Define two features controlled by permissions policy (#54)

Co-authored-by: Martin Thomson <mt@lowentropy.net>
patcg · Dec 20, 2024 · 8d548d1 · 8d548d1
1 parent c30a216
commit 8d548d1
Showing 1 changed file with 27 additions and 0 deletions.
diff --git a/api.bs b/api.bs
@@ -866,6 +866,33 @@ if the user has opted out of collection of diagnostic data.
 * User ability to view the impression store and past report submissions.
 
 
+# Permissions Policy Integration # {#permission-policy}
+
+This specification defines two [=policy-controlled features=]:
+
+*   Invocation of the <a method for=PrivateAttribution>saveImpression()</a> API,
+    identified by the string "<code><dfn export for="PermissionPolicy"
+    enum-value>save-impression</dfn></code>".
+*   Invocation of the <a method for=PrivateAttribution>measureConversion()</a> API,
+    identified by the string "<code><dfn export for="PermissionPolicy"
+    enum-value>measure-conversion</dfn></code>".
+
+The [=policy-controlled feature/default allowlist=] for both of these features is
+<code><a dfn for="default allowlist">*</a></code>.
+
+<p class=note>Having separate permissions for
+<a method for=PrivateAttribution>saveImpression()</a> and
+<a method for=PrivateAttribution>measureConversion()</a>
+allows pages that do both to limit subresources
+to the expected kind of activity.
+
+<p class=note>Enabling permissions by default
+simplifies the task of integrating external services.
+
+<p class=note>Permissions policy provides only all-or-nothing control,
+it does not enable delegation of a portion of privacy budget.
+
+
 # Implementation Considerations # {#implementation-considerations}
 
 * Management and distribution of values for the following: