Re: [w3ctag/design-reviews] COOP: restrict-properties early review (Issue #760)

Hi @torgo !

I've written a new explainer here with the latest developments: https://github.com/hemeryar/coi-with-popups. It's not complete but should give you a good idea of how the development process is going.

We've tried to adjust the design to make the feature as usable as possible to avoid having to add yet another policy in the future. This should work for all common cases. The current characteristics (same-origin same coop can DOM script, third party iframe can open functional popups, window.name gets restored after going back to a COOP: restrict-properties page, etc.) are designed for this purpose.

We're also planning on adding a new spec concept, the COOP group, which encompasses multiple browsing context groups that have limited access to each other. This allows us to modify the standard for non COOP: restrict-properties documents as little as possible. No new agent cluster keying, no new capabilities for browsing context groups, etc. If you're not interacting with the feature you shouldn't have to care about it. This hopefully helps a bit with the complexity.

We're also discussing a modification of how COOP origins are inherited and used, to support COOP: restrict-properties, but also to have a unified and (hopefully) more comprehensive behavior. See https://github.com/whatwg/html/issues/8481 and https://github.com/hemeryar/coi-with-popups/blob/main/docs/cross_origin_iframe_popup.MD.

We're hoping to start the OT early this year on Chrome side.

Thanks!
Arthur

-- 
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/760#issuecomment-1429732265
You are receiving this because you are subscribed to this thread.

Message ID: <w3ctag/design-reviews/issues/760/1429732265@github.com>