We now intend to disable cross-origin usage of the DGAPI along with the
v2.0 OT (I'm working on a CL, still needs to be landed and merged to M96).

On Fri, 15 Oct 2021 at 17:56, Yoav Weiss <yoavwe...@chromium.org> wrote:

> That'd be significantly better from my perspective, thanks! :)
>
> On Fri, Oct 15, 2021 at 8:48 AM Glen Robertson <glen...@chromium.org>
> wrote:
>
>> Actually, we could disable cross-origin usage and measure attempted usage
>> at the same time (in M96 with merge, in time for v2.0 OT start).
>> Sounds like this would be preferred by Blink Owners? I'll check with
>> others on the team.
>>
>> On Fri, 15 Oct 2021 at 10:02, Glen Robertson <glen...@chromium.org>
>> wrote:
>>
>>> Probably not before the OT starts, but yes before the OT finishes. I am
>>> adding a metric to see if there's any attempted usage of the API in this
>>> way currently, so we will need to get that out, then wait a milestone to
>>> see the result. That approach was OK'd by privacy review.
>>> Also note that this isn't a change from the v1 API.
>>>
>>> On Thu, 14 Oct 2021 at 19:40, Yoav Weiss <yoavwe...@chromium.org> wrote:
>>>
>>>> Is it possible to disallow delegation for the OT as well?
>>>>
>>>> On Tue, Oct 12, 2021 at 6:46 AM Glen Robertson <glen...@chromium.org>
>>>> wrote:
>>>>
>>>>> Yes, we are planning to disallow delegation before shipping. This was
>>>>> discussed in the privacy review on the launch bug
>>>>> <https://bugs.chromium.org/p/chromium/issues/detail?id=1250123>.
>>>>>
>>>>> On Tue, 12 Oct 2021 at 14:13, 'Matt Menke' via blink-dev <
>>>>> blink-dev@chromium.org> wrote:
>>>>>
>>>>>> All intent emails - including experiment, are reviewed for potential
>>>>>> privacy and security issues.  If this is keyed on frame origin, 
>>>>>> delegating
>>>>>> to cross-origin iframes is a cross-site tracking vector.  If cross-origin
>>>>>> iframes have access to it, but keyed on top frame origin rather than 
>>>>>> iframe
>>>>>> origin, it's not a privacy issue (though haven't thought about security
>>>>>> considerations).  Disallowing delegation, or otherwise addressing the
>>>>>> cross-site tracking issue would be needed to launch, so it's good to be
>>>>>> aware of it now, rather than only learning that this is an issue when
>>>>>> trying to ship.
>>>>>>
>>>>>> On Mon, Oct 11, 2021 at 11:03 PM Glen Robertson <glen...@chromium.org>
>>>>>> wrote:
>>>>>>
>>>>>>> In Chrome, the feature is controlled by the "payment" feature
>>>>>>> policy, and is therefore unavailable except in top-level context or when
>>>>>>> explicitly delegated to subframes (we are planning to disallow
>>>>>>> delegation
>>>>>>> <https://bugs.chromium.org/p/chromium/issues/detail?id=1257010> too).
>>>>>>> Digital products managed by the API are specific to an origin.
>>>>>>> IIUC we don't usually specify how user agents should do security
>>>>>>> controls but I've added these as suggestions in the explainer
>>>>>>> <https://github.com/WICG/digital-goods/blob/main/explainer.md#security-and-privacy-considerations>
>>>>>>> .
>>>>>>>
>>>>>>> On Sat, 9 Oct 2021 at 02:40, Matt Menke <mme...@google.com> wrote:
>>>>>>>
>>>>>>>> Skimming over the explainer, I can't determine whether this leaks
>>>>>>>> data cross-site or not.  Are these digital products that the API 
>>>>>>>> manages
>>>>>>>> exposed across sites, restricted to same-origin frame, restricted to
>>>>>>>> same-origin 1P contexts, or what?
