Comments (6)
martinthomson
commented on August 14, 2024
2
The chairs need to confer on this one, but it looks like we have the requisite interest.
from proposals.
johannhof
commented on August 14, 2024
See prior discussion at privacycg/storage-access#102
To address the potential question of "shouldn't we continue to do this work in the Storage Access API repository?", I'd like to say from an editor's perspective that we'd prefer to "freeze" the scope of current spec work on SAA to what's shipping in browsers today and only fix bugs and integration with cookies to allow for graduation into HTML. Outsourcing new proposals into their own work items under Privacy CG makes sense to me.
cc @annevk @bvandersloot-mozilla to correct me if this doesn't match their view
from proposals.
annevk
commented on August 14, 2024
I think Iād be pretty flexible for smaller proposals. Really depends on how much ends up needing to fundamentally change. (And if we somehow manage to not get cookie integration done we might have to reconsider as well, but Iām optimistic we can do it based on our progress thus far.)
from proposals.
johannhof
commented on August 14, 2024
@privacycg/chairs I think this got generally positive reception at the last call, any concerns with adopting this?
from proposals.
arichiv
commented on August 14, 2024
Proposed IDL: https://github.com/arichiv/saa-non-cookie-storage/blob/main/idl.md
Chrome OT launched in M120 for some parts, the rest are coming in M121.
from proposals.
arichiv
commented on August 14, 2024
Two additional explainers (each of which is an extension to Storage Access API (SAA) to non-cookie storage) have been published!
Explainer: Extending Storage Access API (SAA) to omit unpartitioned cookies
The current Storage Access API requires that unpartitioned cookie access is granted if any unpartitioned storage access is needed. This forces unpartitioned cookies to be included in network requests which may not need them, having impacts on network performance and security. Before the extension ships, we have a chance to fix this behavior without a compatibility break.
Explainer: Extending Storage Access API (SAA) to Shared Workers
There has been increasing developer and implementer interest in first-party workers being available in third-party contexts the same way that third-party cookies already can be. In the absence of such a solution, we leave developers without a robust way to manage cross-tab state for frames loading the same origin. This explainer proposes a solution for developers to regain third-party access to Shared Workers in select instances to avoid user-facing breakage in browsers shipping storage partitioning.
Let's discuss this at the next Privacy CG meeting.
from proposals.
Related Issues (20)
- Fenced Frames HOT 10
- Ad Topic Hints HOT 15
- Suggested and User-Specified Hierarchical Interests (SUSHI) HOT 1
- Privacy-Safe Storage API HOT 9
- Referrer trimming: Edge's behaviour? HOT 1
- Cookies Having Independent Partitioned State (CHIPS) HOT 3
- Privacy by design with browser-managed E2E encryption and Fenced Frames HOT 3
- Privacy by design with browser-managed E2E encryption with FIDO Protocol and Hardware keys
- Import/export passwords in keepass format for all browsers
- bounce tracking mitigations HOT 3
- requestStorageAccessFor: Page-level cross-site cookie grant API HOT 7
- DNS TLD for Privacy HOT 10
- Web hardware revocation API HOT 3
- Possible Intention Signal stronger than a simple user-gesture requirement
- Privacy policy discovery. HOT 26
- Fragment Directives API HOT 8
- Third-party Cookie Access Heuristics explainer HOT 7
- Opener Protections HOT 5
- Storage Access Headers HOT 8
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
š Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ššš
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ā¤ļø Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from proposals.