Re: Origin-scoped cache/cookie/storage context

On Fri, Jan 10, 2014 at 3:13 AM, Anne van Kesteren <> wrote:

> On Fri, Jan 10, 2014 at 9:20 AM, Mike West <> wrote:
> > I like the concept very much. I'm unclear as to the practical
> implementation
> > you're proposing. How do sites opt-in to this sort of treatment? How do
> you
> > determine when a site ought to get credentials and when it shouldn't?
> I would expect opt-in to be similar to HSTS. Once done, the browser
> will remember that the given origin wants to be partitioned. And only
> if that origin is navigated to is its associated context (such as
> cookies and cache) available.
> It's not entirely clear if in different contexts (when something else
> is navigated to) isolated origins should be given special treatment.
> This came out of a discussion we had about hosted apps and similar
> experiments and how they are different from the web you browse and
> whether we should make that into something you can opt into. (I hope
> this addresses Henri's question too.)

We have actually attempted implementing such isolation based on ideas in a
Charlie Reis, Adam Barth, et al. I've even used it and blogged about
to try this experimental feature at The
underlying partitioning code is still mostly in the Chromium source, but
will likely disappear in the not so distant future, but feel free to try it
out and experiment with the UX.

Instead of using HSTS, we implemented this on the client side for the
purpose of testing it out. We decided not to ship this in its current
implementation, because of the confusing user experience in our
implementation. The example scenario that is confusing for the user is a
news site with social networking buttons, which when clicked lead to
authentication prompts, even though the user is already logged into the
social network.
Our decision was to try and achieve the same end result though different
means, due to how we implement and enforce partitioning. We are currently
working on the first piece needed to get us there.

If you are interested in glory details of why it didn't work as users
expect it, let me know and I'll be happy to explain.


Received on Sunday, 12 January 2014 13:20:37 UTC