#779: Cookies Having Independent Partitioned State (CHIPS) specification review

Visit on Github.

Opened Oct 19, 2022

Wotcher TAG!

I'm requesting a TAG review of CHIPS.

Given that browsers plan on deprecating or already have deprecated unpartitioned third-party cookies, we want to give developers the ability to use cookies in cross-site contexts that are partitioned by top-level site to meet cookie use cases that are not cross-site tracking related (e.g. SaaS embeds, headless CMS, sandbox domains, etc.). In order to do so, we introduce a mechanism to opt-in to having their third-party cookies partitioned by top-level site using a new cookie attribute, Partitioned.

Further details:

  • I have reviewed the TAG's Web Platform Design Principles
  • Relevant time constraints or deadlines: N/A
  • The group where the work on this specification is currently being done: Google / Privacy Sandbox
  • The group where standardization of this work is intended to be done (if current group is a community group or other incubation venue): PrivacyCG
  • Major unresolved issues with or opposition to this specification: N/A
  • This work is being funded by: Google

You should also know that...

Early review of CHIPS concluded that CHIPS was privacy positive.

We'd prefer the TAG provide feedback as (please delete all but the desired option):

🐛 open issues in our GitHub repo for each point of feedback

Discussions

Discussed Oct 24, 2022 (See Github)

Sangwhan: late review, more concrete proposal without FPS

Amy: will look at this later this week, [bumps milestone]

Discussed Oct 31, 2022 (See Github)

Dan: leaves comment asking for further info.

Amy: Finds Mozilla Standards Position and Webkit position.

Dan: Let's re-review at the plenary.

Comment by @torgo Nov 1, 2022 (See Github)

Hi @DCtheTall thanks for this - we're happy to do another look and provide feedback. Can you please point us to a list of changes that have happened to the spec since the previous review, or otherwise let us know what those have been? Can you also provide some additional evidence on multi-stakeholder support? We're specifically looking for support / interest from other browsers and browser engine makers. Thanks! ✨

Comment by @torgo Nov 1, 2022 (See Github)

Follow-up: we found: Mozilla Standards Position and Webkit position

Comment by @johannhof Nov 4, 2022 (See Github)

Hi @torgo, thank you for taking another look! This is the list of substantial changes from the previous proposal:

  • The Partitioned attribute no longer requires the __Host- prefix or its required attributes. The Secure requirement remains. See https://github.com/privacycg/CHIPS/issues/30
  • We are changing the per-partition-per-domain limit to be based on the total size (in bytes) of the cookies set by a domain in a particular partition in addition to the number of cookies. We intend to impose a limit of 10 KB per-embedded-site, per-top-level-site and increase the numeric limit from 10 to 180. See https://github.com/privacycg/CHIPS/issues/48
  • For sites embedded in top-level domains that are in a First-Party Set, their cookies' partition key will no longer be the owner domain of that set. Rather, the partition key will always be the top-level domain that the cookie was created on. See https://github.com/privacycg/CHIPS/pull/44
Discussed Nov 14, 2022 (See Github)

Dan: they gave us a list of substantive changes.

Reviewing https://github.com/privacycg/CHIPS/issues/30

Dan: Seems resolved.

Reviewing https://github.com/privacycg/CHIPS/issues/48

Amy: Major credit for all the stakeholder involvement here. Seems really good..

Dan: after reviewing these and the removal of the dependency on first party sets my instinct is to close this...

Amy: Ask Privacy sandbox people to fill out the societal impacts questionnaire?

Dan: As beta testers?

Amy: Yes.

Dan: good idea.

Amy: They have yet to update their answers to the security & privacy questionnaire. I'll leave a comment asking for this and indicating we'll close [positively] after that.

Dan: +1

Comment by @rhiaro Nov 15, 2022 (See Github)

Thanks for that information @johannhof that's really helpful. In general we're in favour of the trajectory of the spec, and appreciate seeing the thoughtful discussions you're having with other stakeholders.

I note that the Security and Privacy questionnaire hasn't been updated in line with the changes you've made. Eg. it says:

In order to prevent PII from leaking, this proposal requires that cookies which use the Partitioned attribute also have the __Host- prefix.

Are you able to do a pass and update this please?

Comment by @DCtheTall Nov 21, 2022 (See Github)

Good catch, thanks @rhiaro!

I have uploaded a PR to update the S&P questionnaire.

Discussed Nov 28, 2022 (See Github)

Amy: they've updated the privacy & Security questionnaire but it's still not up to date with the spec (they missed a bit about PII). I'm reviewing the moz standards position as well. Maybe we should close with satisfied?

Dan: Leave the comment and we can discuss it at the plenary and hopefully close based on their feedback. sets to proposed closed

Comment by @rhiaro Nov 29, 2022 (See Github)

Thanks @DCtheTall - is 2.3 in the S&P questionnaire also affected?

Comment by @torgo Dec 6, 2022 (See Github)

@DCtheTall thanks for posting these updates. We're going to go ahead and close this one. Please feed back here on the Security & Privacy Questionnaire responses that @rhiaro mentioned when you can.