A couple of APIs have come up in PrivacyWG review and broader W3C discussion where the W3C-defined behavior is very simple and broad, and intended to be the entry point to more complex behavior and information passing, defined else where (future specs, specs maintained by other orgs, left up to vendors, etc).
I don't know where the term "dumb pipe" API came from, but it stuck with me, so im using it here. I'm not wedded to the term, and happy to use something else.
I think this pattern is a problem privacy and security wise for a couple of reasons:
- it give the impression that a set of behaviors are W3C-standards based, when the actual behavior may not actually be standardized by the W3C (and in particular, hasn't gone through W3C horizontal review or AC review).
- it somewhat-commits the platform to a general approach (e.g., the
doCredentialStuff(any) -> any API) in a way intentionally opaque to w3c concerns, standards, practices and expectations
- it goes against platform best practices like designed-for-purpose APIs
- the API encourages a pattern of pushing pushing very complex data through very generic APIs, in a way that makes it very hard to standardize protections and approaches across the platform, and to explain to the user what data a site wants to access in response to what action when a single API call is interacting with a broad range of data types and sensitivities (for example, its already difficult for a user agent to explain to a user whats happening when a page calls
getLocation(precise=true). It'll be 100x more difficult to explain to the user whats happening when a page calls doNetworkStuff(currentLocation=X, requestedCredentials=age+date, withWebCamAgeCheck=true, crossSiteCredentials=site.example,site2.example).
@simoneonofri , curious for your thoughts here:
- Have you encountered any cases (VC and credentials come to mind)?
- Do you think we should have S&P questionare questions about this? or that it'd better fit somewhere like the TAG's design principles? or both?
A couple of APIs have come up in PrivacyWG review and broader W3C discussion where the W3C-defined behavior is very simple and broad, and intended to be the entry point to more complex behavior and information passing, defined else where (future specs, specs maintained by other orgs, left up to vendors, etc).
I don't know where the term "dumb pipe" API came from, but it stuck with me, so im using it here. I'm not wedded to the term, and happy to use something else.
I think this pattern is a problem privacy and security wise for a couple of reasons:
doCredentialStuff(any) -> anyAPI) in a way intentionally opaque to w3c concerns, standards, practices and expectationsgetLocation(precise=true). It'll be 100x more difficult to explain to the user whats happening when a page callsdoNetworkStuff(currentLocation=X, requestedCredentials=age+date, withWebCamAgeCheck=true, crossSiteCredentials=site.example,site2.example).@simoneonofri , curious for your thoughts here: