Intent to Continue Experimenting: First-Party Sets and 'SameParty' cookie attribute

[Chris Fredrickson]

Contact emails

{cfredric, chlily, kaustubhag, shuuran}@chromium.org

Explainer

https://github.com/privacycg/first-party-sets

https://github.com/cfredric/sameparty

Summary

Introduce a mechanism by which a set of registrable domains (a "First-Party Set") can declare themselves to be the same "party" or entity, such as web properties owned by the same company, or domains with different ccTLDs used by the same website. (A First-Party Set applies to all HTTPS origins with a registrable domain that is the owner or a member element of the set.) Allow sites to indicate which cookies are intended to be set or sent in contexts where all ancestor frames belong to the same First-Party Set.

Link to “Intent to Prototype” blink-dev discussion

https://groups.google.com/u/1/a/chromium.org/g/blink-dev/c/-unZxHbw8Pc/m/_23CsOkHAQAJ

Goals for experimentation

To get feedback on the First-Party Sets and `SameParty` proposals; test First-Party Set functionality within a limited prototype; evaluate the current First-Party Set policy; and increase awareness of the First-Party Set and SameParty features.

(These are the same goals as in the original Intent to Experiment, we would just like to give interested partners more time to set up the experiment. See below.)

Experimental timeline

M89 to M93.

Any risks when the experiment finishes?

Sites should not rely on the 'SameParty' attribute to access their cookies in same-party, cross-site contexts after the experiment finishes.

Reason this experiment is being extended

An origin trial for First-Party Sets and SameParty started in Chrome M89 and is scheduled to end in Chrome M91. However, parties who have signed up for the Origin Trial are either in the process of completing or recently completed all steps required for registration. We would like to give these participants more time to set up for the experiment. This feature therefore still needs feedback.

Original experiment: https://groups.google.com/u/1/a/chromium.org/g/blink-dev/c/XkWbQKrBzMg/m/OifyvdHOAQAJ

Ongoing technical constraints

None.

Debuggability

The DevTools Cookies panel displays appropriate tooltips when cookies are blocked due to the 'SameParty' attribute. 

Will this feature be supported on all five Blink platforms supported by Origin Trials (Windows, Mac, Linux, Chrome OS, and Android)?

No. This feature will be supported on Windows, Mac, Linux, Chrome OS, and Android, but will initially not be supported on Android WebView. This feature depends on First-Party Sets, which will initially not be supported on Android WebView due to the Component Updater dependency during the initial prototype phase.

Link to entry on the feature dashboard

https://chromestatus.com/feature/5640066519007232

https://chromestatus.com/feature/5280634094223360

[Mike West]

LGTM to extend from M91 to M93, given that there were delays in participants signing up for the OT.

-mike

--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/b57084f6-e87f-4399-98d7-785b00365583n%40chromium.org.