There's location.ancestorOrigins, but it does not allow that all in all
cases per current spec proposals.
> *TAG review*
> None
May I ask why?
> *Interoperability and Compatibility
> *This will permit WebAuthn operations where they would previously have
> been rejected, thus no compatibility issues.
This is not adressing the interop risk, right? This looks like it's
tied to Feature Policy, which is itself not something that particularly
has universal agreement on how it should work and whether it should be
implemented at all. That seems like a significant interop risk to me.
Well, there is a specific architectural question in terms of how the
permission is granted, no?
> If the question is "what are the risks that other browsers won't
> implement this" then a) the use of Feature Policy came from the Mozilla
> rep to WebAuthn (J. C.)
That is not my understanding of what happened per my conversation with
him just now, for what it's worth. I've asked him to follow up in this
thread.
> but Mozilla's major constraint is resources, so
> they might not implement but for entirely prioritisation-based reasons.
That is NOT a correct representation of Mozilla's position on Feature
Policy.
If the question is "what are the risks that other browsers won't implement this" then a) the use of Feature Policy came from the Mozilla rep to WebAuthn (J. C.)
Please note I had been raising the issue of whether Permissions was more appropriate. I neither remember nor can find in the minutes where I championed Feature Policy above Permissions.
Rather, we reached a compromise documented here: https://github.com/w3c/webauthn/issues/911#issuecomment-486394287
on 24-Apr-2019 call: we are going to just alloc the feat policy string, and provide some nominal guidance say in a Note: and see what the feedback is, and target L2-WD-01
I wasn’t intending my support of the PR for allocating the string and seeing “what the feedback is” to indicate Mozilla was supporting Feature Policy. I also wasn’t aware of the intricacies of the situation with regards to Feature Policy. I apologize for my mistake here.
Right, the job of the TAG is to provide the wider W3C context...
Part of the motivation behind the permission delegation aspect of
Feature Policy is to be able to put blame on the first-party in
user-facing UI. Basically, to drastically reduce the number of places
where implementation details of a site leak to the user in ways that
we should not expect users to understand.
I think it's generally accepted that it would be weird for arbitrary cross-origin iframes to be able to trigger WebAuthn operations.
Part of the motivation behind the permission delegation aspect of
Feature Policy is to be able to put blame on the first-party in
user-facing UI. Basically, to drastically reduce the number of places
where implementation details of a site leak to the user in ways that
we should not expect users to understand.
On Mon, Aug 12, 2019 at 7:31 PM Boris Zbarsky <bzba...@mit.edu> wrote:Right, the job of the TAG is to provide the wider W3C context...Hopefully J. C. will be on the WebAuthn call this week and I'll ask him to check in and clarify Mozilla's position. I thought that we had adopted Mozilla's suggested path here but could be misremembering.
For feature policy control, I feel the most important question is "is this a feature which ought to be delegated to cross-origin frames?" WebAuthn feels like a feature which fits that model, in that it is available to top-level documents, but as you say,On Tue, Aug 13, 2019 at 12:04 PM Adam Langley <a...@chromium.org> wrote:I think it's generally accepted that it would be weird for arbitrary cross-origin iframes to be able to trigger WebAuthn operations.In that case, it only makes sense for the top-level document to be able to delegate that capability to specific subframes (and if they need to, they can delegate it further). That's exactly the case that feature policy was designed for.
On Tue, Aug 13, 2019 at 7:52 AM Anne van Kesteren <ann...@annevk.nl> wrote:Part of the motivation behind the permission delegation aspect of
Feature Policy is to be able to put blame on the first-party in
user-facing UI. Basically, to drastically reduce the number of places
where implementation details of a site leak to the user in ways that
we should not expect users to understand.The question of being able to report a subframe's actions to the user *as if* it were the top-level origin which performed them makes sense in many cases, but not all, and I don't think that should be the only consideration. Especially in a case like this, where it's actually useful/important for the user to know which party they're authenticating to.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CADnb78gTDaYH5NuqO7gQ83g50MtsGbiUvgVBsOgrt%2B6M6F6BEg%40mail.gmail.com.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALjHGKrsyeW-qdyO9LTdb8SzBZ9bd5F%3DMPgMwTd0RxGK9HyA6w%40mail.gmail.com.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAKXHy%3Ddefpi-QVTMFtkfMK3RBcf_6xh%2BCF1_2077kv5w-6ebXw%40mail.gmail.com.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAFUtAY87OwU_vsehHTSw9CFL6Sx3fztwO8Lbq%3DxDbe2Uc6_Eyg%40mail.gmail.com.