Contact emails shivani...@chromium.org, jkar...@chromium.org
Explainer https://github.com/WICG/fenced-frame/blob/master/explainer/fenced_frames_with_local_unpartitioned_data_access.md Specification The fenced frames <https://wicg.github.io/fenced-frame/> and shared storage <https://wicg.github.io/shared-storage/> specs will be updated with these changes. Blink component Blink>FencedFrames <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3EFencedFrames> Summary and Motivation There are situations in which it is helpful to decorate a third-party widget with cross-site information about the user, such as a personalized payment button that displays credit card information to give the user confidence that the payment flow will be smooth, or a personalized sign-in button. These sorts of use cases will be broken by third-party cookie deprecation <https://privacysandbox.com/open-web/> (3PCD). Fenced frames are a natural fit for such use cases, as they allow for frames with cross-site data to be composed within a page of another partition. The idea proposed here is to allow fenced frames to have access to the cross-site data stored for the given origin within shared storage <https://github.com/WICG/shared-storage>. In other words, the payment site would add the user’s payment data to shared storage when the user visits the payment site, and then read it in third-party fenced frames to decorate their payment button. To prevent the fenced frame from leaking the user’s shared storage data out (to the embedder or to servers via network) we’re requiring that fenced frames first disable all untrusted network communications before accessing shared storage. The motivation for this variant of fenced frames are customized payment buttons for third-party payment service providers (as discussed in this issue <https://github.com/WICG/fenced-frame/issues/15>) but this proposal is not intended to be restricted to payments. Any form of third-party UX that wishes to show personalized information to a user, without leaking that information to the embedder, could use it. Initial public proposal https://github.com/WICG/fenced-frame/blob/master/explainer/fenced_frames_with_local_unpartitioned_data_access.md TAG review To be requested Risks Interoperability and Compatibility The functionality is purely additive and does not have backward compatibility concerns. There are no interoperability risks as no other browsers have decided to implement these features yet. Web developers: Positive (comment on the TAG review <https://github.com/w3ctag/design-reviews/issues/735#issuecomment-1206075921> showing support) Other signals: We have also heard from TAG reviewers about fenced frames’ capability to support non-ads use cases, as given here <https://github.com/w3ctag/design-reviews/issues/838#issuecomment-1662399487> and this solution will enable such use cases. WebView application risks Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications? None, fenced frames and shared storage are not currently supported on WebView Debuggability No additional capabilities required from dev tools Is this feature fully tested by web-platform-tests <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> ? No WPT tests will be written and submitted while working on this feature. Flag name on chrome://flags None yet Finch feature name None Non-finch justification None Requires code in //chrome? False Tracking bug https://bugs.chromium.org/p/chromium/issues/detail?id=1294933 Estimated milestones M124 Link to entry on the Chrome Platform Status https://chromestatus.com/feature/5072963051454464 -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CADAcp08mRm8fHwtizna364uOTXEBK9o3jj-0OwBONmfj9AUS2g%40mail.gmail.com.
