Cross-site cookies standardization

privacycg / meetings

Agenda and minutes of meetings of the Privacy Community Group

https://privacycg.github.io

94 stars 21 forks source link

Cross-site cookies standardization #16

Closed annevk closed 2 years ago

annevk commented 2 years ago

As discussed in the last call it would be good to sort out our collective story around cookies. Tentative agenda for a dedicated meeting:

Are the usual cross-site cookies "blocked" or "partitioned"?
Do we need opt-in partitioned cookies? And if so, through CHIPS or requestStorageAccess(), or something else?
How do we organize standardization?
Interaction of cross-site cookies and SameSite=None.
Ephemeral partitioned third-party storage (including cookies) by Brave: https://github.com/privacycg/proposals/issues/18.

krgovind commented 2 years ago

Speaking on behalf of Chrome, we'd be interested in this discussion.

hober commented 2 years ago

How about the 5th Thursday of March (March 31st), in our usual telcon time slot? @annevk

annevk commented 2 years ago

Works for me!

bc-pi commented 2 years ago

Will March 31st be put on the calendar? https://www.w3.org/groups/cg/privacycg/calendar

krgovind commented 2 years ago

@annevk - If we have room on the agenda, would you be open to also discussing on the interaction of cross-site cookies and SameSite=None? I think the behavior of the "Block third-party cookies" setting varies subtly across browsers, so it would be great to understand how they vary and whether it's possible to align.

annevk commented 2 years ago

@krgovind sounds good, added that to OP.

TanviHacks commented 2 years ago

Due to some unforeseen schedule conflicts, we need to postpone this. We are planning to use our regular Thursday, April 14th teleconference for this ad hoc. Sorry about the last minute change!

samuelweiler commented 2 years ago

This has been rescheduled for 14 April 2022.

erik-anderson commented 2 years ago

This has again been rescheduled. We'll now discuss this during our April 28th call.

annevk commented 2 years ago

The minutes are now live at https://github.com/privacycg/meetings/blob/main/2022/telcons/04-28-minutes.md thanks to @hober. A follow-up meeting has been proposed in #19. I also followed up with the IETF in https://github.com/httpwg/http-extensions/issues/2084 and https://github.com/privacycg/storage-partitioning/pull/30 updates our Storage Partitioning document with relevant pointers. With that I'm closing this issue.

Thanks everyone for participating and also to the chairs for taking care of most things, including rescheduling this more than once!