Re: Reminder: RfC: Last Call Working Draft of Web Workers; deadline April 21 from Andrew Wilson on 2011-04-21 (public-webapps@w3.org from April to June 2011)

From: Andrew Wilson <atwilson@google.com>
Date: Wed, 20 Apr 2011 17:58:26 -0700
To: Jonas Sicking <jonas@sicking.cc>
Cc: "Tab Atkins Jr." <jackalmage@gmail.com>, Travis Leithead <Travis.Leithead@microsoft.com>, Arthur Barstow <art.barstow@nokia.com>, "public-webapps-request@w3.org" <public-webapps-request@w3.org>, Adrian Bateman <adrianba@microsoft.com>, public-webapps <public-webapps@w3.org>
Message-ID: <BANLkTinqKZL_-h6dD3aZAe0d20RigRoP5A@mail.gmail.com>

On Wed, Apr 20, 2011 at 4:05 PM, Jonas Sicking <jonas@sicking.cc> wrote:
>
>
> That's why we're working on trying to fix fingerprinting.
>
> The point is that privacy is something that we're all working on
> trying to improve (right?), and the WebWorkers spec needs to be
> changed to aid with that. As far as I can see all that's needed is to
> say that a UA is allowed to not share a worker, and ideally point out
> that such sharing could be disabled when the frame-parent chain
> contains cross origin iframes.
>

Thanks for the clarification, Jonas. So I'm concerned that a blanket
prohibition would break legitimate use cases (iframe-based widgets on a page
communicating with one another). Let's say we have the following:

Top Level Window - http://a.com
    Iframe_one - http://b.com
    iframe_two - http://b.com

Top Level Window - http://c.com
    iframe_three - http://b.com

If iframe_one, two, and three all create the same shared worker, would any
sharing be allowed in the situation you propose? I would at least want
iframe_one and iframe_two to end up referencing a common instance, even if
privacy policy caused iframe_three to get a separate instance because the
top-level window was pointed at c.com instead of a.com.

This seems reasonable to me - I suspect that's what you (and Travis) were
suggesting, but I wasn't positive.

Received on Thursday, 21 April 2011 00:58:53 UTC