Hi Chris, Sounds like good progress, thanks. Could you also tell us the reasons you need to continue experimenting?
On Wed, Sep 11, 2024 at 6:43 AM Chris Fredrickson <cfred...@chromium.org> wrote: > Hello again - we'd like to request another OT extension, through M130 > inclusive. As a demonstration of progress, we have: > > - Opened a spec PR > <https://github.com/privacycg/storage-access/pull/206> > - Requested formal position signals from Firefox > <https://github.com/mozilla/standards-positions/issues/1065> and WebKit > <https://github.com/WebKit/standards-positions/issues/390> > - Written WPTs <https://github.com/web-platform-tests/wpt/pull/47728> > - Requested TAG review > <https://github.com/w3ctag/design-reviews/issues/992> > > > On Wednesday, July 24, 2024 at 2:39:32 PM UTC-4 Mike Taylor wrote: > >> On 7/24/24 8:06 PM, Chris Fredrickson wrote: >> >> My apologies, I misunderstood the process here. I hereby formally request >> an extension for this OT, through M129 :) >> >> Thanks, I formally LGTM the request to M129 inclusive. :) >> >> Re: the OT dashboard, I've already requested an OT extension through the >> chromestatus entry; I believe the OT dashboard will be updated to reflect >> that once the OT team approves that request. >> >> Great - I think the OT team typically chases down LGTMs - so you should >> be set now. >> >> >> Chris >> >> On Wednesday, July 24, 2024 at 1:52:53 PM UTC-4 Mike Taylor wrote: >> >>> Hey Chris, >>> >>> Per the process, you'll need to formally request an extension, rather >>> than treat this as an FYI. >>> >>> (Also, I just double checked and >>> https://developer.chrome.com/origintrials/#/register_trial/4008766618313162753 >>> is only available until M127. Note there's a 2 month "grace period" where >>> it will continue to work for users on 126 or 127 that haven't upgraded to >>> M128 or higher - but it should not work in 128 or 129.) >>> >>> thanks, >>> Mike >>> On 7/24/24 4:03 PM, Chris Fredrickson wrote: >>> >>> FYI, we're going to extend this OT another 2 milestones, to 129 >>> inclusive. (Existing OT tokens will still work, they won't expire IIUC.) >>> >>> On Tuesday, May 7, 2024 at 11:02:03 AM UTC-4 Mike Taylor wrote: >>> >>>> LGTM to experiment from 126 to 127 inclusive. >>>> On 5/7/24 10:52 AM, Chris Fredrickson wrote: >>>> >>>> Contact emails >>>> >>>> joha...@chromium.org, cfre...@chromium.org, yi...@chromium.org >>>> >>>> Explainer >>>> >>>> https://github.com/explainers-by-googlers/storage-access-for-fedcm >>>> >>>> Specification >>>> >>>> None (TBD) >>>> >>>> Summary >>>> >>>> Reconciles the FedCM and Storage Access APIs by making a prior FedCM >>>> grant a valid reason to automatically approve a storage access request. >>>> >>>> When a user grants permission for using their identity with a 3rd party >>>> Identity Provider (IdP) on a Relying Party (RP), many IdPs require >>>> third-party cookies to function correctly and securely. This proposal aims >>>> to satisfy that requirement in a private and secure manner by updating the >>>> Storage Access API (SAA) permission checks to not only accept the >>>> permission grant that is given by a storage access prompt, but also the >>>> permission grant that is given by a FedCM prompt. >>>> >>>> A key property of this mechanism is limiting the grant to cases >>>> explicitly allowed by the RP via the FedCM permissions policy, enforcing a >>>> per-frame control for the RP and preventing passive surveillance by the IdP >>>> beyond the capabilities that FedCM already grants, as outlined in the >>>> Privacy >>>> Considerations >>>> <https://github.com/explainers-by-googlers/storage-access-for-fedcm?tab=readme-ov-file#privacy-considerations> >>>> . >>>> >>>> >>>> Blink component >>>> >>>> Blink>StorageAccessAPI >>>> >>>> TAG review >>>> >>>> None >>>> >>>> TAG review status >>>> >>>> N/A >>>> >>>> Risks >>>> >>>> >>>> Interoperability and Compatibility >>>> >>>> None >>>> >>>> >>>> >>>> Gecko: No public signals, positive initial signals >>>> <https://docs.google.com/document/d/1jxqW4kvGdclIWsOlWMXWLGpwu1wOorST2Ol6vJKAjDE/edit#heading=h.y0ecc5cfr86n>. >>>> We will request a formal position. >>>> >>>> WebKit: No signal. We will request a formal position. >>>> >>>> Web developers: Positive <https://github.com/fedidcg/FedCM/issues/467> >>>> >>>> Other signals: >>>> >>>> WebView application risks >>>> >>>> Does this intent deprecate or change behavior of existing APIs, such >>>> that it has potentially high risk for Android WebView-based applications? >>>> >>>> N/A, not shipping on Android WebView. >>>> >>>> Goals for experimentation >>>> >>>> Evaluate the implementation, and the usability of the feature to ensure >>>> it adequately solves the problem. >>>> >>>> Ongoing technical constraints >>>> >>>> None >>>> >>>> Debuggability >>>> >>>> None >>>> >>>> Will this feature be supported on all six Blink platforms (Windows, >>>> Mac, Linux, ChromeOS, Android, and Android WebView)? >>>> >>>> No. It will not be supported in Android WebView. >>>> >>>> Is this feature fully tested by web-platform-tests? >>>> >>>> No. The implementation is primarily in permissions code in //chrome, >>>> which cannot be tested in WPTs since WPTs use a fake permission manager >>>> <https://crsrc.org/c/content/web_test/browser/web_test_permission_manager.h;drc=33b441e83b1f70381158fcafb0ecde9168b79524;l=28> >>>> in Chromium. >>>> >>>> Flag name on chrome://flags >>>> >>>> #fedcm-with-storage-access-api >>>> >>>> Finch feature name >>>> >>>> FedCmWithStorageAccessAPI >>>> >>>> Non-finch justification >>>> >>>> None >>>> >>>> Requires code in //chrome? >>>> >>>> True >>>> >>>> Estimated milestones >>>> >>>> M126 through M127 (inclusive). >>>> >>>> >>>> Link to entry on the Chrome Platform Status >>>> >>>> https://chromestatus.com/feature/5116478702747648 >>>> >>>> Links to previous Intent discussions >>>> >>>> Intent to prototype: >>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAD_OO4iogs7O60r0YcVnDB5aCvs9WUYjWFcuHqcFi5bXLRBOig%40mail.gmail.com >>>> >>>> This intent message was generated by Chrome Platform Status. >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "blink-dev" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to blink-dev+...@chromium.org. >>>> To view this discussion on the web visit >>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/9a75fe74-ca55-4ddc-93d7-120adfdee49en%40chromium.org >>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/9a75fe74-ca55-4ddc-93d7-120adfdee49en%40chromium.org?utm_medium=email&utm_source=footer> >>>> . >>>> >>>> -- > You received this message because you are subscribed to the Google Groups > "blink-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to blink-dev+unsubscr...@chromium.org. > To view this discussion on the web visit > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/b4effd10-8b45-478a-8d73-ba0a766688efn%40chromium.org > <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/b4effd10-8b45-478a-8d73-ba0a766688efn%40chromium.org?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOMQ%2Bw_VKPeXJ5aX%3Dwnaeoxha5uoNaRr78A7e9uoeCvF%2BvaFLQ%40mail.gmail.com.
