Merge branch 'powerful' into 'main_publish'

Same-origin policy: A security model in browser products used to determine whether assets and state should be shared or not between web page execution contexts.

Powerful Web Platform Feature: A web platform feature (usually an API) the web browser provides to a website that directly exposes: video capture, audio capture, location information, filesystem contents, clipboard contents, the host operating system, external applications, screen contents, system notifications, connected peripherals, local network services, Personally Identifiable Information, or other such highly sensitive data or capabilities.

Secure Context: Typically a web page that meets minimum standards of authentication and confidentiality by delivering content over an encrypted and authenticated channel like HTTPS, as fully defined by https://w3c.github.io/webappsec-secure-contexts/.

<mark>Editor's note: What constitutes a secure context is pretty nuanced, so ideally we'd be able to reference this spec. The definition is used in [REQ-PWR-INT-2]</mark>

Browser Profile: private browsing sessions, temporary guest profiles, or profiles that may be used for separating principals or use-cases.

## 3.2 Symbols

For the purposes of the present document, the [following] symbols [given in ... and the following] apply:

<mark>Editor's note: This covers the default configuration - the exploitation mitigation is covered in section 5.12.</mark>

**[REQ-PWR-SBD-1]** Web browsers shall provide a mechanism for users to select the default behaviour when a webpage wishes to use a given Powerful Web Platform Feature, which shall at least include denying by default.

**[REQ-PWR-SBD-2]** The web browser may support enterprise or parental policy controls that allow administrators to alter how access to Powerful Web Platform Features is controlled.

## 5.4 Secure Updates

Proposed ESR code: SU

<mark>Editor's note: need to add examples for cross domain storage access is allowed, etc.</mark>

**[REQ-PWR-AAC-1]** The web browser shall require express user permission before exposing data via Powerful Web Platform Features.

**[REQ-PWR-AAC-2]** The web browser shall allow the user to limit the grant of a Powerful Web Platform Feature to the current browsing session.

**[REQ-PWR-AAC-3]** The product shall allow the user to deny the granting of the Powerful Web Platform Feature.

## 5.6 Confidentiality

Proposed ESR code: CON

**[REQ-EXT-INT-1]**: The product shall cryptographically verify extensions before installation and update.

**[REQ-PWR-INT-1]** The web browser shall protect permission prompts against manipulation by the webpage.

**[REQ-PWR-INT-2]** The product shall only enable Powerful Web Platform Features for use within Secure Contexts.

## 5.8 Data Minimisation

Proposed ESR code: DM

Note: TLS-related clauses contribute to data minimization.

**[REQ-PWR-DM-1]** Powerful Web Platform Feature permissions shall be origin-scoped by default, with broader scoping permitted only via express user action (e.g. in settings), or opt-in by the origins.

**[REQ-PWR-DM-2]** Powerful Web Platform Feature permissions decisions shall apply to each Browser Profile separately.

**[REQ-PWR-DM-3]** Web browsers shall provide users with the ability to grant granular permission to Powerful Web Platform Features.

## 5.9 Availability Protection

<mark>Editor's note: Discussion around this was not concluded. HAS did not like asking for technical docs. Sam raised asking for user docs instead. Andrew suggested that in some circumstances it's not needed at all, eg explicit cooperation between client and server. Daniel E had concerns about lowering the bar even in cooperation contexts.</mark>

**[REQ-PWR-IM-1]** The product shall implement a permissions policy framework that allows a top-level website to selectively limit the Powerful Web Platform Features available to itself and any embedded iframes.

**[REQ-PWR-IM-2]** The product shall implement a permissions policy framework that allows a top-level website to explicitly delegate access to specific Powerful Web Platform Features to embedded iframes.

## 5.11 Minimisation of Attack Surfaces

Proposed ESR code: MAS

**[REQ-STORE-LOG-1]** The product shall provide an interface for viewing information about stored data at a granularity of site or narrower (e.g., origin).

**[REQ-PWR-LOG-1]** The web browser shall provide a user interface listing the Powerful Web Platform Features granted or denied to the web page being displayed.

## 5.14 Data Removal and Transparency

Proposed ESR code: DRT

**[REQ-STORE-DRT-3]** The product shall have an interface for deleting storage at a granularity of site or narrower (e.g., origin).

**[REQ-PWR-DRT-1]** The web browser shall provide a user interface allowing revocation of previously granted permissions for Powerful Web Platform Features.

## 5.15 Vulnerability Handling

This clause addresses the requirements in the CRA [\[i.1\]](#_ref_i.1) Annex 1 Part 2.