- From: Anton Maliev <notifications@github.com>
- Date: Tue, 28 Nov 2023 20:18:41 -0800
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3ctag/design-reviews/issues/919@github.com>
こんにちは TAG-さん!
I'm requesting a TAG review of Storage Access Heuristics.
The web is moving to deprecate third-party cookies, and not every site developer will have the time and bandwidth to implement workarounds to mitigate user-facing breakage. In particular, flows involving authentication tokens from identity providers are a common web pattern that relies on third-party cookies to operate. This explainer outlines a proposal for granting temporary storage access when a user satisfies certain predefined flows, chosen to balance web compatibility efforts and security/privacy goals.
- Explainer¹ (minimally containing user needs and example code): https://github.com/amaliev/3pcd-exemption-heuristics/blob/main/explainer.md
- Specification URL: https://github.com/whatwg/compat/pull/253
- Tests: In progress
- User research: N/A
- Security and Privacy self-review²: https://github.com/amaliev/3pcd-exemption-heuristics/blob/main/tag-privacy-security.md
- GitHub repo (if you prefer feedback filed there): https://github.com/amaliev/3pcd-exemption-heuristics
- Primary contacts (and their relationship to the specification):
- [Anton Maliev] (amaliev, Google): Primary spec author
- [Johann Hofmann] (johannhof, Google): Primary spec reviewer
- [Jeffrey Yasskin] (jyasskin, Google): Primary spec reviewer
- Organization(s)/project(s) driving the specification: Google, Privacy Sandbox
- Key pieces of existing multi-stakeholder review or discussion of this specification:
MDN docs for this feature: https://developer.mozilla.org/en-US/docs/Web/Privacy/Storage_Access_Policy#automatic_storage_access_upon_interaction
Safari docs for this feature: https://webkit.org/blog/8311/intelligent-tracking-prevention-2-0/#:~:text=Temporary%20Compatibility%20Fix%3A%20Automatic%20Storage%20Access%20for%20Popups
PrivacyCG discussion: https://github.com/privacycg/proposals/issues/42
TPAC presentation: [TPAC 2023 - Third-party Cookie Deprecation Exemption Heuristics](https://docs.google.com/presentation/d/1Ao67urE4Y5eoklngX5QtysRqN7_3aossG9cS3cFHTc8/edit?usp=sharing)
- External status/issue trackers for this specification (publicly visible, e.g. Chrome Status): https://chromestatus.com/feature/5181771549507584
Further details:
- [X] I have reviewed the TAG's [Web Platform Design Principles](https://www.w3.org/TR/design-principles/)
- Relevant time constraints or deadlines: We’re planning to enable this in Chrome M120 (by 12/14/2023) for the [Third-Party Cookie Deprecation](https://groups.google.com/a/chromium.org/g/blink-dev/c/RG0oLYQ0f2I/m/xMSdsEAzBwAJ).
- The group where the work on this specification is currently being done: WHATWG / Web compat
- The group where standardization of this work is intended to be done (if current group is a community group or other incubation venue): Proposed in PrivacyCG
- Major unresolved issues with or opposition to this specification: While other browsers ship these heuristics, there is some lack of clarity regarding to what extent we’d like to specify / standardize them. All involved stakeholders intend for them to be temporary, which is why we opted for specification in the Web Compat spec vs. standardization into HTML.
- This work is being funded by: Google
You should also know that… N/A
We'd prefer the TAG provide feedback as (please delete all but the desired option):
🐛 open issues in our GitHub repo for **each point of feedback**
--
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/919
You are receiving this because you are subscribed to this thread.
Message ID: <w3ctag/design-reviews/issues/919@github.com>
Received on Wednesday, 29 November 2023 04:18:46 UTC