15:43:35 RRSAgent has joined #storage-buckets 15:43:35 logging to https://www.w3.org/2020/10/29-storage-buckets-irc 15:43:54 rssagent, bookmark 15:45:18 rrsagent, prepare this meeting 15:45:18 I'm logging. I don't understand 'prepare this meeting', oyiptong. Try /msg RRSAgent help 15:45:27 prepare this meeting 15:46:49 rssagent, this meeting is about Storage Buckets 15:49:19 zakim, prepare this meeting 15:49:19 RRSAgent, make logs Public 15:49:20 Meeting: Storage Buckets API 15:49:29 zakim, this is Zoom 815 1361 9748 15:49:29 got it, oyiptong 15:50:07 present+ oyiptong 15:50:21 zakim, who is here? 15:50:21 Present: oyiptong 15:50:23 On IRC I see RRSAgent, Zakim, ayu, asuth, danyao, masaya_ikeo, oyiptong, Mek 15:52:07 agenda+ Discussion on Storage Buckets API Proposal https://github.com/WICG/storage-buckets/blob/gh-pages/explainer.md 15:52:12 lgombos___ has joined #storage-buckets 15:52:29 MasakazuKitahara has joined #storage-buckets 15:54:23 present+ Ayu Ishii (Google) 15:54:48 zakim, who is here? 15:54:48 Present: oyiptong, Ayu, Ishii, (Google) 15:54:50 On IRC I see MasakazuKitahara, lgombos___, RRSAgent, Zakim, ayu, asuth, danyao, masaya_ikeo, oyiptong, Mek 15:54:52 tidoust has joined #storage-buckets 15:55:30 zakim, list agenda 15:55:31 I see 1 item remaining on the agenda: 15:55:31 1. Discussion on Storage Buckets API Proposal https://github.com/WICG/storage-buckets/blob/gh-pages/explainer.md [from oyiptong] 15:57:25 present+ Andrew Sutherland 15:59:36 zakim, start this meeting 15:59:36 RRSAgent, make logs Public 15:59:37 Meeting: Storage Buckets API 15:59:55 jsbell has joined #storage-buckets 16:00:15 present+ 16:00:33 present+ 16:00:41 zakim, who is here? 16:00:41 Present: oyiptong, Ayu, Ishii, (Google), Andrew, Sutherland, Mek, lgombos___ 16:00:43 On IRC I see jsbell, tidoust, MasakazuKitahara, lgombos___, RRSAgent, Zakim, ayu, asuth, danyao, masaya_ikeo, oyiptong, Mek 16:00:54 present+ Joshua Bell 16:00:59 present+ Francois_Daoust 16:01:41 pwnall has joined #storage-buckets 16:01:48 present+ Victor Costan (Google) 16:02:25 kenchris has joined #storage-buckets 16:02:35 MikeSmith has joined #storage-buckets 16:02:38 zakim, take up agendum 1 16:02:38 agendum 1. "Discussion on Storage Buckets API Proposal https://github.com/WICG/storage-buckets/blob/gh-pages/explainer.md" taken up [from oyiptong] 16:03:13 asully has joined #storage-buckets 16:03:34 muodov has joined #storage-buckets 16:03:59 starting soon, to let people join 16:04:21 in 1 more minute 16:05:14 starting now 16:05:35 Ayu Ishii presenting, Victor Costan helping as well 16:06:02 presentation: goals, use-cases, explainer overview, Q&Discussions 16:06:20 problem: 1 default bucket for storage. they lose all or none of their data during storage pressure 16:06:27 no tools to better manage their storage 16:06:44 could prioritize some data, e.g. songs and playlist 16:06:56 goal: give apps more control over how data is stored and evicted 16:07:08 with buckets, apps can partition by data, cache, etc 16:07:11 bkardell___ has joined #storage-buckets 16:07:20 e.g. favorite songs, playlists to be evicted last 16:07:33 more use-cases: email clients can cache messages and attachments 16:07:38 drafts not stored yet on the server 16:07:46 with browser eviction, all data would be lost, including drafts not sent yet 16:07:56 with buckets, this data could be partitioned and preserved 16:08:10 policies: a bucket could be evicted on storage pressure 16:08:13 AramZS has joined #storage-buckets 16:08:21 and some data to be evicted last 16:08:36 tradeoffs, data could survive power failures, at the cost of battery consumption 16:08:45 how buckets could be used: 1 bucket per account 16:08:54 JohnWilander has joined #storage-buckets 16:09:01 on logout, data cleanup would be the deletion of the specific bucket 16:09:08 code example: how to create a bucket 16:09:17 options for durability and persistence 16:09:25 in example: strict durability to minimize data loss 16:09:37 title: for the UA to display the bucket title in the UI 16:09:50 present+ 16:09:54 example was unimportant bucket 16:10:05 q+ 16:10:09 for managing quota, proposing a quota option 16:10:35 expires option, to ensure data isn't accessible after a certain time 16:11:00 deleting buckets. delete API. could be used on user logout 16:11:15 service workers: each storage bucket could store SW registrations 16:11:25 Slides: https://docs.google.com/presentation/d/1q8wRn2Q3BddAErKd5Sq6vDx4w6W5UqCEd6PaBxqJ0Kg/ 16:11:39 early state. with tag review. want to get feedback 16:11:47 annevk has joined #storage-buckets 16:11:49 floor open to questions / discussion 16:11:57 zakim, who is on the queue? 