Intent to Continue Experimenting: First-Party Sets and 'SameParty' cookie attribute

121 views
Skip to first unread message

Chris Fredrickson

unread,
Apr 29, 2021, 1:41:54 PMApr 29
to blink-dev

Contact emails

{cfredric, chlily, kaustubhag, shuuran}@chromium.org


Explainer

https://github.com/privacycg/first-party-sets

https://github.com/cfredric/sameparty


Summary

Introduce a mechanism by which a set of registrable domains (a "First-Party Set") can declare themselves to be the same "party" or entity, such as web properties owned by the same company, or domains with different ccTLDs used by the same website. (A First-Party Set applies to all HTTPS origins with a registrable domain that is the owner or a member element of the set.) Allow sites to indicate which cookies are intended to be set or sent in contexts where all ancestor frames belong to the same First-Party Set.


Link to “Intent to Prototype” blink-dev discussion

https://groups.google.com/u/1/a/chromium.org/g/blink-dev/c/-unZxHbw8Pc/m/_23CsOkHAQAJ


Goals for experimentation

To get feedback on the First-Party Sets and `SameParty` proposals; test First-Party Set functionality within a limited prototype; evaluate the current First-Party Set policy; and increase awareness of the First-Party Set and SameParty features.

(These are the same goals as in the original Intent to Experiment, we would just like to give interested partners more time to set up the experiment. See below.)


Experimental timeline

M89 to M93.


Any risks when the experiment finishes?

Sites should not rely on the 'SameParty' attribute to access their cookies in same-party, cross-site contexts after the experiment finishes.


Reason this experiment is being extended

An origin trial for First-Party Sets and SameParty started in Chrome M89 and is scheduled to end in Chrome M91. However, parties who have signed up for the Origin Trial are either in the process of completing or recently completed all steps required for registration. We would like to give these participants more time to set up for the experiment. This feature therefore still needs feedback.

Original experiment: https://groups.google.com/u/1/a/chromium.org/g/blink-dev/c/XkWbQKrBzMg/m/OifyvdHOAQAJ


Ongoing technical constraints

None.


Debuggability

The DevTools Cookies panel displays appropriate tooltips when cookies are blocked due to the 'SameParty' attribute. 


Will this feature be supported on all five Blink platforms supported by Origin Trials (Windows, Mac, Linux, Chrome OS, and Android)?

No. This feature will be supported on Windows, Mac, Linux, Chrome OS, and Android, but will initially not be supported on Android WebView. This feature depends on First-Party Sets, which will initially not be supported on Android WebView due to the Component Updater dependency during the initial prototype phase.


Link to entry on the feature dashboard

https://chromestatus.com/feature/5640066519007232

https://chromestatus.com/feature/5280634094223360



Mike West

unread,
Apr 30, 2021, 4:35:41 AMApr 30
to Chris Fredrickson, blink-dev
LGTM to extend from M91 to M93, given that there were delays in participants signing up for the OT.

-mike


--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/b57084f6-e87f-4399-98d7-785b00365583n%40chromium.org.
Reply all
Reply to author
Forward
0 new messages