqnIZpT5p8nmLgc93Y/edit?usp=sharing There are 7 OT users and most of them (6/7) mentioned they will keep using this new feature.
We aimed to use this feature to make it possible for developers to drop the non-secure context deprecation trial, <https://developer.chrome.com/origintrials/#/view_trial/4081387162304512001> which currently got 1000+ registrations: https://docs.google.com/spreadsheets/d/1yTjZs3yvTFwn0SupdBmzZiOQ_A3Auvg_Qrp3DwOKBNw/edit?pli=1#gid=369270489 RFPs: This feature is a sub-feature of Private Network Access <https://github.com/WICG/private-network-access>: filled in the previous RFP of PNA. Flag: Sorry for the missing, there's a finch flag " PrivateNetworkAccessPermissionPrompt" On Tuesday, February 13, 2024 at 5:02:38 PM UTC+1 Yifan Luo wrote: > Contact emailsl...@chromium.org, cl...@chromium.org, tit...@chromium.org > > Explainer > https://github.com/WICG/private-network-access/blob/main/permission_prompt/explainer.md > > Specificationhttps://wicg.github.io/private-network-access > > Design docs > > https://docs.google.com/document/d/1Q18g4fZoDIYQ9IuxlZTaItgkzfiz_tCqaEAI8J3Y1WY/edit > > https://github.com/WICG/private-network-access/blob/main/permission_prompt/security_privacy_self_review.md > > Summary > > In order to establish connections to devices on a local network that do > not have globally unique names, and therefore cannot obtain TLS > certificates, this feature introduces a new option to `fetch()` to declare > a developers' intent to talk to such a device, a new policy-controlled > feature to gate each sites' access to this capability, and new headers for > the server's preflight response to provide additional metadata. > > > Blink componentBlink>SecurityFeature>CORS>PrivateNetworkAccess > <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3ESecurityFeature%3ECORS%3EPrivateNetworkAccess> > > TAG reviewhttps://github.com/w3ctag/design-reviews/issues/751 > > TAG review statusIssues addressed > > Chromium Trial NamePrivateNetworkAccessPermissionPrompt > > Origin Trial documentation link > https://github.com/WICG/private-network-access/blob/main/permission_prompt/explainer.md > > WebFeature UseCounter namekPrivateNetworkAccessPermissionPrompt > > Risks > > > Interoperability and Compatibility > > > > *Gecko*: Positive ( > https://github.com/mozilla/standards-positions/issues/143) Worth > prototyping. > > *WebKit*: Positive ( > https://github.com/WebKit/standards-positions/issues/163) > > > *Web developers*: Positive ( > https://github.com/WICG/private-network-access/issues/23) > > *Other signals*: > > Ergonomics > > This new feature requires users to click on the new permission. This may > lead users to spamming on some websites. However, this is an intentional > move to encourage the websites to provide security context. The origin > trial also aimed to measure the frequency of users getting the permissions. > > > Activation > > No. This feature attempt to bring developers an easier way to restrict > Private Network Access with secure context. > > > Security > > This is a security positive feature. > > > WebView application risks > > Does this intent deprecate or change behavior of existing APIs, such that > it has potentially high risk for Android WebView-based applications? > > None > > > Debuggability > > Relevant information (client and resource IP address space) is already > piped into the DevTools network panel. We’ll likely also represent the > permission state in the settings pages. > > > Will this feature be supported on all six Blink platforms (Windows, Mac, > Linux, ChromeOS, Android, and Android WebView)?No > > Mac, Windows, Linux, Chrome OS, Fuchsia, Android, WebLayer. Not Android > WebView because of the absence of deprecation trial integration (though > that may be changing soon, see https://crbug.com/1308425). Not iOS > because this requires changes in Blink and the network service, neither of > which are used on iOS. > > > Is this feature fully tested by web-platform-tests > <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> > ?No > > > https://wpt.fyi/results/fetch/private-network-access/mixed-content-fetch.tentative.https.window.html?label=master&label=experimental&aligned&q=private-network-access > > > Flag name on chrome://flags#private-network-access-permission-prompt > > Finch feature namePrivateNetworkAccessPermissionPrompt > > Requires code in //chrome?True > > Tracking bughttps://crbug.com/1338439 > > Sample links > > https://drive.google.com/file/d/1pnyQfIsXdtJnZoCBVSt4xim0yXjZ0Aqc/view?usp=sharing > > Estimated milestones > Shipping on desktop > 123 > OriginTrial desktop last > 122 > OriginTrial desktop first > 120 > DevTrial on desktop > 120 > > Anticipated spec changes > > Open questions about a feature may be a source of future web compat or > interop issues. Please list open issues (e.g. links to known github issues > in the project for the feature specification) whose resolution may > introduce web compat/interop risk (e.g., changing to naming or structure of > the API in a non-backward-compatible way). > None > > Link to entry on the Chrome Platform Status > https://chromestatus.com/feature/5954091755241472 > > Links to previous Intent discussionsIntent to prototype: > https://groups.google.com/a/chromium.org/g/blink-dev/c/6MczoSFGiHo/m/IigYuhu7AwAJ > Intent > to Experiment: > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAG-zKU_ZS1ibT9H7e5UmoUF2OfCUq5ocsDHaCoJ2rShmPmAejQ%40mail.gmail.com > > > This intent message was generated by Chrome Platform Status > <https://chromestatus.com/>. > > On Friday, January 26, 2024 at 6:34:49 PM UTC+1 Vladimir Levin wrote: > >> On Fri, Jan 26, 2024 at 5:07 AM 'Yifan Luo' via blink-dev < >> blin...@chromium.org> wrote: >> >>> Contact emailsl...