https://wicg.github.io/document-isolation-policy/ #399
Labels
from: Google
Proposed, edited, or co-edited by Google.
topic: http
Spec relates to the HTTP (Hypertext Transfer Protocol) family of protocols
topic: security
venue: WICG
Proposal is incubated in the Web Incubator Community Group
WebKittens
@annevk
Title of the proposal
Document-Isolation-Policy
URL to the spec
https://wicg.github.io/document-isolation-policy/
URL to the spec's repository
https://github.com/WICG/document-isolation-policy
Issue Tracker URL
No response
Explainer URL
No response
TAG Design Review URL
w3ctag/design-reviews#995
Mozilla standards-positions issue URL
mozilla/standards-positions#1074
WebKit Bugzilla URL
No response
Radar URL
No response
Description
Developers want to build applications that are fast using SharedArrayBuffers (SAB), which can improve computation time by ~40%. But SharedArrayBuffers allow to create high-precision timers that can be exploited in a Spectre attack, allowing to leak cross-origin user data. To mitigate the risk, SharedArrayBuffers are gated behind crossOriginIsolation (COI). CrossOriginIsolation requires to deploy both Cross-Origin-Opener-Policy (COOP) and Cross-Origin-Embedder-Policy (COEP). Both have proven hard to deploy, COOP because it prevents communication with cross-origin popups, and COEP because it imposes restrictions on third-party embeds. Finally, the whole COOP + COEP model is focused on providing access to SharedArrayBuffers to the top-level frame. Cross-origin embeds can only use SABs if their embedder deploys crossOriginIsolation and delegates the permission to use COI-gated APIs, making the availability of SABs in third-party iframes very unreliable.
Document-Isolation-Policy, is proposing to solve these deployment concerns by relying on the browser Out-of-Process-Iframe capability. It will provide a way to securely build fast applications using SharedArrayBuffers while maintaining communication with cross-origin popups (needed for OAuth and payment flows) and not requiring extra work to embed cross-origin iframes. Finally, it will be available for embedded widgets as well as top-level frames, allowing to build efficient compute heavy widgets that are embedded across a variety of websites (e.g. photo library, video conference iframe, etc…).
The text was updated successfully, but these errors were encountered: