Design Review #195

#195: ReportingObserver

Opened Sep 13, 2017

Hello TAG!

This is early, but new blink launch guidelines include asking for TAG feedback early. At this stage I wouldn't recommend reviewing the spec in detail - it's still under review with spec editors. But I'd at least appreciate a look at the explainer / use cases (and spec review is great too - but to avoid wasting your time I can ping again when it has actually landed).

This is part of "Reporting API" being driven by @mikewest which I don't see a TAG review request for yet. I'm personally working only on the JS interface in ReportingObserver and believe the two halves (HTTP vs. JS APIs) are largely separable and independently shippable. But if you prefer to treat this as a TAG review for all of Reporting that's fine with me too.

I'm requesting a TAG review of:

Name: ReportingObserver
Specification URL: WIP: PR, draft.
Explainer, Requirements Doc, or Example code: Explainer
Tests: Work in progress (will land with spec changes)
Primary contacts: @rbyers @patrickkettner @paulmeyer90 @igrigorik @mikewest

Further details (optional):

Relevant time constraints or deadlines: Being implemented in Chromium, aiming to ship sometime in Q4
I have read and filled out the Self-Review Questionnare on Security and Privacy. The assessment is here.
I have reviewed the TAG's API Design Principles

We'd prefer the TAG provide feedback as (please select one):

open issues in our Github repo for each point of feedback
open a single issue in our Github repo for the entire review
leave review feedback as a comment in this issue and @-notify [github usernames]

Discussions

2018-05-08

Minutes

TL: Last time we discussed this we ran out of time.

DKA: We need to review their issue 54? All of their issues still open?

TL: Yes. Let me dig out the minutes of the discussion. I believe we should look at 54. We had some feedback on how this report should be formatted - especially on JSON serialization. Mike addressed those questions in 53 - but I need to look at this.

DKA: Was this related to something IETF did?

TL: I believe so

AR: Structured headers should be something that IETF does, no? Is this structured? This has it's own type system.

DKA: You mean IETF's work?

AR: Yes. We should wait for Mark to comment on this.

TL: I think the point we should be looking into is if the IETF spec is good enough for the reporting requirement.

AR: (Something about JSON, choppy audio.)

Action: Leave note on their issue, potentially invite to future call? Revisit 5/22.

Issue 185 - WebVR - Peter, Travis, Hadley, Alex

TL: Haven't looked at it yet. Should invite them to a call.

AR: Should we reach out?

TL: Yes.

DKA: How about the 29th?

TL: SGTM.

DKA: Can someone send an invite?

TL: I can take care of this.

Action: Send WebVR folks an invite for a call on 5/29.

Issue 134 - AOM - Travis, Sangwhan

Action: Sangwhan to send Alice invitation for future call

Issue 225 - Permission Delegation - Lukasz, Dan, David

AR: Status - this is delayed - time to sort out - in Chromium for certain users, changing whether users see a paired requests - warmings about subframe requests. I discussedd (with the proposer) what happens in lower levels.

DKA: Any other implementors working on similar features?

AR: No idea.

DB: Some people at Moz who saw this proposal liked it. One piece of feedback - list of permissions in the API spec is the list of permissions that are requested. There are also permissions that are implicitly granted throuhg a user action. So a question is - if you are talking about ability to delegate permissions do we need a list of those permissions as well?

TL: in some of those cases are they all tied to user action? you'd be delegating without the need for user interaciton?

DB: The reason the spec should be able to control that is that the user might e confused [otherwise]. We have a model where you see a file picker or media picker and there is an association with a tab, but not with an origin. If we're moving to a model where we are associating witha top level page than maybe the top level should be able to restrict.

AR: we don't have a way to restrict. I can have a [chrome] conversation about what data they do have to inform this...

Issue 231 - Payment Handler - Hadley, David, Alex

DKA: What is the status on this? David left a comment.

DB: I think they opened a bunch of issues on their side, should check what the current progress is.

DKA: We should review the current work.

DB: They linked 5 issues, of which one has been closed.

DKA: We need to review the response and see if this can be closed.

DB: I'll get to it.

Action: Revisit 5/22.

AOB

DKA: Next week is the AC meeting. Should we have a call?

PL: I can chair.

(Others expressing availability. Will have call.)

2018-05-22

Minutes

@torgo: Lots of issues were opened up. All still open. @travisleithead what is your current view on this? A bit of comments on some of the issues

@travisleithead: We want to grab these people at the F2F or invite them.

@torgo: Who can bring these people together, should we have a focused call

@travisleithead: will be hard to bring all together time zone wise

@slightlylate there is currently an intent to ship, but no permission yet, and open privacy issues etc - TAG is still waiting for resolution on issues.

@travisleithead: Dropping a note in the issue.

@torgo: Bumped to 29th to see how we want to proceed. Is this time sensitive?

@slightlylate: will give feedback to team that they should act on the feedback when they are doing an intent to ship. I will reach out to them.

@travisleithead: I posted to blink-dev, might need to be approved

2018-07-10

Minutes

TL: Closed. To use JSON.

DKA: Close and move to F2F?

TL: Sounds good. It didn't look like a great fit for structured headers, so not much we can do here