@chromium.org, cl...@chromium.org >>> >>> Explainer >>> https://github.com/WICG/private-network-access/blob/main/permission_prompt/explainer.md >>> >>> Specificationhttps://wicg.github.io/private-network-access >>> >>> Design docs >>> >>> https://docs.google.com/document/d/1Q18g4fZoDIYQ9IuxlZTaItgkzfiz_tCqaEAI8J3Y1WY/edit >>> >>> https://github.com/WICG/private-network-access/blob/main/permission_prompt/security_privacy_self_review.md >>> >>> Summary >>> >>> In order to establish connections to devices on a local network that do >>> not have globally unique names, and therefore cannot obtain TLS >>> certificates, this feature introduces a new option to `fetch()` to declare >>> a developers' intent to talk to such a device, a new policy-controlled >>> feature to gate each sites' access to this capability, and new headers for >>> the server's preflight response to provide additional metadata. >>> >>> >>> Blink componentBlink>SecurityFeature>CORS>PrivateNetworkAccess >>> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3ESecurityFeature%3ECORS%3EPrivateNetworkAccess> >>> >>> TAG reviewhttps://github.com/w3ctag/design-reviews/issues/751 >>> >>> TAG review statusIssues addressed >>> >>> Chromium Trial NamePrivateNetworkAccessPermissionPrompt >>> >>> Origin Trial documentation link >>> https://github.com/WICG/private-network-access/blob/main/permission_prompt/explainer.md >>> >>> WebFeature UseCounter namekPrivateNetworkAccessPermissionPrompt >>> >>> Risks >>> >>> >>> Interoperability and Compatibility >>> >>> >>> >>> *Gecko*: No signal >>> >>> *WebKit*: No signal >>> >> >> Could you file RFPs for this? >> >> >>> >>> *Web developers*: Positive ( >>> https://github.com/WICG/private-network-access/issues/23) >>> >>> *Other signals*: >>> >>> Ergonomics >>> >>> This new feature requires users to click on the new permission. This may >>> lead users to spamming on some websites. However, this is an intentional >>> move to encourage the websites to provide security context. The origin >>> trial also aimed to measure the frequency of users getting the permissions. >>> >> >> Apologies if I missed this, but is there a document somewhere summarizing >> the OT findings? >> >> >>> >>> >>> Activation >>> >>> No. This feature attempt to bring developers an easier way to restrict >>> Private Network Access with secure context. >>> >>> >>> Security >>> >>> This is a security positive feature. >>> >>> >>> WebView application risks >>> >>> Does this intent deprecate or change behavior of existing APIs, such >>> that it has potentially high risk for Android WebView-based applications? >>> >>> None >>> >>> >>> Debuggability >>> >>> Relevant information (client and resource IP address space) is already >>> piped into the DevTools network panel. We’ll likely also represent the >>> permission state in the settings pages. >>> >>> >>> Will this feature be supported on all six Blink platforms (Windows, Mac, >>> Linux, ChromeOS, Android, and Android WebView)?No >>> >>> Mac, Windows, Linux, Chrome OS, Fuchsia, Android, WebLayer. Not Android >>> WebView because of the absence of deprecation trial integration (though >>> that may be changing soon, see https://crbug.com/1308425). Not iOS >>> because this requires changes in Blink and the network service, neither of >>> which are used on iOS. >>> >>> >>> Is this feature fully tested by web-platform-tests >>> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> >>> ?No >>> >>> >>> https://wpt.fyi/results/fetch/private-network-access/mixed-content-fetch.tentative.https.window.html?label=master&label=experimental&aligned&q=private-network-access >>> >>> >> >>> >>> Flag name on chrome://flags >>> >>> Finch feature nameNone >>> >>> Non-finch justificationNone >>> >> >> Does this mean the feature is not flag guarded, or is this just an >> omission in chromestatus? >> >>> >>> >> >>> >>> Requires code in //chrome?True >>> >>> Tracking bughttps://crbug.com/1338439 >>> >>> Sample links >>> >>> https://drive.google.com/file/d/1pnyQfIsXdtJnZoCBVSt4xim0yXjZ0Aqc/view?usp=sharing >>> >>> Estimated milestones >>> Shipping on desktop 123 >>> OriginTrial desktop last 122 >>> OriginTrial desktop first 120 >>> DevTrial on desktop 120 >>> >>> Anticipated spec changes >>> >>> Open questions about a feature may be a source of future web compat or >>> interop issues. Please list open issues (e.g. links to known github issues >>> in the project for the feature specification) whose resolution may >>> introduce web compat/interop risk (e.g., changing to naming or structure of >>> the API in a non-backward-compatible way). >>> None >>> >>> Link to entry on the Chrome Platform Status >>> https://chromestatus.com/feature/5954091755241472 >>> >>> Links to previous Intent discussionsIntent to prototype: >>> https://groups.google.com/a/chromium.org/g/blink-dev/c/6MczoSFGiHo/m/IigYuhu7AwAJ >>> Intent >>> to Experiment: >>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAG-zKU_ZS1ibT9H7e5UmoUF2OfCUq5ocsDHaCoJ2rShmPmAejQ%40mail.gmail.com >>> >>> >>> This intent message was generated by Chrome Platform Status >>> <https://chromestatus.com/>. >>> >>> -- >>> Yifan >>> >>> -- >>> >> You received this message because you are subscribed to the Google Groups >>> "blink-dev" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to blink-dev+...@chromium.org. >>> To view this discussion on the web visit >>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAG-zKU9p9dAurzeZfAEmFhBRmwz42_tJpnCVf_nmHox5zwzY0A%40mail.gmail.com >>> >>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAG-zKU9p9dAurzeZfAEmFhBRmwz42_tJpnCVf_nmHox5zwzY0A%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> >> -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/de68b1f3-6ee6-4d3d-985e-d0ed8ac1dd87n%40chromium.org.