Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consider making permission defaults * instead of self #306

Merged
merged 1 commit into from
Nov 8, 2024
Merged

Consider making permission defaults * instead of self #306

merged 1 commit into from
Nov 8, 2024

Conversation

arichiv
Copy link
Contributor

@arichiv arichiv commented Sep 9, 2024
edited by pr-preview bot
Loading

Not asking for review of this yet, but posting here for consideration as part of #106

Preview | Diff

@arichiv
Consider making permission defaults * instead of self
34ca12a 
Not asking for review of this yet, but posting here for consideration as part of WICG#106
This was referenced Sep 9, 2024
Open
Closed
Closed
@anderagakura
Copy link

Trying to understand the blink discussion, the Issue 990 design revue in w3ctag and the privacy side :

  • In case of the user denies giving consent to X vendors / tech via the CMP (Consent Management Platform), will the token be shared cross site if a wildcard is set anyway? The question also works with the Global privacy control
  • Is there a way to prevent any adtech to redeem the token to display an ads anywhere outside? (But I think this question is already in the blink discussion)
  • Not related but somehow related, if the token is considered First party tracking (Potential risk noted in the spec) then combined with the wildcard, you have a cross site tracking : How to prevent that?

@arichiv
Copy link
Contributor Author

arichiv commented Oct 31, 2024

I replied in the blink-dev thread: https://groups.google.com/a/chromium.org/g/blink-dev/c/5jI8kLLdIFw/

fwadnjar142
fwadnjar142 suggested changes Nov 6, 2024
View reviewed changes
Copy link

@fwadnjar142 fwadnjar142 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

On Tue, Nov 5, 2024 at 3:55 PM 'Theodore Olsauskas-Warren' via blink-api-owners-discuss < [email protected] > wrote:

Hi Blink API Owners,

I'm reaching out in regards to the Private
State Tokens permission policy change I2P&S that was sent to blink-dev.

I don't see any unactioned feedback or outstanding questions on the
thread, and so I believe we are now blocked on API owner LGTMs.

Hoping this email serves as the trigger for you all to take another look.

Theo.

--

Theodore Olsauskas-Warren

Software Engineer

[email protected]

--
You received this message because you are subscribed to the Google Groups
"blink-api-owners-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to [email protected].
To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-api-owners-discuss/CA%2B0Xr7_R4TNO9OFpC26m-sA9mWabLZUsZKinhrkMBJid6qgG0w%40mail.gmail.com
.

--
You received this message because you are subscribed to the Google Groups "blink-api-owners-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [email protected].
To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-api-owners-discuss/CA%2BN6QZsXkZYTEAz_%3Da%2BWbwMxEzokuLMBGsWwG%3DWy_ToJrJr6gQ%40mail.gmail.com.

@aykutbulut aykutbulut merged commit 8d6ca18 into WICG:main Nov 8, 2024
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fwadnjar142 fwadnjar142 fwadnjar142 requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@arichiv @anderagakura @fwadnjar142 @aykutbulut