Intent to Deprecate and Remove: Related Website Sets (RWS)

[Johann Hofmann]

Contact emails

joha...@google.com, kaust...@google.com

Explainer

https://github.com/WICG/first-party-sets 

Specification

https://wicg.github.io/first-party-sets/  

Summary

Related Website Sets (RWS), formerly known as First Party Sets, provides a framework for developers to declare relationships among sites, to enable limited cross-site cookie access for specific, user-facing purposes. This is facilitated through the use of the Storage Access API (SAA) and requestStorageAccessFor (rSAFor). RWS was designed for use in a browser without third-party cookies. Following Chrome's announcement that the current approach to third-party cookies will be maintained, we are now planning to deprecate and remove Related Website Sets (RWS). 

Once RWS is deprecated; existing usage of SAA across contexts within a set will fall back to the API’s behavior outside of RWS as specified here. The difference in SAA behavior outside of RWS is well illustrated in our developer blogpost here.

The companion rSAFor API will also be deprecated via a separate intent.  

We also intend to deprecate RWS-related Chrome Enterprise policies, as well as the chrome.privacy.relatedWebsiteSetsEnabled extension API; and will follow the relevant processes.

Blink component

Privacy

Web Feature ID

None

Motivation

Chrome has announced that the current approach to third-party cookies will be maintained. RWS usage is indicated by the number of registered sets (currently at 71 sets), and the usage of the requestStorageAccessFor API (currently at about 0.95% of pageloads), and after this announcement we intend to archive the registration repository, and expect adoption of rSAFor to decrease over time. 

We will continue to monitor usage and aim to drive it down prior to removal by proactively informing set owners of the deprecation timelines and request them to turn down usage. Further, other browser engines have not signaled interest in launching the API, obviating any interoperability concerns. 

Debuggability

N/A

Requires code in //chrome?

False

Estimated milestones

Deprecate in M144, and target M150 for removal.

Link to entry on the Chrome Platform Status

https://chromestatus.com/feature/5640066519007232

This intent message was generated by Chrome Platform Status.

[Johann Hofmann]

Apologies, I used the wrong Chromestatus link (the original feature status), this one is correct: https://chromestatus.com/feature/5194473869017088

[Rick Byers]

I guess the worst case breakage here is just a return to the old world where users who opt-out of 3PCs may see some breakage they can only fix with cookie exceptions. It's a shame, but not really a new compat concern IMHO.

LGTM1

--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAD_OO4gxedpHS8XLQJVfax5V7hn%2BBPUqv%3DC%2BYAdsqDknd0baBQ%40mail.gmail.com.

[Mike Taylor]

Ignoring rSAFor (which is handled in a different intent), from what I can tell deprecating RWS for sites that are using requestStorageAccess will just result in more permission prompts for users. 

LGTM2

To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAFUtAY-31pekOvHWeJnHAzQSCPzzf-SZHmianvpx273pJLuGDg%40mail.gmail.com.