Site security state store
Status
| Site security state store | |
| Stage | Draft |
| Status | ` |
| Release target | ` |
| Health | OK |
| Status note | ` |
{{#set:Feature name=Site security state store
|Feature stage=Draft |Feature status=` |Feature version=` |Feature health=OK |Feature status note=` }}
Team
| Product manager | ` |
| Directly Responsible Individual | ` |
| Lead engineer | ` |
| Security lead | ` |
| Privacy lead | ` |
| Localization lead | ` |
| Accessibility lead | ` |
| QA lead | ` |
| UX lead | ` |
| Product marketing lead | ` |
| Operations lead | ` |
| Additional members | ` |
{{#set:Feature product manager=`
|Feature feature manager=` |Feature lead engineer=` |Feature security lead=` |Feature privacy lead=` |Feature localization lead=` |Feature accessibility lead=` |Feature qa lead=` |Feature ux lead=` |Feature product marketing lead=` |Feature operations lead=` |Feature additional members=` }}
Open issues/risks
`
Stage 1: Definition
1. Feature overview
There have been several HTTP extensions that handle security attributes such as HSTS and ca-pinning. These attributes are site initiated and thus should have different semantics than pinning. Currently this data lives on the site permissions with three main problems:
- access r/w is not thread safe
- is not aware of private browsing
- Does not allow for storage of arbitrary data.
2. Users & use cases
- HSTS Storage
- CA Pinning storage
3. Dependencies
`
4. Requirements
- Thread safe
- Private browsing aware
- Store for JSON data
- Expiration for data
- indexed on per site
- Allowing tree queries, but limit them to eTLD+1
- Scriptable access.
- Atomic quering and insertion.
- have a simple way to embed defaults in the source (for new profiles or db corruption)
Nice to have:
- Optimized for minimal impact to page loads. Most pages would not have any of this.
- Optimize the call pattern so we can minimize the number of method calls (i.e. callers should be able to check at the beginning of a page load and then not again, rather than one call per resource).
- Incorporate cert exceptions if possible.
To think about:
- If we still care about CAPS, replace it with this.
Non-goals
- While the data in this storage shall not be directly accessible to sites we will not commit to prevent tracking via this data set.
Stage 2: Design
5. Functional specification
`
6. User experience design
`
Stage 3: Planning
7. Implementation plan
`
8. Reviews
Security review
`
Privacy review
`
Localization review
`
Accessibility
`
Quality Assurance review
`
Operations review
`
Stage 4: Development
9. Implementation
`
Stage 5: Release
10. Landing criteria
` {{#set:Feature open issues and risks=` |Feature overview=There have been several HTTP extensions that handle security attributes such as HSTS and ca-pinning. These attributes are site initiated and thus should have different semantics than pinning. Currently this data lives on the site permissions with three main problems:
- access r/w is not thread safe
- is not aware of private browsing
- Does not allow for storage of arbitrary data.
|Feature users and use cases=*HSTS Storage
- CA Pinning storage
|Feature dependencies=` |Feature requirements=# Thread safe
- Private browsing aware
- Store for JSON data
- Expiration for data
- indexed on per site
- Allowing tree queries, but limit them to eTLD+1
- Scriptable access.
- Atomic quering and insertion.
- have a simple way to embed defaults in the source (for new profiles or db corruption)
Nice to have:
- Optimized for minimal impact to page loads. Most pages would not have any of this.
- Optimize the call pattern so we can minimize the number of method calls (i.e. callers should be able to check at the beginning of a page load and then not again, rather than one call per resource).
- Incorporate cert exceptions if possible.
To think about:
- If we still care about CAPS, replace it with this.
|Feature non-goals=* While the data in this storage shall not be directly accessible to sites we will not commit to prevent tracking via this data set. |Feature functional spec=` |Feature ux design=` |Feature implementation plan=` |Feature security review=` |Feature privacy review=` |Feature localization review=` |Feature accessibility review=` |Feature qa review=` |Feature operations review=` |Feature implementation notes=` |Feature landing criteria=` }}
Feature details
| Priority | Unprioritized |
| Rank | 999 |
| Theme / Goal | ` |
| Roadmap | ` |
| Secondary roadmap | ` |
| Feature list | ` |
| Project | ` |
| Engineering team | ` |
{{#set:Feature priority=Unprioritized
|Feature rank=999 |Feature theme=` |Feature roadmap=` |Feature secondary roadmap=` |Feature list=` |Feature project=` |Feature engineering team=` }}
Team status notes
| status | notes | |
| Products | ` | ` |
| Engineering | ` | ` |
| Security | ` | ` |
| Privacy | ` | ` |
| Localization | ` | ` |
| Accessibility | ` | ` |
| Quality assurance | ` | ` |
| User experience | ` | ` |
| Product marketing | ` | ` |
| Operations | ` | ` |
{{#set:Feature products status=`
|Feature products notes=` |Feature engineering status=` |Feature engineering notes=` |Feature security status=` |Feature security health=` |Feature security notes=` |Feature privacy status=` |Feature privacy notes=` |Feature localization status=` |Feature localization notes=` |Feature accessibility status=` |Feature accessibility notes=` |Feature qa status=` |Feature qa notes=` |Feature ux status=` |Feature ux notes=` |Feature product marketing status=` |Feature product marketing notes=` |Feature operations status=` |Feature operations notes=` }}