FYI Private State Token API Permissions Policy Default Allowlist Wildcard

[arichiv]

Request for Mozilla Position on an Emerging Web Specification

• Specification title: Private State Token API Permissions Policy Default Allowlist Wildcard
• Specification or proposal URL (if available): Consider making permission defaults * instead of self WICG/trust-token-api#306
• Explainer URL (if available): https://github.com/WICG/trust-token-api/blob/main/README.md
• Proposal author(s) (@-mention GitHub accounts): @arichiv, @aykutbulut, @dvorak42, @krgovind
• Issue URL (optional): https://chromestatus.com/feature/5205548434456576
• WebKit standards-position: FYI Private State Token API Permissions Policy Default Allowlist Wildcard WebKit/standards-positions#391
• TAG Review: FYI Private State Token API Permissions Policy Default Allowlist Wildcard w3ctag/design-reviews#990
• Past Evaluation: Private State Token API #262

Other information

Access to the Private State Token API is gated by Permissions Policy features. We proposed to update the default allowlist for both private-state-token-issuance and private-state-token-redemption features from self to * (wildcard).

[martinthomson]

There's not a lot new here, so we should retain our previous position on the overall feature.

(If anything, this makes things worse in the sense that the top-level site no longer needs to aid and abet the tracking that might be occurring, but it's a pretty minor thing.)

[maceip]

How do mozilla users participate in these? i can point to 100+ developers that would like mozilla to implement a PrivacyPass-equivalent token, but from what I can tell @martinthomson argued against and it's been 2-3 years.

would some sort of petition help?