>>>>>>>>
>>>>>>>> On Friday, October 8, 2021 at 3:37:18 AM UTC-4 Glen Robertson wrote:
>>>>>>>>
>>>>>>>>>
>>>>>>>>> Contact emails
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> *mgi...@chromium.org, gle...@chromium.org, rou...@chromium.org*
>>>>>>>>> Explainer
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> *https://github.com/WICG/digital-goods/blob/master/explainer.md
>>>>>>>>> <https://github.com/WICG/digital-goods/blob/master/explainer.md>*
>>>>>>>>> Specification
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> *None yet. Have a spec mentor and aiming to do this by M96 
>>>>>>>>> stable.*Design
>>>>>>>>> docs
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> *https://github.com/WICG/digital-goods/blob/master/explainer.md
>>>>>>>>> <https://github.com/WICG/digital-goods/blob/master/explainer.md>https://docs.google.com/document/d/1Jbt2Mzt-xg1cWVlFScBQsoX_pE8Kg1gYpulxUSV8FM0/edit
>>>>>>>>> <https://docs.google.com/document/d/1Jbt2Mzt-xg1cWVlFScBQsoX_pE8Kg1gYpulxUSV8FM0/edit>go/dgapi2
>>>>>>>>> <https://goto.google.com/dgapi2> (internal)*Summary
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> *An API for querying and managing digital products to facilitate
>>>>>>>>> in-app purchases from web applications, in conjunction with the 
>>>>>>>>> Payment
>>>>>>>>> Request API (which is used to make the actual purchases). The API 
>>>>>>>>> would be
>>>>>>>>> linked to a digital distribution service connected to via the user 
>>>>>>>>> agent.
>>>>>>>>> In Chrome, this is specifically a web API wrapper around the Android 
>>>>>>>>> Play
>>>>>>>>> Billing API.*Blink component
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> *Blink>Payments
>>>>>>>>> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3EPayments>*Search
>>>>>>>>> tags
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> *payments <https://chromestatus.com/features#tags:payments>,
>>>>>>>>> billing <https://chromestatus.com/features#tags:billing>*TAG
>>>>>>>>> review
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> *https://github.com/w3ctag/design-reviews/issues/571
>>>>>>>>> <https://github.com/w3ctag/design-reviews/issues/571>TAG recommends 
>>>>>>>>> making
>>>>>>>>> a Chrome-specific API. Other issues addressed.*TAG review status
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> *Issues addressed*Risks
>>>>>>>>>
>>>>>>>>> Interoperability and Compatibility
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> *Similar to Payment Request: this API is used to talk to specific
>>>>>>>>> store backends, and so its usage is tailored to the specific store. 
>>>>>>>>> The
>>>>>>>>> reason it's a proposed web standard is so that the same code (which is
>>>>>>>>> specific to one store) is portable across browsers.Gecko: No signal
>>>>>>>>> (https://github.com/mozilla/standards-positions/issues/349
>>>>>>>>> <https://github.com/mozilla/standards-positions/issues/349>)WebKit: No
>>>>>>>>> signal
>>>>>>>>> (https://lists.webkit.org/pipermail/webkit-dev/2021-October/032001.html
>>>>>>>>> <https://lists.webkit.org/pipermail/webkit-dev/2021-October/032001.html>)
>>>>>>>>>  Microsoft:
>>>>>>>>> Initial discussions, no public signal yet (has been 
>>>>>>>>> requested).Samsung:
>>>>>>>>> Initial discussions, no public signal yet (has been requested).Web
>>>>>>>>> developers: Positive
>>>>>>>>> (https://discourse.wicg.io/t/proposal-web-payments-digital-product-management-api/4350
>>>>>>>>> <https://discourse.wicg.io/t/proposal-web-payments-digital-product-management-api/4350>)44/61
>>>>>>>>> responses of "extremely likely" to continue to use the feature from 
>>>>>>>>> v1.0
>>>>>>>>> OT36/61 responses of slightly-to-extremely easy to use the feature 
>>>>>>>>> (and 12
>>>>>>>>> neutral) from v1.0 OT*Ergonomics
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> *Used in tandem with the Payment Request API.*Goals for
>>>>>>>>> experimentation
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> *- General API design. Determine whether developers need to access
>>>>>>>>> more data that would be exposed through the Play Billing API but is 
>>>>>>>>> not
>>>>>>>>> exposed through our web API.- Specifically, we have significantly 
>>>>>>>>> reduced
>>>>>>>>> the API surface for v2.0, and would like to know if it is still 
>>>>>>>>> acceptable
>>>>>>>>> for developers.- We would also like to know whether the API is 
>>>>>>>>> suitable for
>>>>>>>>> abstracting over other non-Play stores. While running an experiment 
>>>>>>>>> with
>>>>>>>>> the current implementation won't tell us this, it will set up 
>>>>>>>>> real-world
>>>>>>>>> clients and we can then try their sites on other 
>>>>>>>>> implementations.*Reason
>>>>>>>>> this experiment is being extended
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> *An origin trial ran from M88 to M95 and found some areas of
>>>>>>>>> developer friction and new features needed (see bugs labeled
>>>>>>>>> https://bugs.chromium.org/p/chromium/issues/list?q=label%3ADGAPI
>>>>>>>>> <https://bugs.chromium.org/p/chromium/issues/list?q=label%3ADGAPI>). 
