Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Should deviceId be partitioned by top level origin and document origin #598

Closed
youennf opened this issue May 23, 2019 · 5 comments · Fixed by #674
Closed

Should deviceId be partitioned by top level origin and document origin #598

youennf opened this issue May 23, 2019 · 5 comments · Fixed by #674
Assignees
Labels
PR exists privacy-tracker Group bringing to attention of Privacy, or tracked by the Privacy Group but not needing response.

Comments

@youennf
Copy link
Contributor

youennf commented May 23, 2019

WebKit is currently partitioning deviceId by top level origin and document origin to prevent tracking. On going work is done to define such kind of partitioning for the HTTP cache and there are thoughts to extend it to other types of storage like service workers and IDB.

@alvestrand
Copy link
Contributor

Firefox used to use double keying (top level & document) for permissions. The spec was written to permit both patterns to be conformant. I believe double keying has been abandoned by all - instead, we changed the default delegation to cross-origin iframes to "block" - one has to explicitly delegate permissions to an iframe if you want it to be able to use the invoker's permissisons.

I'm not sure I understand the implications of double keying on device ID - would that mean that a conferencing app that opened in an iframe on multiple sites would be unable to store device IDs between sessions on different top level origins?

@youennf
Copy link
Contributor Author

youennf commented May 23, 2019

Agreed for permissions. WebKit is requesting decision on behalf of the top level origin, which is the one the user is most aware of.

For device ID, that would mean that a conferencing app opened in an iframe on multiple sites would see different device IDs for the same device. This makes most sense if you partition other storages like IDB.

Ideally, a partitioning concept would be defined for HTTP cache and other storages and we would just need to adopt it in this spec. I filed this issue to not forget about it and since we are touching deviceId definition in #587.

@alvestrand
Copy link
Contributor

At the moment, no change in the spec seems required.

@alvestrand
Copy link
Contributor

Repurposing the "Icebox" label for things that we might want to look at sooner or later due to things changing in the larger Web environment, but no change to spec needed at this time.

@alvestrand
Copy link
Contributor

Since this was re-raised by PING at TPAC 2019, and the resolution of the group seemed to be that this change was warranted, I'm taking "icebox" off again.

The relevant (proposed) privacy principle is here:

https://github.com/michaelkleber/privacy-model#identity-is-partitioned-by-first-party-site

@alvestrand alvestrand removed the Icebox label Sep 26, 2019
@wseltzer wseltzer added privacy-tracker Group bringing to attention of Privacy, or tracked by the Privacy Group but not needing response. and removed privacy-tracker Group bringing to attention of Privacy, or tracked by the Privacy Group but not needing response. labels Feb 10, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
PR exists privacy-tracker Group bringing to attention of Privacy, or tracked by the Privacy Group but not needing response.
Projects
None yet
4 participants