We now intend to disable cross-origin usage of the DGAPI along with the v2.0 OT (I'm working on a CL, still needs to be landed and merged to M96).
On Fri, 15 Oct 2021 at 17:56, Yoav Weiss <yoavwe...@chromium.org> wrote: > That'd be significantly better from my perspective, thanks! :) > > On Fri, Oct 15, 2021 at 8:48 AM Glen Robertson <glen...@chromium.org> > wrote: > >> Actually, we could disable cross-origin usage and measure attempted usage >> at the same time (in M96 with merge, in time for v2.0 OT start). >> Sounds like this would be preferred by Blink Owners? I'll check with >> others on the team. >> >> On Fri, 15 Oct 2021 at 10:02, Glen Robertson <glen...@chromium.org> >> wrote: >> >>> Probably not before the OT starts, but yes before the OT finishes. I am >>> adding a metric to see if there's any attempted usage of the API in this >>> way currently, so we will need to get that out, then wait a milestone to >>> see the result. That approach was OK'd by privacy review. >>> Also note that this isn't a change from the v1 API. >>> >>> On Thu, 14 Oct 2021 at 19:40, Yoav Weiss <yoavwe...@chromium.org> wrote: >>> >>>> Is it possible to disallow delegation for the OT as well? >>>> >>>> On Tue, Oct 12, 2021 at 6:46 AM Glen Robertson <glen...@chromium.org> >>>> wrote: >>>> >>>>> Yes, we are planning to disallow delegation before shipping. This was >>>>> discussed in the privacy review on the launch bug >>>>> <https://bugs.chromium.org/p/chromium/issues/detail?id=1250123>. >>>>> >>>>> On Tue, 12 Oct 2021 at 14:13, 'Matt Menke' via blink-dev < >>>>> blink-dev@chromium.org> wrote: >>>>> >>>>>> All intent emails - including experiment, are reviewed for potential >>>>>> privacy and security issues. If this is keyed on frame origin, >>>>>> delegating >>>>>> to cross-origin iframes is a cross-site tracking vector. If cross-origin >>>>>> iframes have access to it, but keyed on top frame origin rather than >>>>>> iframe >>>>>> origin, it's not a privacy issue (though haven't thought about security >>>>>> considerations). Disallowing delegation, or otherwise addressing the >>>>>> cross-site tracking issue would be needed to launch, so it's good to be >>>>>> aware of it now, rather than only learning that this is an issue when >>>>>> trying to ship. >>>>>> >>>>>> On Mon, Oct 11, 2021 at 11:03 PM Glen Robertson <glen...@chromium.org> >>>>>> wrote: >>>>>> >>>>>>> In Chrome, the feature is controlled by the "payment" feature >>>>>>> policy, and is therefore unavailable except in top-level context or when >>>>>>> explicitly delegated to subframes (we are planning to disallow >>>>>>> delegation >>>>>>> <https://bugs.chromium.org/p/chromium/issues/detail?id=1257010> too). >>>>>>> Digital products managed by the API are specific to an origin. >>>>>>> IIUC we don't usually specify how user agents should do security >>>>>>> controls but I've added these as suggestions in the explainer >>>>>>> <https://github.com/WICG/digital-goods/blob/main/explainer.md#security-and-privacy-considerations> >>>>>>> . >>>>>>> >>>>>>> On Sat, 9 Oct 2021 at 02:40, Matt Menke <mme...@google.com> wrote: >>>>>>> >>>>>>>> Skimming over the explainer, I can't determine whether this leaks >>>>>>>> data cross-site or not. Are these digital products that the API >>>>>>>> manages >>>>>>>> exposed across sites, restricted to same-origin frame, restricted to >>>>>>>> same-origin 1P contexts, or what? >>>>>>>> >>>>>>>> On Friday, October 8, 2021 at 3:37:18 AM UTC-4 Glen Robertson wrote: >>>>>>>> >>>>>>>>> >>>>>>>>> Contact emails >>>>>>>>> >>>>>>>>> >>>>>>>>> *mgi...@chromium.org, gle...@chromium.org, rou...@chromium.org* >>>>>>>>> Explainer >>>>>>>>> >>>>>>>>> >>>>>>>>> *https://github.com/WICG/digital-goods/blob/master/explainer.md >>>>>>>>> <https://github.com/WICG/digital-goods/blob/master/explainer.md>* >>>>>>>>> Specification >>>>>>>>> >>>>>>>>> >>>>>>>>> *None yet. Have a spec mentor and aiming to do this by M96 >>>>>>>>> stable.