Re: [w3ctag/design-reviews] Capability Delegation (#655)

Hi @hadleybeeman. It's true that advertisers could now ask top-level sites to delegate them a capability instead of just requiring their ad script to run (which gives them arbitrary permissions). However, the ability of top-level sites to delegate the capability is ephemeral both in when it can be done and how long it can be used.

1. It can only be done when the top-level site has user activation (e.g. click). This means the ad-frame could not expect to have the capability at any arbitrary time which would make it difficult to enforce (i.e. the ad-frame wouldn't know whether it doesn't have the capability because the host site didn't grant it, or because the host site didn't get an activation for it yet).
2. The capability itself is very short-lived. When granted the ad-frame can only use it for a very short window of time.

Additionally, the specific capability is explicitly granted so it is easier to audit than ad-script.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/655#issuecomment-902015513

Received on Thursday, 19 August 2021 15:35:02 UTC