Intent to Prototype: Partitioning Storage, Service Workers, and Communications APIs

已查看 506 次
跳至第一个未读帖子

Ben Kelly

未读,
2021年5月3日 12:11:302021/5/3
收件人 blink-dev

Intent to Prototype: Partitioning Storage, Service Workers, and Communications APIs

Contact Emails

m...@chomium.org

wande...@chromium.org

mike...@chromium.org

Explainer

https://github.com/wanderview/quota-storage-partitioning/blob/main/explainer.md

Specification

None currently.

Design Docs

None currently.

Summary

We intend to partition a number of APIs in 3rd party contexts.  This effort is focused on partitioning APIs above the network stack.  This includes quota-managed storage, service workers, and communication APIs (like BroadcastChannel).  See the explainer for more details.

Blink Component

Blink>Storage

Blink>ServiceWorker

Motivation

Partitioning is intended to address known, existing privacy and security issues in 3rd party contexts.

TAG Review

https://github.com/w3ctag/design-reviews/issues/629

TAG Review Status

Pending

Risks

We are not intending to provide an escape hatch for 3rd party contexts to access 1st party storage; i.e. no requestStorageAccess().  We feel solutions like requestStorageAccess() produce either a bad experience for users with prompts or an unpredictable platform for developers with heuristics.  See the explainer for more discussion of this topic.


Not providing an escape hatch means this effort is at greater web compatibility risk.  We are attempting to remove some capabilities to remove privacy and security abuses, but it's possible we will encounter a use case that we did not anticipate that blocks shipping.  We believe that partitioning these APIs will be mostly compatible, however, since they are typically not used for storing authentication state.  We do plan to deprecate 3rd party cookies as well, but there are separate efforts, like WebId, targeted at mitigating the authentication issue.


There is also some feedback from developers that partitioning has not been a problem in other browsers.

Interoperability and Compatibility

Will the feature be supported on all six Blink platforms?

Yes.

Is this feature fully tested by web-platform-tests?

Not yet.

Tracking Bug

crbug.com/1191114

Link to entry on the Chrome Platform Status

https://chromestatus.com/feature/5723617717387264


Ben Kelly

未读,
2021年5月4日 14:27:282021/5/4
收件人 blink-dev
FYI, we have some design ready for this effort:
Note, there may be some cross-links to other documents that are still private internal drafts.  We will post here when those are available.

Ben Kelly

未读,
2021年9月10日 14:28:102021/9/10
收件人 blink-dev
We also now have a public design doc for WebLocks.
回复全部
回复作者
转发
0 个新帖子