Thanks all. Just an update - we're rolling First-Party Sets out to 1% on Chrome M113 Stable now, and plan to ramp up to 100% over the next few weeks (barring metrics regressions).
On Friday, April 7, 2023 at 12:45:41 PM UTC-4 Mike Taylor wrote: > After re-reading the spec, explainer, related discussions, and related > prior art over the past week or so, I believe that First Party Sets solves > important use cases, especially in a post-third-party cookie world. > > LGTM3. > On 4/7/23 11:36 AM, Yoav Weiss wrote: > > Given the above, LGTM2 > > On Wed, Apr 5, 2023 at 5:57 PM Alex Russell <slightly...@chromium.org> > wrote: > >> Per today's OWNERS meeting, Daniel raised the point that we need a place >> to approve/dispose the overall FPS direction rather than the smaller point >> features, so for that reason I'm going to LGTM1 this here (contra Yoav's >> previous message). >> >> Best, >> >> Alex >> >> On Friday, March 31, 2023 at 8:31:10 AM UTC-7 Chris Harrelson wrote: >> >>> Hi Martin, >>> >>> On Fri, Mar 31, 2023 at 12:32 AM Martin Thomson <m...@mozilla.com> wrote: >>> >>>> As long as FPS affects how the web operates in any way, it should be >>>> subject to standardization and - I would expect - the same review as any >>>> other feature. >>>> >>> >>> With the plan Yoav is suggesting, the Blink API owners would still >>> review it carefully, but in the context of the other intents that involve >>> web-exposed behavior. In the end, which email we reply to is a >>> technicality; either way, we'll review the entire feature set. >>> >>> On Wed, Mar 29, 2023 at 6:44 PM Yoav Weiss <yoavwe...@chromium.org> >>>> wrote: >>>> >>>>> Thanks for filing this intent. I agree with your analysis that it's >>>>> not directly web-exposed, and as such, I don't think LGTMs are required >>>>> (but still appreciate the intent as required context for rSA and rSAF). >>>>> We'll see if other API owners disagree. >>>>> >>>>> On Mon, Mar 20, 2023 at 10:31 PM Johann Hofmann < >>>>> johann...@chromium.org> wrote: >>>>> >>>>>> Contact emails >>>>>> >>>>>> cfred...@chromium.org, shuu...@chromium.org, kaustub...@chromium.org, >>>>>> johann...@chromium.org >>>>>> >>>>>> Explainer >>>>>> >>>>>> https://github.com/WICG/first-party-sets >>>>>> >>>>>> Specification >>>>>> >>>>>> https://wicg.github.io/first-party-sets >>>>>> >>>>>> Design docs >>>>>> >>>>>> First-Party Sets: Initial prototype description >>>>>> <https://docs.google.com/document/d/1Lbvn3Wt664AhWA-UytjGEi7UcRMhrR4trUWEi2ieUkE/edit#heading=h.t7ybo54eelkd> >>>>>> >>>>>> First-Party Sets Prototype Design Doc >>>>>> <https://docs.google.com/document/d/16m5IfppdmmL-Zwk9zW8tJD4iHTVGJOLRP7g-QwBwX5c/edit?usp=sharing> >>>>>> >>>>>> Summary >>>>>> >>>>>> First-Party Sets (“FPS”) provides a framework for developers to >>>>>> declare relationships among sites, to enable limited cross-site cookie >>>>>> access for specific, user-facing purposes. This is facilitated through >>>>>> the >>>>>> use of the Storage Access API >>>>>> <https://github.com/privacycg/storage-access> and >>>>>> requestStorageAccessFor >>>>>> <https://github.com/privacycg/requestStorageAccessForOrigin/> API. >>>>>> >>>>>> The First-Party Sets proposal that we intend to ship significantly >>>>>> differs from its originally proposed design, as we have incorporated >>>>>> feedback from various stakeholders. An overview of what changed and why >>>>>> can >>>>>> be found here >>>>>> <https://developer.chrome.com/docs/privacy-sandbox/first-party-sets-evolution/> >>>>>> . >>>>>> >>>>>> It’s important to note that because of its integration with the >>>>>> Storage Access API and requestStorageAccessFor, FPS is not a feature >>>>>> that >>>>>> is directly web-exposed. We still consider its overall impact on the web >>>>>> platform to be big enough to follow the blink launch process. >>>>>> >>>>>> We have submitted adjacent Intents to Ship both requestStorageAccess >>>>>> and requestStorageAccessFor. >>>>>> >>>>>> >>>>>> Blink component >>>>>> >>>>>> Privacy >>>>>> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Privacy> >>>>>> >>>>>> TAG review >>>>>> >>>>>> https://github.com/w3ctag/design-reviews/issues/342 >>>>>> >>>>>> TAG review status >>>>>> >>>>>> Pending >>>>>> >>>>>> Risks >>>>>> >>>>>> Interoperability and Compatibility >>>>>> >>>>>> This is not a breaking change. To use it, sites will need to opt in >>>>>> to using First-Party Sets. There is no change to existing behavior for >>>>>> sites not opting in to First-Party Sets. >>>>>> >>>>>> >>>>>> Gecko: Negative ( >>>>>> https://github.com/mozilla/standards-positions/issues/350) >>>>>> >>>>>> WebKit: Negative ( >>>>>> https://github.com/WebKit/standards-positions/issues/93) >>>>>> >>>>>> Web developers: Positive. FPS has been extensively discussed during >>>>>> its incubation in the Privacy CG and the WICG. Throughout this >>>>>> discussion >>>>>> we've consistently seen great interest and participation by web >>>>>> developers. >>>>>> >>>>>> - >>>>>> >>>>>> >>>>>> >>>>>> https://developer.chrome.com/docs/privacy-sandbox/first-party-sets-evolution/#working-with-the-ecosystem >>>>>> - >>>>>> >>>>>> >>>>>> >>>>>> https://lists.w3.org/Archives/Public/public-privacycg/2022Jun/0031.html >>>>>> >>>>>> >>>>>> >>>>>> Other signals: Edge: Positive. Microsoft has been “generally >>>>>> supportive of the effort” >>>>>> <https://github.com/privacycg/meetings/blob/main/2020/telcons/12-10-minutes.md> >>>>>> >>>>>> since 2020 and had a co-editor on the spec for a while. Edge, in >>>>>> conversations, has confirmed their intent to support FPS after it ships >>>>>> in >>>>>> Chrome. Through the component updater the FPS list should be available >>>>>> to >>>>>> Edge. We will work with the Edge team to make sure that they can >>>>>> potentially host their own version of the (same) list and to ensure >>>>>> cooperation on managing the list. >>>>>> >>>>>> Ergonomics >>>>>> >>>>>> Use of the Storage Access API requires sites to run JavaScript before >>>>>> they can access their cookies. No performance concerns. >>>>>> >>>>>> >>>>>> Activation >>>>>> >>>>>> Site owners will need to register their first-party sets in a public >>>>>> process, categorizing their usage in subsets and passing a number of >>>>>> technical checks, such as verifying ownership with a /.well-known/ file. >>>>>> The submission guidelines and checks are described in full detail on >>>>>> https://github.com/GoogleChrome/first-party-sets/blob/main/FPS-Submission_Guidelines.md >>>>>> >>>>>> This feature is meant to allow developers to preserve critical use >>>>>> cases (e.g., shared infrastructure across ccTLDs, service domains) when >>>>>> Chrome deprecates third-party cookies. As such, it will provide only >>>>>> limited utility right now, but give developers an important head start >>>>>> in >>>>>> testing and preparing their sites for the upcoming deprecation. >>>>>> >>>>>> FPS will require usage of the Storage Access API and/or >>>>>> requestStorageAccessFor >>>>>> API to have a web-observable effect. This improves cross-browser >>>>>> compatibility (for Storage Access API) but might come with some >>>>>> migration >>>>>> cost for developers that were previously relying on passive cookie >>>>>> access >>>>>> without JavaScript calls. >>>>>> >>>>>> >>>>>> Security >>>>>> >>>>>> None >>>>>> >>>>>> >>>>>> WebView application risks >>>>>> >>>>>> Does this intent deprecate or change behavior of existing APIs, such >>>>>> that it has potentially high risk for Android WebView-based applications? >>>>>> >>>>>> No >>>>>> >>>>>> >>>>>> Debuggability >>>>>> >>>>>> We show a DevTools warning when third-party cookies are blocked and >>>>>> the top-level site is in the same First-Party Set as the embedded site. >>>>>> Further developer tooling will likely be needed to support the eventual >>>>>> deprecation of third-party cookies. >>>>>> >>>>>> >>>>>> Will this feature be supported on all six Blink platforms (Windows, >>>>>> Mac, Linux, Chrome OS, Android, and Android WebView)? >>>>>> >>>>>> No. This will be supported on Windows, Mac, Linux, Chrome OS, and >>>>>> Android, but will not initially be supported on Android WebView. The >>>>>> First-Party Set information is consumed only by Chrome's implementation >>>>>> of >>>>>> the Storage Access API, which is not implemented in Android WebView. >>>>>> >>>>>> >>>>>> Is this feature fully tested by web-platform-tests >>>>>> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> >>>>>> ? >>>>>> >>>>>> No WPTs, as this isn't directly exposed to web content. Both rSA and >>>>>> rSAFor (through which this is exposed) have WPTs. >>>>>> >>>>>> Flag name >>>>>> >>>>>> FirstPartySets >>>>>> >>>>>> Requires code in //chrome? >>>>>> >>>>>> True >>>>>> >>>>>> Launch bug >>>>>> >>>>>> https://bugs.chromium.org/p/chromium/issues/detail?id=1175191 >>>>>> >>>>>> Estimated milestones >>>>>> >>>>>> Shipping in M113. >>>>>> >>>>>> >>>>>> >>>>>> Anticipated spec changes >>>>>> >>>>>> We don't expect backwards-incompatible changes to the general >>>>>> mechanics and web platform integration of FPS. We may improve the policy >>>>>> and technical checks of the submission process. To help with this, >>>>>> submitters should expect that sets will be subject to expiration and / >>>>>> or >>>>>> renewal requirements. >>>>>> >>>>>> Link to entry on the Chrome Platform Status >>>>>> >>>>>> https://chromestatus.com/feature/5640066519007232 >>>>>> >>>>>> Links to previous Intent discussions >>>>>> >>>>>> Intent to prototype: >>>>>> https://groups.google.com/u/1/a/chromium.org/g/blink-dev/c/0EMGi-xbI-8/m/FgSjq6TtBwAJ >>>>>> >>>>>> Intent to Experiment: >>>>>> https://groups.google.com/u/1/a/chromium.org/g/blink-dev/c/XkWbQKrBzMg >>>>>> >>>>>> >>>>>> This intent message was generated by Chrome Platform Status >>>>>> <https://chromestatus.com/>. >>>>>> >>>>>> -- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "blink-dev" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>> send an email to blink-dev+unsubscr...@chromium.org. >>>>>> To view this discussion on the web visit >>>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAD_OO4jfJ3tEbyWMX6RgJMFhhNe5t5aScd9kNerYMC8THe1-Sg%40mail.gmail.com >>>>>> >>>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAD_OO4jfJ3tEbyWMX6RgJMFhhNe5t5aScd9kNerYMC8THe1-Sg%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>>> . >>>>>> >>>>> -- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "blink-dev" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to blink-dev+unsubscr...@chromium.org. >>>>> To view this discussion on the web visit >>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfVrFVLJ%3DUQ7H-4K2E7%2BcZev-hCWZSkfy1CZJ%3DeP%2B4qexg%40mail.gmail.com >>>>> >>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfVrFVLJ%3DUQ7H-4K2E7%2BcZev-hCWZSkfy1CZJ%3DeP%2B4qexg%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>> . >>>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "blink-dev" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to blink-dev+unsubscr...@chromium.org. >>>> >>> To view this discussion on the web visit >>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAPLxc%3DWySgtAyOz07J6-Ot9%2BnHyVWDHS_VJHL3WdXA9r2SEAcw%40mail.gmail.com >>>> >>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAPLxc%3DWySgtAyOz07J6-Ot9%2BnHyVWDHS_VJHL3WdXA9r2SEAcw%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>> . >>>> >>> -- >> You received this message because you are subscribed to the Google Groups >> "blink-dev" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to blink-dev+unsubscr...@chromium.org. >> To view this discussion on the web visit >> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/02233b55-3d98-438a-a4be-abb06e180ea3n%40chromium.org >> >> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/02233b55-3d98-438a-a4be-abb06e180ea3n%40chromium.org?utm_medium=email&utm_source=footer> >> . >> > -- > You received this message because you are subscribed to the Google Groups > "blink-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to blink-dev+unsubscr...@chromium.org. > > To view this discussion on the web visit > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfUaOvSStxP9bJMChARXmurPdqh6NWuTyDWU9ohJJDtiZg%40mail.gmail.com > > <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfUaOvSStxP9bJMChARXmurPdqh6NWuTyDWU9ohJJDtiZg%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/e2197703-eacb-4f26-b6aa-ed1e085c7b7bn%40chromium.org.
