Intent to Prototype: Partitioning Storage, Service Workers, and Communications APIs

[Ben Kelly]

Intent to Prototype: Partitioning Storage, Service Workers, and Communications APIs

Contact Emails

m...@chomium.org

wande...@chromium.org

mike...@chromium.org

Explainer

https://github.com/wanderview/quota-storage-partitioning/blob/main/explainer.md

Specification

None currently.

Design Docs

None currently.

Summary

We intend to partition a number of APIs in 3rd party contexts.  This effort is focused on partitioning APIs above the network stack.  This includes quota-managed storage, service workers, and communication APIs (like BroadcastChannel).  See the explainer for more details.

Blink Component

Blink>Storage

Blink>ServiceWorker

Motivation

Partitioning is intended to address known, existing privacy and security issues in 3rd party contexts.

TAG Review

https://github.com/w3ctag/design-reviews/issues/629

TAG Review Status

Pending

Risks

We are not intending to provide an escape hatch for 3rd party contexts to access 1st party storage; i.e. no requestStorageAccess().  We feel solutions like requestStorageAccess() produce either a bad experience for users with prompts or an unpredictable platform for developers with heuristics.  See the explainer for more discussion of this topic.

Not providing an escape hatch means this effort is at greater web compatibility risk.  We are attempting to remove some capabilities to remove privacy and security abuses, but it's possible we will encounter a use case that we did not anticipate that blocks shipping.  We believe that partitioning these APIs will be mostly compatible, however, since they are typically not used for storing authentication state.  We do plan to deprecate 3rd party cookies as well, but there are separate efforts, like WebId, targeted at mitigating the authentication issue.

There is also some feedback from developers that partitioning has not been a problem in other browsers.

Interoperability and Compatibility

• Gecko: No official signal, but they are also investing in partitioning storage and have shipped partitioning in some non-default modes.

• Webkit: No official signal, but they have been partitioning storage in various forms for a long time.

Will the feature be supported on all six Blink platforms?

Yes.

Is this feature fully tested by web-platform-tests?

Not yet.

Tracking Bug

crbug.com/1191114

Link to entry on the Chrome Platform Status

https://chromestatus.com/feature/5723617717387264

[Ben Kelly]

FYI, we have some design ready for this effort:

• Service Workers
  
• SharedWorker
  
• BroadcastChannel
  

Note, there may be some cross-links to other documents that are still private internal drafts.  We will post here when those are available.

[Ben Kelly]

We also now have a public design doc for WebLocks.