[w3ctag/design-reviews] Early Design Review: Opener Protections (Issue #916)

こんにちは TAG-さん!

I'm requesting a TAG review of Opener Protections.

This proposal seeks to prevent or limit same-origin cross-frame communication that can bypass [storage partitioning](https://developer.chrome.com/en/docs/privacy-sandbox/storage-partitioning/), and to do so in alignment with existing work on the [Cross-Origin-Opener-Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Opener-Policy).

  - Explainer¹ (minimally containing user needs and example code): [[url]](https://arichiv.github.io/opener-storage-partitioning/)
  - Security and Privacy self-review²: See below
  - GitHub repo (if you prefer feedback filed there): https://github.com/arichiv/opener-storage-partitioning/issues
  - Primary contacts (and their relationship to the specification):
      - [Ari Chivukula] (@arichiv), Google Chrome
      - [Johann Hofmann](@johannhof), Google Chrome
  - Organization/project driving the design: Google Chrome
  - External status/issue trackers for this feature (publicly visible, e.g. Chrome Status): TODO

Further details:

  - [X] I have reviewed the TAG's [Web Platform Design Principles](https://www.w3.org/TR/design-principles/)
  - The group where the incubation/design work on this is being done (or is intended to be done in the future): Privacy CG
  - The group where standardization of this work is intended to be done ("unknown" if not known): Privacy CG
  - This work is being funded by: Google Chrome

We'd prefer the TAG provide feedback as (please delete all but the desired option):

  💬 leave review feedback as a **comment in this issue** and @-notify @arichiv, @johannhof

------------------------------------------------------------------------------------

1. What information might this feature expose to Web sites or other parties, and for what purposes is that exposure necessary?
    - This feature might expose whether or not user interaction has occurred to enable opener access between windows.
2. Do features in your specification expose the minimum amount of information necessary to enable their intended uses?
    - Yes, we should be reducing the amount of communication between windows possible overall.
3. How do the features in your specification deal with personal information, personally-identifiable information (PII), or information derived from them?
    - This feature does not differentiate between the type of information communicated.
4. How do the features in your specification deal with sensitive information?
    - This feature does not differentiate between the type of information communicated.
5. Do the features in your specification introduce new state for an origin that persists across browsing sessions?
    - No.
6. Do the features in your specification expose information about the underlying platform to origins?
    - No.
7. Does this specification allow an origin to send data to the underlying platform?
    - No.
8. Do features in this specification enable access to device sensors?
    - No.
9. Do features in this specification enable new script execution/loading mechanisms?
    - No.
10. Do features in this specification allow an origin to access other devices?
    - No.
11. Do features in this specification allow an origin some measure of control over a user agent’s native UI?
    - No.
12. What temporary identifiers do the features in this specification create or expose to the web?
    - It would be possible to detect if permission to communicate cross-origin to another window had been granted.
13. How does this specification distinguish between behavior in first-party and third-party contexts?
    - The heuristic for communication may differ in first and third party contexts.
14. How do the features in this specification work in the context of a browser’s Private Browsing or Incognito mode?
    - This feature does not work differently in such contexts.
15. Does this specification have both "Security Considerations" and "Privacy Considerations" sections?
    - Yes
16. Do features in your specification enable origins to downgrade default security protections?
    - This feature does not downgrade default protections.
17. How does your feature handle non-"fully active" documents?
    - This feature cannot be used until the document is active.
18. What should this questionnaire have asked?
    - N/A

-- 
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/916
You are receiving this because you are subscribed to this thread.

Message ID: <w3ctag/design-reviews/issues/916@github.com>

Received on Monday, 13 November 2023 16:41:00 UTC