I won’t have time to write the Blink code but I’ll answer any technical questions and give you pointers to our implementation and test cases.
-
-
Replying to @johnwilander @marionpdaly
Do you plan to write interoperable specifications for any of the described features? Will Safari/WebKit change behaviour based on SDO-based discussions around those specifications?
2 replies 0 retweets 1 like -
Replying to @sleevi_ @marionpdaly
The first new web platform feature we proposed in this space was the Storage Access API. I presented it at TPAC 2017 and was attacked by Googlers and others to such a degree that I didn’t feel comfortable working with that community going forward. This year I’ll try again.
5 replies 0 retweets 10 likes -
Replying to @johnwilander @marionpdaly
Ryan Sleevi Retweeted John Wilander
What about the other stuff you listed in https://mobile.twitter.com/johnwilander/status/1140290102867812352 … ? And can you clarify attacked? Does that simply mean there was disagreement on the approach and proposal? Is that justification to ship things regardless?
Ryan Sleevi added,
1 reply 0 retweets 0 likes -
Replying to @sleevi_ @marionpdaly
Attacked == people grandstanding, taking turns at telling me ITP was bad although ITP was not the topic, telling me I was stupid, that sort of stuff. It’s by far the most hostile audience I’ve had at a technical presentation.
3 replies 1 retweet 3 likes -
When ITP came out I reached out to Chrome folks to ask when we could expect the same there. I was told I was stupid for even looking at ITP, and that of course Chrome would do something *much* better for privacy. (Still waiting!) I don't think John is exaggerating.
1 reply 1 retweet 8 likes -
No one should be calling you or anyone else stupid just for asking questions.
2 replies 0 retweets 9 likes -
Replying to @marionpdaly @robinberjon and
It was personal insults for proposing Storage Access API, a path for user-granted exceptions to ITP. Fortunately
@johnwilander has a thick skin but there’s only so much he should have to take.2 replies 0 retweets 5 likes -
Replying to @othermaciej @marionpdaly and
This may be in reference to my objections at the time? The API didn't (and still doesn't) wire up all storage (only cookies) and left many other APIs to fend for themselves (broadcast channel, no permissions API integration, etc. etc.). Notes here: https://www.w3.org/2017/11/06-webappsec-minutes.html#item11 …
3 replies 0 retweets 1 like -
Replying to @slightlylate @othermaciej and
From a pure consistency perspective, it remains astonishing that this hangs off of `document` (not navigator), is called `requestStorageAccess()` and only gives you cookies (takes no arguments to specify), and still doesn't integrate into the Permissions API
2 replies 0 retweets 0 likes
What I got from the conversation in '17 (perhaps I wasn't listening closely enough?) was "here's what we implemented and are going to ship, no we can't make changes". This is de-facto hostile to the iterative process that makes for good design. People were (and are) sensibly agog
-
-
Replying to @slightlylate @othermaciej and
We got some useful feedback on the Storage Access API after ~45 minutes of grandstanding and yelling on ITP, and integrated the feedback throughout the spring of 2018. We continue to get feedback and make changes, especially now that 2 out of 3 major engines have implemented.
1 reply 0 retweets 0 likes -
Replying to @johnwilander @slightlylate and
To be even more explicit, we will consider feedback and are still open to change. Further feedback welcome here:https://github.com/whatwg/html/issues/3338 …
1 reply 0 retweets 4 likes - 4 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
& Web Standards TL; Blink API OWNER
Named PWAs w/
DMs open. Tweets my own; press@google.com for official comms.
You need to land all the privacy protections in Blink first – Partitioned DOM Storage, partitioned ServiceWorkers, partitioned cache, the Storage Access API, capped expiry of client-side cookies, and URL decoration mitigations. 