Proposing updates to First-Party Sets based on community feedback and upcoming WICG call from Kaustubha Govind on 2022-08-10 (public-privacycg@w3.org from August 2022)

From: Kaustubha Govind <kaustubhag@google.com>
Date: Wed, 10 Aug 2022 17:20:44 -0400
To: public-privacycg@w3.org
Message-ID: <CAHTnisRmEkeHpH-f-Sntjr1KNxug=TMEbpgttCMsBNLomvaSWg@mail.gmail.com>

Hi Privacy Community Group members,

First-Party Sets is a proposal that was previously incubated in this forum,
and has since moved to the WICG [1] for further development.

We wanted to inform you all that we are proposing changes to the proposal
[2] in response to the feedback received from this group.

Here is a high-level summary of the proposed changes, but we encourage you
to read the proposal for additional details:

Leverage the Storage Access API [3] for sites to request cross-site
cookie access, instead of the SameParty attribute [4].
-

This is in response to feedback from browser implementers that
cross-site cookie access by default within a FPS poses privacy concerns,
and that a mechanism like the Storage Access API is preferred to mediate
such access.
-

Define a set through use-case-specific "subsets" [5]. Each subset
category will have its own requirements, and browser handling approach.
-

Since each type of "subset" has a different set of considerations
around user understanding and ability to run technical checks for
conformance to requirements; a more granular approach allows us to
implement controls relevant to each category.

If you are interested in further discussion, we are organizing a WICG call
on Wednesday, August 17 2022, at 9am PT/12pm ET/6pm CET. Please see [6] for
more information on joining this and future calls. As always, you are also
welcome to engage via issues on the repository.

Thank you,

Kaustubha Govind, on behalf of First-Party Sets editors

[1] https://www.w3.org/community/wicg/

[2] https://github.com/WICG/first-party-sets/issues/92

[3]
https://github.com/krgovind/first-party-sets#leveraging-the-storage-access-api

[4] https://github.com/cfredric/sameparty

[5]
https://github.com/krgovind/first-party-sets#defining-a-set-through-use-case-based-subsets

[6] https://github.com/WICG/first-party-sets/issues/89

Received on Wednesday, 10 August 2022 21:21:09 UTC