FYI Private State Token API Permissions Policy Default Allowlist Wildcard

こんにちは TAG-さん!

I'm requesting a TAG review of Private State Token API Permissions Policy Default Allowlist Wildcard.

Access to the Private State Token API is gated by Permissions Policy features. We proposed to update the default allowlist for both private-state-token-issuance and private-state-token-redemption features from self to * (wildcard).

Explainer: https://github.com/WICG/trust-token-api/blob/main/README.md
Specification: https://github.com/WICG/trust-token-api/pull/306
WPT Tests: https://github.com/web-platform-tests/wpt/tree/master/permissions-policy
User research: https://github.com/WICG/trust-token-api/issues/106
Security and Privacy self-review: https://docs.google.com/document/d/1KPa5OQtp-n6wmf5PTDNSd-pGP993sOtZfl0LbT5fopk/edit#heading=h.95atawj7yqzu
GitHub repo: https://github.com/WICG/trust-token-api/tree/
Primary contacts:
- @arichiv, Google Chrome
- @aykutbulut, Google Chrome
- @dvorak42, Google Chrome
- @krgovind, Google Chrome
Organization/project driving the specification: Google Chrome
Multi-stakeholder support:
- Chromium comments: https://issues.chromium.org/u/1/issues/353738486
- Mozilla comments: https://github.com/mozilla/standards-positions/issues/1066
- WebKit comments: https://github.com/WebKit/standards-positions/issues/391
Status/issue trackers for implementations: https://chromestatus.com/feature/5205548434456576

Further details:

[X] I have reviewed the TAG's Web Platform Design Principles
Relevant time constraints or deadlines: None
The group where the work on this specification is currently being done: WICG
Major unresolved issues with or opposition to this specification: None
This work is being funded by: Google Chrome

Past Evaluation: https://github.com/w3ctag/design-reviews/issues/414

w3ctag / design-reviews

FYI Private State Token API Permissions Policy Default Allowlist Wildcard #990