We've discussed your intent within security + privacy teams. The discussion raised a number of concerns, but we couldn't find enough detail to either substantiate or allay them. This unfortunately makes it difficult to give you actionable feedback.
Our thoughts: This API effectively packages a permission / user interaction in a token and allows it to be sent somewhere else, creating a permission-capability-thing. This raises a number of questions:
- The idea of gating functionality on user interaction is to make sure that the user understands what they are interacting with. If a user interaction is 'packaged' and sent for consumption elsewhere, does this still hold? Could a malicious user put the 'packaged' interaction to a surprising use?
- Are there limits to where it can be passed to? Could it be passed - via a server round-trip - to another site running in the same browser?
- Is there any info on the API that would consume the token?
- The token is unspecified, but seems to follow the pattern of 'unguessable secret number'. The problem here is with the Spectre attack family, where we've had to change our assumption to assume that any data within a process is potentially readable, even by sandboxed code. Under this assumption, could the token be read by an unintended recipient?
We were also a bit unclear on the use cases, and the relationship to feature policy.
Mustaq, could you maybe update the docs to include this type of information? We'd like to take a second look at it.