Use Permissions Policy instead of sameOriginWithAncestors

See rationale here: #233 (comment)
w3c-fedid · Aug 4, 2022 · 7094b1a · 7094b1a
1 parent 33a1bac
commit 7094b1a
Showing 1 changed file with 30 additions and 5 deletions.
diff --git a/spec/index.bs b/spec/index.bs
@@ -1053,18 +1053,18 @@ This [=internal method=] accepts three arguments:
     ::  This argument is a Boolean value which is [TRUE] if and only if the
          caller's [=environment settings object=] is
          [=same-origin with its ancestors=]. It is [FALSE] if caller is cross-origin.
+
+        Note: Invocation of this [=internal method=] indicates that it was allowed by
+        [=permissions policy=], which is evaluated at the [[!CREDENTIAL-MANAGEMENT-1]] level.
+        See [[#permissions-policy-integration]]. As such, |sameOriginWithAncestors| is unused.
+
 </dl>
 
 NOTE: This algorithm is currently out of date and will be updated to match the
 examples.
 
 When this method is invoked, the user agent MUST execute the following algorithm:
 
-  1.  If <var ignore>sameOriginWithAncestors</var> is `false`, return a
-      "{{NotAllowedError}}" {{DOMException}}.
-
-      Note: This restriction aims to address the concern raised
-      in [[Security-Origin-Confusion]].
   1.  Assert: |options|["{{CredentialRequestOptions/federated}}"]["{{FederatedCredentialRequestOptions/providers}}"] [=map/exists=].
   1.  Assert: |options|["{{CredentialRequestOptions/federated}}"]["{{FederatedCredentialRequestOptions/providers}}"] [=list/size=] is 1.
 
@@ -1375,6 +1375,27 @@ Note: go over how this is implemented.
 
 Note: go over how we are planning to deal with backwards compatibility.
 
+<!-- ============================================================ -->
+# Permissions Policy Integration # {#permissions-policy-integration}
+<!-- ============================================================ -->
+
+FedCM defines a [=policy-controlled feature=] identified by the string `"fedcm"`.
+Its [=default allowlist=] is `"self"`.
+
+A {{Document}}’s [=Document/permissions policy=] determines whether any content
+in that document is allowed to obtain a credential object using the [[#browser-api-federated-credential|Browser API]].
+Attempting to invoke <code><a idl for="CredentialsContainer" lt="get()">navigator.credentials.get({federated:..., ...})</a></code>
+in documents that are not [=allowed to use=] the `"fedcm"` feature will result
+in [=a promise rejected with=] a "{{NotAllowedError}}" {{DOMException}}.
+
+This restriction can be controlled using the mechanisms described in [[PERMISSIONS-POLICY]].
+
+Note: Algorithms specified in [[!CREDENTIAL-MANAGEMENT-1]] perform the actual
+permissions policy evaluation. This is because such policy evaluation needs to
+occur when there is access to the [=current settings object=]. The [=internal method=]s
+modified by this specification do not have such access since they are invoked [=in parallel=]
+by {{CredentialsContainer}}'s <a abstract-op>Request a `Credential`</a> abstract operation.
+
 <!-- ============================================================ -->
 # Security # {#security}
 <!-- ============================================================ -->
@@ -2021,6 +2042,10 @@ Note: write down the Acknowledgements section.
     "href": "https://openid.net/developers/specs/",
     "title": "OpenID"
   },
+  "PERMISSIONS-POLICY": {
+    "href": "https://w3c.github.io/webappsec-permissions-policy",
+    "title": "Permissions Policy"
+  },
   "PRINCIPLES": {
     "href": "https://w3ctag.github.io/design-principles",
     "title": "Web Platform Design Principles"