*Design >>>>>>>>> docs >>>>>>>>> >>>>>>>>> >>>>>>>>> *https://github.com/WICG/digital-goods/blob/master/explainer.md >>>>>>>>> <https://github.com/WICG/digital-goods/blob/master/explainer.md>https://docs.google.com/document/d/1Jbt2Mzt-xg1cWVlFScBQsoX_pE8Kg1gYpulxUSV8FM0/edit >>>>>>>>> <https://docs.google.com/document/d/1Jbt2Mzt-xg1cWVlFScBQsoX_pE8Kg1gYpulxUSV8FM0/edit>go/dgapi2 >>>>>>>>> <https://goto.google.com/dgapi2> (internal)*Summary >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> *An API for querying and managing digital products to facilitate >>>>>>>>> in-app purchases from web applications, in conjunction with the >>>>>>>>> Payment >>>>>>>>> Request API (which is used to make the actual purchases). The API >>>>>>>>> would be >>>>>>>>> linked to a digital distribution service connected to via the user >>>>>>>>> agent. >>>>>>>>> In Chrome, this is specifically a web API wrapper around the Android >>>>>>>>> Play >>>>>>>>> Billing API.*Blink component >>>>>>>>> >>>>>>>>> >>>>>>>>> *Blink>Payments >>>>>>>>> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3EPayments>*Search >>>>>>>>> tags >>>>>>>>> >>>>>>>>> >>>>>>>>> *payments <https://chromestatus.com/features#tags:payments>, >>>>>>>>> billing <https://chromestatus.com/features#tags:billing>*TAG >>>>>>>>> review >>>>>>>>> >>>>>>>>> >>>>>>>>> *https://github.com/w3ctag/design-reviews/issues/571 >>>>>>>>> <https://github.com/w3ctag/design-reviews/issues/571>TAG recommends >>>>>>>>> making >>>>>>>>> a Chrome-specific API. Other issues addressed.*TAG review status >>>>>>>>> >>>>>>>>> >>>>>>>>> *Issues addressed*Risks >>>>>>>>> >>>>>>>>> Interoperability and Compatibility >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> *Similar to Payment Request: this API is used to talk to specific >>>>>>>>> store backends, and so its usage is tailored to the specific store. >>>>>>>>> The >>>>>>>>> reason it's a proposed web standard is so that the same code (which is >>>>>>>>> specific to one store) is portable across browsers.Gecko: No signal >>>>>>>>> (https://github.com/mozilla/standards-positions/issues/349 >>>>>>>>> <https://github.com/mozilla/standards-positions/issues/349>)WebKit: No >>>>>>>>> signal >>>>>>>>> (https://lists.webkit.org/pipermail/webkit-dev/2021-October/032001.html >>>>>>>>> <https://lists.webkit.org/pipermail/webkit-dev/2021-October/032001.html>) >>>>>>>>> Microsoft: >>>>>>>>> Initial discussions, no public signal yet (has been >>>>>>>>> requested).Samsung: >>>>>>>>> Initial discussions, no public signal yet (has been requested).Web >>>>>>>>> developers: Positive >>>>>>>>> (https://discourse.wicg.io/t/proposal-web-payments-digital-product-management-api/4350 >>>>>>>>> <https://discourse.wicg.io/t/proposal-web-payments-digital-product-management-api/4350>)44/61 >>>>>>>>> responses of "extremely likely" to continue to use the feature from >>>>>>>>> v1.0 >>>>>>>>> OT36/61 responses of slightly-to-extremely easy to use the feature >>>>>>>>> (and 12 >>>>>>>>> neutral) from v1.0 OT*Ergonomics >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> *Used in tandem with the Payment Request API.*Goals for >>>>>>>>> experimentation >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> *- General API design. Determine whether developers need to access >>>>>>>>> more data that would be exposed through the Play Billing API but is >>>>>>>>> not >>>>>>>>> exposed through our web API.- Specifically, we have significantly >>>>>>>>> reduced >>>>>>>>> the API surface for v2.0, and would like to know if it is still >>>>>>>>> acceptable >>>>>>>>> for developers.- We would also like to know whether the API is >>>>>>>>> suitable for >>>>>>>>> abstracting over other non-Play stores. While running an experiment >>>>>>>>> with >>>>>>>>> the current implementation won't tell us this, it will set up >>>>>>>>> real-world >>>>>>>>> clients and we can then try their sites on other >>>>>>>>> implementations.*Reason >>>>>>>>> this experiment is being extended >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> *An origin trial ran from M88 to M95 and found some areas of >>>>>>>>> developer friction and new features needed (see bugs labeled >>>>>>>>> https://bugs.chromium.org/p/chromium/issues/list?q=label%3ADGAPI >>>>>>>>> <https://bugs.chromium.org/p/chromium/issues/list?q=label%3ADGAPI>). >>>>>>>>> We >>>>>>>>> also found potential fraud issues in the v1.0 API.The v2.0 API fixes >>>>>>>>> several of the developer issues raised, and fixes the known fraud >>>>>>>>> issues. >>>>>>>>> However, this is a significant change to the API surface. We would >>>>>>>>> like to >>>>>>>>> know if the updated API is still acceptable for developers.*Ongoing >>>>>>>>> technical constraints >>>>>>>>> >>>>>>>>> >>>>>>>>> *None*Debuggability >>>>>>>>> >>>>>>>>> >>>>>>>>> *We have had several requests from developers to make the API >>>>>>>>> easier to debug, but it is difficult due to the interaction with a >>>>>>>>> backing >>>>>>>>> service based in an app/store context. We are looking for suggestions >>>>>>>>> <https://github.com/WICG/digital-goods/issues/33> on how we might >>>>>>>>> improve >>>>>>>>> the debuggability of the API.*Will this feature be supported on >>>>>>>>> all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and >>>>>>>>> Android WebView)? >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> *NoNo, Android and Chrome OS only (the two platforms where we have >>>>>>>>> Play Store integration).*Is this feature fully tested by >>>>>>>>> web-platform-tests >>>>>>>>> <https://chromium.googlesource.com/chromium/src/+/master/docs/testing/web_platform_tests.md> >>>>>>>>> ? >>>>>>>>> >>>>>>>>> >>>>>>>>> *No. The JS<->mojo interface (Blink code) is tested >>>>>>>>> <https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/web_tests/wpt_internal/digital-goods/> >>>>>>>>> but the backing app/store context is unavailable in WPT.*Flag name >>>>>>>>> >>>>>>>>> >>>>>>>>> *DigitalGoods*Requires code in //chrome? >>>>>>>>> >>>>>>>>> >>>>>>>>> *False*Tracking bug >>>>>>>>> >>>>>>>>> >>>>>>>>> *https://crbug.com/1248319 <https://crbug.com/1248319>*Launch bug >>>>>>>>> >>>>>>>>> >>>>>>>>> *https://crbug.com/1250123 <https://crbug.com/1250123>*Estimated >>>>>>>>> milestones >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> *OriginTrial desktop last99OriginTrial desktop first96OriginTrial >>>>>>>>> android last99OriginTrial android first96*Link to entry on the >>>>>>>>> Chrome Platform Status >>>>>>>>> >>>>>>>>> >>>>>>>>> *https://chromestatus.com/feature/5339955595313152 >>>>>>>>> <https://chromestatus.com/feature/5339955595313152>*Links to >>>>>>>>> previous Intent discussions >>>>>>>>> >>>>>>>>> Intent to prototype: >>>>>>>>> https://groups.google.com/a/chromium.org/g/blink-dev/c/vkS3k30lWNs >>>>>>>>> >>>>>>>>> Intent to Experiment (DGAPI v1.0): >>>>>>>>> https://groups.google.com/a/chromium.org/g/blink-dev/c/syI9_M9dANY/m/3lt-QGMHAgAJ >>>>>>>>> >>>>>>>>> Intent to Continue Experimenting (DGAPI v1.0): >>>>>>>>> >>>>>>>>> https://groups.google.com/a/chromium.org/g/blink-dev/c/uoTx_cRuL5o >>>>>>>>> >>>>>>>>> >>>>>>>>> This intent message was generated by Chrome Platform Status >>>>>>>>> <https://www.chromestatus.com/>. >>>>>>>>> >>>>>>>>> -- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "blink-dev" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>> send an email to blink-dev+unsubscr...@chromium.org. >>>>>> To view this discussion on the web visit >>>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAEK7mvpq1krCWQfTc_hi1mRSW9rwznRScDWa4dyUQPGPYt2jtQ%40mail.gmail.com >>>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAEK7mvpq1krCWQfTc_hi1mRSW9rwznRScDWa4dyUQPGPYt2jtQ%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>>> . >>>>>> >>>>> -- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "blink-dev" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to blink-dev+unsubscr...@chromium.org. >>>>> To view this discussion on the web visit >>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAPV%2BSg_%3D%3DywYCB%2B6ZsaXAndHpX9c_c_mBtU47KBEmX6Qm1J6vA%40mail.gmail.com >>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAPV%2BSg_%3D%3DywYCB%2B6ZsaXAndHpX9c_c_mBtU47KBEmX6Qm1J6vA%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>> . >>>>> >>>> -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAPV%2BSg-AgwPMoJn9C4QOTSaT%3DGXC_9jTWLvuU73%3DScB_QSjWtw%40mail.gmail.com.
