Re: [w3ctag/design-reviews] Capability Delegation (#655) from Mustaq Ahmed on 2021-10-27 (public-webapps-github@w3.org from October 2021)

From: Mustaq Ahmed <notifications@github.com>
Date: Wed, 27 Oct 2021 14:01:26 -0700
To: w3ctag/design-reviews <design-reviews@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3ctag/design-reviews/issues/655/953307820@github.com>

> Under further review and reading through the entire list of standardized features, we are concerned about making all features available for delegation. More specifically, if a top level document is granted camera, usb, web-share etc. permission, it shouldn't be able to delegate without additional user consent.

That's a valid point, thanks for highlighting this.

This proposal is not meant to cover the delegation of "all features".  Instead, it just defines an interface for delegation, which can used by individual feature-owners in future **_if_** they decide to make the feature available for delegation.

To further emphasize this perspective, our [monkey-patch to Payment Request spec](https://wicg.github.io/capability-delegation/spec.html#monkey-patch-to-payment-req) (developed in consultation with that spec's owners) is just one specific example we added for sake of the completeness the Capability Delegation proposal.  Without such a concrete example, it is impossible to convey the details of delegation.

Each individual feature-owner would run a separate review process when proposing a change to corresponding feature's spec in future.  For example, if the `camera` spec-owners decide to allow delegating this feature in future, they would need to define the delegated behavior of this feature.  Such a definition would require a detailed spec change on their side, hence would call for a feature-specific review.

> Our recommendation is to specify an allow subset of features, namely payments and fullscreen (from what I can tell are current use cases) and be explicit about it in your spec.

That's a great recommendation, thanks.  It seems we can easily incorporate this "allowed subset" idea by conveying the success/failure status of the `postMessage()` call that initiates a delegation.  For example, we can throw an exception if developers try to delegate a capability not available for delegation.

I will start updating the proposal in a few days and ping this thread when done.  In the meantime, if anyone finds any problems with this, please let me know.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/655#issuecomment-953307820

Received on Wednesday, 27 October 2021 21:01:40 UTC