Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fenced frames #173

Open
domfarolino opened this issue Apr 18, 2023 · 3 comments
Open

Fenced frames #173

domfarolino opened this issue Apr 18, 2023 · 3 comments
Assignees
Labels
blocked Coming to a position is blocked on issues identified with the spec or proposal. from: Google Proposed, edited, or co-edited by Google. topic: html Spec relates to HTML (Hypertext Markup Language) topic: loading topic: markup Spec relates to markup: elements, attributes, etc topic: privacy topic: security venue: WICG Proposal is incubated in the Web Incubator Community Group

Comments

@domfarolino
Copy link

WebKittens

No response

Title of the spec

Fenced frames

URL to the spec

https://wicg.github.io/fenced-frame/

URL to the spec's repository

https://github.com/wicg/fenced-frame

Issue Tracker URL

No response

Explainer URL

https://github.com/WICG/fenced-frame/tree/master/explainer

TAG Design Review URL

w3ctag/design-reviews#735

Mozilla standards-positions issue URL

mozilla/standards-positions#781

WebKit Bugzilla URL

No response

Radar URL

No response

Description

Fenced frames is a framing isolation primitive designed for maximum isolation between a frame and its embedder, between which no communication is allowed. Compared with iframes, this entails a similar visual experience but radically different processing model. A fenced frame is therefore suitable for (but not required to) hosting cross-site data which must not be joined across contexts. Please note that while the motivation for fenced frames is in part fueled by FLEDGE and Shared Storage, this proposal is entirely independent and stands on its own, and is to be evaluated as such. It can indeed be used independent of those APIs.

Please note two things:

  1. At the time of filing this, the spec is a work in progress
  2. Due to the inevitably cross-cutting nature of fenced frames, the explainer layout is vast. Above, we've linked to an explainer folder in our repository where mini explainers for various components of our proposal live, such as integration with general web platform concepts, discussion about existing networking side-channels that our proposal will evolve to cover, and the various use-cases for fenced frames, including the aforementioned FLEDGE and Shared Storage proposals.

/cc @shivanigithub

@hober hober added topic: html Spec relates to HTML (Hypertext Markup Language) topic: markup Spec relates to markup: elements, attributes, etc topic: loading topic: privacy topic: security venue: WICG Proposal is incubated in the Web Incubator Community Group from: Google Proposed, edited, or co-edited by Google. labels Apr 26, 2023
@hober hober moved this from Unscreened to Needs position in Standards Positions Review Backlog Apr 26, 2023
@annevk
Copy link
Contributor

annevk commented Jun 9, 2023

It can indeed be used independent of those APIs.

If I understand things correctly you need a config-generating API in order to be able to use a fenced frame and those APIs are the only config-generating APIs that exist.

That would mean this is blocked on #158 or #10, neither of which I suspect we'll end up positive on.

Is there another config-generating API or am I misunderstanding the setup?

@shivanigithub
Copy link

Thanks @annevk for your question.

At the moment, yes, 158 and 10 are the config-generating APIs. However, going forward we are planning to add additional use cases for fenced frames, one of them being personalized payment buttons : see issue and supporting comment from the ecosystem.

Additionally, the implementation also supports a way of testing fenced frames (issue) without invoking the currently supported config generating APIs. It's behind a flag which when enabled allows creating a FencedFrameConfig object using a url.

Please let us know if there are more follow up questions.

@annevk annevk added the blocked Coming to a position is blocked on issues identified with the spec or proposal. label Jun 9, 2023
@shivanigithub
Copy link

Thanks @annevk for your question.

At the moment, yes, 158 and 10 are the config-generating APIs. However, going forward we are planning to add additional use cases for fenced frames, one of them being personalized payment buttons : see issue and supporting comment from the ecosystem.

As an update, we've created the TAG review for fenced frames accessing local unpartitioned data here, which is the proposal that will support personalized payment buttons use case: w3ctag/design-reviews#975
The use cases explainer document is also updated to include this functionality.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
blocked Coming to a position is blocked on issues identified with the spec or proposal. from: Google Proposed, edited, or co-edited by Google. topic: html Spec relates to HTML (Hypertext Markup Language) topic: loading topic: markup Spec relates to markup: elements, attributes, etc topic: privacy topic: security venue: WICG Proposal is incubated in the Web Incubator Community Group
Projects
Development

No branches or pull requests

7 participants
@hober @johnwilander @cdumez @annevk @domfarolino @shivanigithub and others