-
Notifications
You must be signed in to change notification settings - Fork 16
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Should we use sites (i.e. registrable domains) or origins? #51
Comments
The linked advice is specifically for security decisions, whereas I haven't seen such authoritative advice for privacy decisions, so your analysis makes sense to me @richajaindce. |
This was referenced Mar 16, 2023
richajaindce
changed the title
Should we use sites (i.e. registrable domains) or secure origins?
Should we use sites (i.e. registrable domains) or origins?
Mar 17, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Based on our understanding, the web platform features have moved towards scoping on origin as compared to the site. This has been called out as a Warning in the HTML standard doc under “Site section”
For IPA, there are two places where we need to make this choice:
Match Key Providers
When a match key is set, we propose using the origin. Correspondingly, when calling
getEncryptedMatchKey()
, the first argument to that method is the “match key provider”. This should also be an origin.Storage of encrypted match key values
The return value of
getEncryptedMatchKey()
should be consistent for a given site (for a given epoch). The User-Agent should compute the value once and store it to be returned on subsequent calls. Unfortunately, here we cannot use origin and must use site. There are a few reasons for this:The text was updated successfully, but these errors were encountered: