Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Early Design Review: Partitioned Popins #956

Open
1 task done
arichiv opened this issue May 14, 2024 · 2 comments
Open
1 task done

Early Design Review: Partitioned Popins #956

arichiv opened this issue May 14, 2024 · 2 comments

Comments

@arichiv
Copy link

arichiv commented May 14, 2024

こんにちは TAG-さん!

I'm requesting a TAG review of Partitioned Popins.

A new web primitive is needed to cover short-lived popup use cases which require access to storage partitioned by the popup opener. This primitive should be private and secure by default, while providing a consistent UI experience across user agents. To solve this need, we propose the “Partitioned Popin”, a type of pop-up for loading web content with two unique new features: a modal-like UI relative to its opener tab and cookies/storage being partitioned to its opener context.

Further details:

  • I have reviewed the TAG's Web Platform Design Principles
  • The group where the incubation/design work on this is being done (or is intended to be done in the future): PrivacyCG
  • The group where standardization of this work is intended to be done ("unknown" if not known): PrivacyCG
  • This work is being funded by: Google Chrome
@torgo
Copy link
Member

torgo commented Nov 11, 2024

The W3C TAG has discussed this proposal and I took an action last week to summarize some of the key points, which I am late on performing - apologies for that. Here are a couple of key points from our discussion:

  • Regarding the potential for User Confusion: While UX solutions have been proposed, the effectiveness of these designs in clearly communicating the partitioned nature of identities and data access across origins remains uncertain. Do you have user testing studies that you can share with us which might show how this approach can safeguard against potential user confusion or use in deceptive patterns?

  • Regarding Non-JS Communication Alternatives: We noted that the main advantage of Partitioned Popins seems to be allowing secure communication without JavaScript. It may be worth investigating if this benefit can be achieved without the complexities of this approach, such as through a dedicated API or secure post-message alternative that maintains privacy and security integrity.

  • We'd like to suggest expanding & clarifying the description of the use case in the explainer.

@plinss plinss removed this from the 2024-11-11-week milestone Nov 18, 2024
@plinss plinss added the Progress: pending external feedback The TAG is waiting on response to comments/questions asked by the TAG during the review label Nov 18, 2024
@johannhof
Copy link

Thanks for the feedback @torgo.

  • Regarding the potential for User Confusion: While UX solutions have been proposed, the effectiveness of these designs in clearly communicating the partitioned nature of identities and data access across origins remains uncertain. Do you have user testing studies that you can share with us which might show how this approach can safeguard against potential user confusion or use in deceptive patterns?

We are working on this with our UX team and I very much expect them to measure user understanding of the UI that we design for Popins in Chrome. It should be noted that a big motivator for this work comes from the potential user confusion from partitioning traditional popups, which is something we'd like to avoid. We believe that it can only be avoided by introducing a new UI paradigm, and this proposal builds the technical underpinnings for that. There is bound to be some level of uncertainty as we explore this space (it's a bit of a chicken and egg problem, we have to invent and prototype new designs to really measure their effect on users), but I want to make it clear that avoiding user confusion is a key goal for this effort.

  • Regarding Non-JS Communication Alternatives: We noted that the main advantage of Partitioned Popins seems to be allowing secure communication without JavaScript. It may be worth investigating if this benefit can be achieved without the complexities of this approach, such as through a dedicated API or secure post-message alternative that maintains privacy and security integrity.

Can you elaborate on "the complexities of this approach", i.e. what is the complexity? I'm not sure how leveraging access to partitioned cookies, which are a simple and secure mechanism (which "maintains privacy and security integrity") and already widely adopted by the ecosystem would be inferior to the development of a new dedicated API.

@jyasskin jyasskin added Progress: in progress and removed Progress: pending external feedback The TAG is waiting on response to comments/questions asked by the TAG during the review labels Nov 26, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

8 participants