>>>>>>>>> We
>>>>>>>>> also found potential fraud issues in the v1.0 API.The v2.0 API fixes
>>>>>>>>> several of the developer issues raised, and fixes the known fraud 
>>>>>>>>> issues.
>>>>>>>>> However, this is a significant change to the API surface. We would 
>>>>>>>>> like to
>>>>>>>>> know if the updated API is still acceptable for developers.*Ongoing
>>>>>>>>> technical constraints
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> *None*Debuggability
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> *We have had several requests from developers to make the API
>>>>>>>>> easier to debug, but it is difficult due to the interaction with a 
>>>>>>>>> backing
>>>>>>>>> service based in an app/store context. We are looking for suggestions
>>>>>>>>> <https://github.com/WICG/digital-goods/issues/33> on how we might 
>>>>>>>>> improve
>>>>>>>>> the debuggability of the API.*Will this feature be supported on
>>>>>>>>> all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and
>>>>>>>>> Android WebView)?
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> *NoNo, Android and Chrome OS only (the two platforms where we have
>>>>>>>>> Play Store integration).*Is this feature fully tested by
>>>>>>>>> web-platform-tests
>>>>>>>>> <https://chromium.googlesource.com/chromium/src/+/master/docs/testing/web_platform_tests.md>
>>>>>>>>> ?
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> *No. The JS<->mojo interface (Blink code) is tested
>>>>>>>>> <https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/web_tests/wpt_internal/digital-goods/>
>>>>>>>>> but the backing app/store context is unavailable in WPT.*Flag name
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> *DigitalGoods*Requires code in //chrome?
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> *False*Tracking bug
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> *https://crbug.com/1248319 <https://crbug.com/1248319>*Launch bug
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> *https://crbug.com/1250123 <https://crbug.com/1250123>*Estimated
>>>>>>>>> milestones
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> *OriginTrial desktop last99OriginTrial desktop first96OriginTrial
>>>>>>>>> android last99OriginTrial android first96*Link to entry on the
>>>>>>>>> Chrome Platform Status
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> *https://chromestatus.com/feature/5339955595313152
>>>>>>>>> <https://chromestatus.com/feature/5339955595313152>*Links to
>>>>>>>>> previous Intent discussions
>>>>>>>>>
>>>>>>>>> Intent to prototype:
>>>>>>>>> https://groups.google.com/a/chromium.org/g/blink-dev/c/vkS3k30lWNs
>>>>>>>>>
>>>>>>>>> Intent to Experiment (DGAPI v1.0):
>>>>>>>>> https://groups.google.com/a/chromium.org/g/blink-dev/c/syI9_M9dANY/m/3lt-QGMHAgAJ
>>>>>>>>>
>>>>>>>>> Intent to Continue Experimenting (DGAPI v1.0):
>>>>>>>>>
>>>>>>>>> https://groups.google.com/a/chromium.org/g/blink-dev/c/uoTx_cRuL5o
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> This intent message was generated by Chrome Platform Status
>>>>>>>>> <https://www.chromestatus.com/>.
>>>>>>>>>
>>>>>>>>> --
>>>>>> You received this message because you are subscribed to the Google
>>>>>> Groups "blink-dev" group.
>>>>>> To unsubscribe from this group and stop receiving emails from it,
>>>>>> send an email to blink-dev+unsubscr...@chromium.org.
>>>>>> To view this discussion on the web visit
>>>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAEK7mvpq1krCWQfTc_hi1mRSW9rwznRScDWa4dyUQPGPYt2jtQ%40mail.gmail.com
>>>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAEK7mvpq1krCWQfTc_hi1mRSW9rwznRScDWa4dyUQPGPYt2jtQ%40mail.gmail.com?utm_medium=email&utm_source=footer>
>>>>>> .
>>>>>>
>>>>> --
>>>>> You received this message because you are subscribed to the Google
>>>>> Groups "blink-dev" group.
>>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>>> an email to blink-dev+unsubscr...@chromium.org.
>>>>> To view this discussion on the web visit
>>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAPV%2BSg_%3D%3DywYCB%2B6ZsaXAndHpX9c_c_mBtU47KBEmX6Qm1J6vA%40mail.gmail.com
>>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAPV%2BSg_%3D%3DywYCB%2B6ZsaXAndHpX9c_c_mBtU47KBEmX6Qm1J6vA%40mail.gmail.com?utm_medium=email&utm_source=footer>
>>>>> .
>>>>>
>>>>

-- 
You received this message because you are subscribed to the Google Groups 
"blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to blink-dev+unsubscr...@chromium.org.
To view this discussion on the web visit 
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAPV%2BSg-AgwPMoJn9C4QOTSaT%3DGXC_9jTWLvuU73%3DScB_QSjWtw%40mail.gmail.com.

Reply via email to