Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can we more formally define the "Permission Store" #384

Closed
annevk opened this issue Oct 6, 2022 · 6 comments
Closed

Can we more formally define the "Permission Store" #384

annevk opened this issue Oct 6, 2022 · 6 comments
Assignees
@johannhof

Comments

@annevk
Copy link
Member

annevk commented Oct 6, 2022

And acknowledge that permissions are origin-bound. The specification is tiptoeing around this a bit and I (still) think it would be better if it didn't.

@jyasskin you thought differently from me I recall, but enough time has passed that we can maybe discuss it again.

Having permissions explicitly stored and them having a key would also help us define Storage Access in terms of Permissions: privacycg/storage-access#121.
@jyasskin
Copy link
Member

jyasskin commented Oct 6, 2022

I'll defer to the Chrome Permissions team, led by @engedy. I think I was concerned about giving UAs enough space to innovate in the permissions space, which a rigorous definition in terms of "store X; delete Y" might cause problems for. But if our permissions folks aren't worried, neither am I.

@annevk
Copy link
Member Author

annevk commented Oct 7, 2022

Thanks! I hope that the ample wiggle room we have now before you reach the store suffices. And it would help to have the boundary firmly established somewhere, both for implementers (I was reading the text again yesterday with someone and it is rather opaque as to what you actually have to do) and for features such as Storage Access.

@johannhof
Copy link
Member

Yup, to be clear, for Storage Access we are in fact considering a different storage key than plain origin (origin + top-level site), so some freedom in the form of a "key" concept would be good. I agree with Anne though that the current vagueness makes it a bit harder to be sure that dependant specs are well understood by implementors.

@marcoscaceres
Copy link
Member

Discussed with @miketaylr and yeah, we should add this. Right now permissions are not bound to anything so it would good to tie them to an origin-bound to some global "permissions store".

@annevk, what (conceptual) functionality should the permission store provide? Do you need "CRUD" permissions from the other spec?

@annevk
Copy link
Member Author

annevk commented Oct 14, 2022

I'm not familiar with "CRUD". What the Storage Access API needs is the ability to use a key that is different from origin (it wants (top-level site, origin). So I think ideally the various ways of setting and obtaining a permission take an optional key Storage Access API can decide upon.

Alternatively, we hardcode "storage-access" as a double-keyed permission. That might have the advantage that the WebDriver API would be simpler to use, although I'm not super familiar so we'd have to go through that to be sure.

@miketaylr
Copy link
Member

(CRUD = create, read, update, delete)

@johannhof johannhof self-assigned this Oct 20, 2022
@miketaylr miketaylr mentioned this issue Oct 23, 2022
Open
johannhof added a commit to johannhof/permissions that referenced this issue Nov 11, 2022
@johannhof
WIP: Define a permission store (closes w3c#384)
829d3f9
johannhof added a commit to johannhof/permissions that referenced this issue Nov 29, 2022
@johannhof
WIP: Define a permission store (closes w3c#384)
c9a15cc
github-actions bot added a commit that referenced this issue Dec 9, 2022
@johannhof @github-actions
Define a permission store (closes #384) (#390)
e4107d2 
SHA: f3b9273
Reason: push, by johannhof

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@johannhof johannhof

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@miketaylr @jyasskin @marcoscaceres @annevk @johannhof