Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Forward Declared Storage Access API proposal #524

Open
wants to merge 6 commits into
base: main
Choose a base branch
from

Conversation

hpsin
Copy link

@hpsin hpsin commented Oct 1, 2021

@Brandr0id for initial review, then Firefox/WebKit folks and Identity folks.

- Considering prior user decisions for access requests.
- Disallowing repeated access prompts.
- Auto-approving access (without a prompt) if the browser has sufficient signals about a positive relationship, such as a high site-engagement score.
- Change Chromium's default behavior.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Both Goals and Non-Goals feel like they're from the existing SAA proposal? :)

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep, although goals should likely reflect the desire to handle this particular use pattern specifically. We're not looking to mess with existing SAA meaning or heuristics, just calling patterns.

- https://github.com/privacycg/storage-access/issues/83

## Usage
If a website will redirect to an identity provider, with the knowledge that is will later load that identity provider as third-party content that requires access to its first-party storage, the Forward Declared Storage Access API provides a mechanism for the identity provider to request that access while it is accessed in a first-party context. Both the website and the IDP must call an API to unblock this scenario.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
If a website will redirect to an identity provider, with the knowledge that is will later load that identity provider as third-party content that requires access to its first-party storage, the Forward Declared Storage Access API provides a mechanism for the identity provider to request that access while it is accessed in a first-party context. Both the website and the IDP must call an API to unblock this scenario.
If a website will redirect to an identity provider, with the knowledge that it will later load that identity provider as third-party content that requires access to its first-party storage, the Forward Declared Storage Access API provides a mechanism for the identity provider to request that access while it is accessed in a first-party context. Both the website and the IDP must call an API to unblock this scenario.

};
```

#### document.allowStorageAccessOnSite(Url)

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this should be called allowStorageAccessRequestOnSite or something like that, since we only want to allow the request.

Coming up with precise but concise names for these is hard :|

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah yes, of course that's better.

var redirectUri = new URL(params.get("redirect_uri"));

if(document.hasStorageAccessForSite(redirectUri.origin)){
return; // No need to prompt.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Doesn't this return prevent the redirect below? :)

}

document.requestStorageAccessForSite(redirectUri.origin);
window.location.href = redirectUri + authenticationParameters;

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think that this call to requestStorageAccessForSite would need to await a successful resolution before performing the redirect

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, I'm not fully sure if it does return a promise or not. Non modal doesn't seem to work here, so a promise that resolves per storage access/60 is maybe best option?

- Immediately prior to the redirect, example.site will indicate that it expects federatedid.site to request Storage Access, by calling document.allowStorageAccessOnSite("federatedid.site")
- After the user authenticates at federatedid.site, federatedid.site will request Storage Access for later, when it is embedded within example.site, by calling document.requestStorageAccessForSite("example.site")
- The user will observe the prompt, and either accept or reject the prompt. No promise is provided to federatedid.site to detect how the user has answered.
- If federatedid.site does not immediately redirect to example.site, after showing the prompt, the permission will not be granted between the two sites.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need to define "immediately" here or drop this requirement

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Browser defined with a general expectation of five seconds?

ForwardDeclaredStorageAccessAPI/explainer.md Outdated Show resolved Hide resolved
ForwardDeclaredStorageAccessAPI/explainer.md Outdated Show resolved Hide resolved
ForwardDeclaredStorageAccessAPI/explainer.md Outdated Show resolved Hide resolved
ForwardDeclaredStorageAccessAPI/explainer.md Outdated Show resolved Hide resolved
hpsin and others added 4 commits October 18, 2021 18:47
Co-authored-by: Lorenz Nickel <lorenz.nickel@gmx.net>
Co-authored-by: Lorenz Nickel <lorenz.nickel@gmx.net>
Co-authored-by: Lorenz Nickel <lorenz.nickel@gmx.net>
Co-authored-by: Lorenz Nickel <lorenz.nickel@gmx.net>
@travisleithead
Copy link
Contributor

Update from @erik-anderson: there's still ongoing discussion about this. Will see about reviewing and potentially landing this PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants