[w3ctag/design-reviews] Capability Delegation (#655) from Mustaq Ahmed on 2021-06-30 (public-webapps-github@w3.org from June 2021)

From: Mustaq Ahmed <notifications@github.com>
Date: Wed, 30 Jun 2021 13:29:57 -0700
To: w3ctag/design-reviews <design-reviews@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3ctag/design-reviews/issues/655@github.com>

Ya ya yawm TAG!

I'm requesting a TAG review of Capability Delegation.

"Capability delegation" means allowing a frame to relinquish its ability to call a restricted API and transfer the ability to another (sub)frame it trusts. The focus here is a dynamic delegation mechanism which exposes the capability to the target frame in a time-constrained manner (unlike `<iframe allow=...>` attribute which is not time-constrained).

  - Explainer: https://wicg.github.io/capability-delegation/

  - Specification URL: https://wicg.github.io/capability-delegation/spec.html

  - Tests: Not available yet.
  - Security and Privacy self-review: https://github.com/WICG/capability-delegation/blob/main/security_and_privacy_questionnaire.md

  - GitHub repo: [WICG/capability-delegation](https://github.com/WICG/capability-delegation)
  - Primary contacts (and their relationship to the specification):
      - Mustaq Ahmed (@mustaqahmed), Google
  - Organization(s)/project(s) driving the specification: Google Chrome
  - Key pieces of existing multi-stakeholder review or discussion of this specification:
      - Stripe publicly supported this proposal [in the WICG discourse thread](https://discourse.wicg.io/t/capability-delegation/4821/3).
      - A comment from HTML editor about fixing a [Screen Capture issue](https://github.com/w3c/mediacapture-screen-share/issues/167#issuecomment-821290060).
      - This proposal also addresses concerns raised in [this related TAG review](https://github.com/w3ctag/design-reviews/issues/347#issuecomment-529793544).
  - External status/issue trackers for this specification: https://www.chromestatus.com/feature/5708770829139968


Further details:

  - [X] I have reviewed the TAG's [Web Platform Design Principles](https://w3ctag.github.io/design-principles/)
  - Relevant time constraints or deadlines: 
  - The group where the work on this specification is currently being done: WICG
  - The group where standardization of this work is intended to be done: WHATWG and Web Payments
  - Major unresolved issues with or opposition to this specification: None so far
  - This work is being funded by: Google Chrome

You should also know that our [previous TAG request](https://github.com/w3ctag/design-reviews/issues/347) to delegate user activation raised valid concerns about being too generic, so we limited the scope of delegation here to a particular API.  More details can be found in [this section](https://docs.google.com/document/d/1IYN0mVy7yi4Afnm2Y0uda0JH8L2KwLgaBqsMVLMYXtk/edit#bookmark=id.2pydwea2nh99) in the design doc.

We'd prefer the TAG provide feedback as:
  🐛 open issues in our GitHub repo for **each point of feedback**

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/655

Received on Wednesday, 30 June 2021 20:30:09 UTC