Design Review #1047

#1047: Early Design Review: Related Website Partition API

Opened Feb 4, 2025

Guten TAG! 🍻

I am requesting an early review for the Related Website Partition (RWP) API, an API which allows third-party embeds to maintain a consistent session only across related sites.

Related Website Sets (RWS) is an effort which aims to introduce a new privacy boundary on the web which allows sites to have access to their unpartitioned cross-site state when they are embedded on other related sites.

Some third-party SaaS developers embed their content on sites which are part of a Related Website Set and wish to maintain a continuous session across multiple sites within that set.

The Related Website Partition (RWP) API is a novel mechanism for providing 3P embeds access to a partitioned, non-cookie storage handle which allows them to continue a single session across multiple domains in the same RWS.

This handle would be available to embeds without prompting the user but is only restricted to activity within that particular RWS. RWS owners must opt into using this technology and may control which sites can use this API using Permissions Policy.

Explainer: https://github.com/explainers-by-googlers/related-website-partition-api
User research: N/A
Security & Privacy self-review: https://github.com/explainers-by-googlers/related-website-partition-api/blob/main/TAG-self-review-questionnaire.md
GitHub repo: https://github.com/explainers-by-googlers/related-website-partition-api
Primary contacts (and their relationship to the specification):
Dylan Cutler (@DCtheTall, Google Chrome, author) Ari Chivukula (@arichiv, Google Chrome, contributor)-
Organization/project driving the design: Google Chrome
External status/issue trackers for this feature (publicly visible, e.g. Chrome Status): https://chromestatus.com/feature/5184475929247744

Further details:

[x] I have reviewed the TAG's Web Platform Design Principles

The group where the incubation/design work on this is being done (or is intended to be done in the future): PrivacyCG
The group where standardization of this work is intended to be done ("unknown" if not known): unknown
Existing major pieces of multi-implementer review or discussion of this design:
Initial public proposal: https://github.com/WICG/first-party-sets/issues/94#issuecomment-2138292885
Major unresolved issues with or opposition to this design: None so far
This work is being funded by: Google

Discussions

Discussed Mar 1, 2025 (See Github)

Lola: unsure how it relates to first party sets (related websites)... Where removing the third party relationship between domains... it makes sense for amazon ... but for the user does that make sense...

Dan: seems like first party sets keep coming back ...

Lola: as a user you're in site a... that lets you go to site b for customer service... so you want to maintain the support connection.. shouldn't be any accepting permissions or starting a new chat... you could just ask the user ...

Martin: ... navigation tracking ...

Lola: they offer alternatives... and make those seem bad...

Sarven: question / concern: ti sounds like like there's a concern around phishing attacks... if you can fool the user it looks like site A but they are really on site B. And they've granted information from the actual authoritative site... E.g. amazon.com and amazon.co.uk ... if the fake one is not actually owned but looks visually similar....

Lola: there is a "set of sites" and ownership of those sites belong

Dan: is it a bi-directional thing?

Martin: no it's on github... As a procedural note - we've agree to decline extentions to things that we don't think are good. We should therefore decline to review.

Proposed:

We reviewed RWS, twice (link). We were not satisfied with that design. We will decline to review this as long as it does not address the issues we raised earlier. Also: Can we flip our resolution on RWS to "resolution: object" to reflect the strength of our position.

ACTION: Dan to review and see if I concur that it should be declined.

Discussed Apr 1, 2025 (See Github)

Lola: I drafted a comment, as discussed in B.

Hadley: Would Jeffrey be happy with this? I'm concerned that he might not be happy with resolved:unsatisfied because it's not that different to resolved:objection.

Lola: From yesterday's discussion we talked about the differences between the two and agreed unsatisfied was appropriate because RWS was marked unsatisfied. Object felt too harsh.

Hadley: Okay

Lola: I can double check in Slack with Jeffrey.

Discussed Apr 1, 2025 (See Github)

Dan Applequist will re-review this again
Feels similar to First Party Sets, Related Website Sets
- But is distinct from these
Suggest we don't block on Dan's re-review
~~Let's say we're not doing a review on this~~
- Decline meaning we don't object nor endorse
- But we do have an opinion that this shouldn't happen
  - So we will do a review!
lolaodelola did do a review for this
- Suggest making it the same resolution as the related website sets / first party sets
- This can't exist without related website sets, this seems to be an addendum to that
- Doesn't see how Partitions makes Related Website Sets better
- Alternatives such as extended storage APIs seem more interesting
- lolaodelola to draft a comment in the brainstorming thread

Discussed Apr 1, 2025 (See Github)

Matthew: It's closed, thank you Lola!

Comment by @lolaodelola Apr 16, 2025 (See Github)

Hi folks, thank you for this proposal. Related Website Partition API has a dependency of Related Website Sets (RWS) which we resolved to unsatisfied.

This API requires RWS but doesn't improve the design or functionality of RWS for web users, it extends a platform feature that has known defects, without considering how to address those defects. For that reason we will also be resolving this proposal as unsatisfied.