[w3ctag/design-reviews] Permissions Policy reports for iframes (Issue #1050) from Jun on 2025-02-11 (public-webapps-github@w3.org from February 2025)

From: Jun <notifications@github.com>
Date: Tue, 11 Feb 2025 15:47:51 -0800
To: w3ctag/design-reviews <design-reviews@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3ctag/design-reviews/issues/1050@github.com>

TAGの皆様、こんにちは!

I'm requesting a TAG review of Permissions Policy reports for iframes.

I'd like to introduce a new Permissions Policy violation type called `Potential Permissions Policy violation`, which will only look at Permissions Policy (including report-only policy) and the `allow` attribute set in iframes to detect the conflict between Permissions Policy enforced vs permissions propagated to iframes. The Potential Permissions Policy violation reports will be sent to embedder's reporting endpoint, instead of iframe's reporting endpoint.

  - Explainer: https://gist.github.com/shhnjk/48ca9d1c41e0eebed0f452bfd612d787
  - Specification: [1](https://github.com/w3c/webappsec-permissions-policy/pull/546), [2](https://github.com/w3c/webappsec-permissions-policy/pull/559)
  - WPT Tests: https://github.com/web-platform-tests/wpt/pull/49978
  - User research:
  - Security and Privacy self-review: https://gist.github.com/shhnjk/9ef1f57f429b13c1c3acf3649fbf0bb0
  - GitHub repo: https://w3c.github.io/webappsec-permissions-policy/
  - Primary contacts:
      - Jun Kokatsu (@shhnjk), Google, Implementer
      - Ian Clelland (@clelland), Google, Permissions Policy Spec Editor
  - Organization/project driving the specification: Google
  - Multi-stakeholder support:
    - Chromium comments: https://groups.google.com/a/chromium.org/g/blink-dev/c/3PMdpmPPXu0/m/3BnXkyVfDAAJ
    - Mozilla comments: https://github.com/mozilla/standards-positions/issues/1164
    - WebKit comments: https://github.com/WebKit/standards-positions/issues/448
  - Status/issue trackers for implementations: https://chromestatus.com/feature/5154241037205504

Further details:

  - [x] I have reviewed the TAG's [Web Platform Design Principles](https://www.w3.org/TR/design-principles/)
  - Previous early design review, if any: N/A
  - Relevant time constraints or deadlines: I'd like to ship this soon
  - The group where the work on this specification is currently being done: WebAppSec
  - Major unresolved issues with or opposition to this specification:
  - This work is being funded by: Google

-- 
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/1050
You are receiving this because you are subscribed to this thread.

Message ID: <w3ctag/design-reviews/issues/1050@github.com>

Received on Tuesday, 11 February 2025 23:47:55 UTC