16:11:57 I see JohnWilander on the speaker queue 16:12:17 q+ 16:12:24 q+ 16:12:24 present+ 16:12:24 q+ 16:13:31 q+ 16:14:46 zakim, oyiptong acks JohnWilander 16:14:46 I don't understand 'oyiptong acks JohnWilander', oyiptong 16:15:16 JohnWilander: https://github.com/WICG/storage-buckets/blob/gh-pages/explainer.md#storage-policy-expiration 16:15:53 zakim, ack next 16:15:54 I see bkardell___, AramZS, muodov on the speaker queue 16:16:07 https://github.com/privacycg/storage-partitioning 16:16:21 for cookies, no plans on supporting cookies in buckets 16:16:27 The Storage spec has a concept of sheds and shelves which would relate to the partitioning: https://storage.spec.whatwg.org/#storage-shelves 16:16:45 Buckets explicitly already operate at a granularity beneath those. 16:16:54 expiry: guarantee is that data is inaccessible after expiration 16:17:04 it won't be retrievable when storage pressure occurs 16:17:15 does proposal introduce expiry for storage? 16:17:26 part of the option, but not a required option 16:17:39 if you don't state an expiry, it's in memory only? 16:17:48 should've been there from the start 16:18:13 on cookies: when starting buckets, tackled quota managed storage 16:18:30 cookies: synchronous API, etc. each browser has a small fixed amount of quota 16:18:37 does everything hang off of buckets? yes 16:18:45 will it happen in the next few years? unlikely 16:18:50 with proposal, starting with small steps 16:19:00 fix problems, and iterate 16:19:26 cookies are special... wondering if allowing sites to somehow tell the browser to delete cookies, and keeping some, e.g. login cookies 16:19:36 partitioning: partitioned+ storage buckets? 16:19:56 talking to folks in Google who are more familiar. following options, not ready for scrutiny 16:20:15 looking at 1P contexts first, 3P later 16:20:29 probably more specs/explainers in addition later to this proposal 16:20:46 shelves and buckets are already explicit. partitioning is already answered by the spec 16:20:53 depends on how CG interacts 16:21:00 this explainer does not change any of how that works 16:21:16 q? 16:21:35 zakim, ack next 16:21:36 I see AramZS, muodov on the speaker queue 16:22:07 AramZS has joined #storage-buckets 16:22:07 unaware of this until this week. no time to consume in full, but appreciate the problems this is trying to solve 16:22:22 q- 16:22:26 eviction of a whole origin? carefully designed, but hand-wavy and not good data on this 16:22:31 no aspect seems great 16:22:55 earlier this year webkit made changes to eviction policy. due to privacy, good explanation 16:23:05 but people reacted based on misunderstanding on how it works in other browsers 16:23:13 opened an issue on chrome 16:23:25 use low-end device for 5 years 16:23:30 things get evicted all the time 16:23:48 no discussion about that and what that means to your ability to have cache 16:23:59 know of efforts to collect data on how often eviction happens? 16:24:00 Our latest attempt at documenting some of this behavior: https://web.dev/storage-for-the-web/ 16:24:17 we do collect eviction data 16:24:27 (we): Chrome 16:24:40 could make it more clear around evictions to incentivize sites to use storage 16:24:52 good suggestion. hard to define what the rules would be 16:25:00 could eviction data be published? 16:25:25 based on UA? what's the policy around this? 16:25:51 related to explainer: let developers give more preferences on how data should be evicted 16:26:23 until recently, how eviction works was not a well understood process 16:26:32 we now have a better understanding of all the cases 16:26:53 we have published an article that explains what we do and what other browsers do 16:26:55 q+ 16:26:59 https://web.dev/storage-for-the-web/ 16:27:06 we have metrics and we'll see what we can release 16:27:13 (we): Chrome 16:27:28 goals focusing on prioritization, could segment by users 16:27:38 offering new features around storage... expiry 16:27:46 zhaoz_google has joined #storage-buckets 16:27:57 some users have to use it forregulatory reasons 16:28:02 zakim, q? 16:28:02 I see AramZS, muodov on the speaker queue 16:28:11 zakim, ack next 16:28:12 I see muodov on the speaker queue 16:28:20 aram: Eng Director at WaPo 16:28:31 incentive to evict data less? 16:28:37 privacy focused browsers come to mind 16:28:50 what's the incentive to the UA not to evict to be more private? 16:28:57 (or to evict?) 16:29:13 what incentive can i give to a browser to not evict some data because it isn't privacy sensitive? 16:29:39 still figuring out what it means RE: 3P storage 16:29:55 complicated space, lots of options, nothing useful to say at this point 16:30:03 asuth: won't impact privacy behavior at all 16:30:10 clearing origin clears everything about this origin 16:30:19 exiting the session? it's all going to get cleared 16:30:28 this is just giving options surrounding eviction options 16:30:37 LRU? evicted 16:30:57 movie-watching site a kid watches every day, will let browser evict data that's already used 16:31:08 i.e. FMV data 16:31:18 q+ 16:31:28 exposing more granular things to user: delete some data, and not other stuff... delete data but not UI 16:31:53 storage gets cleared for a few reasons: 1) user clearing browsing data, proposal has no effect on that 16:31:58 will clear all buckets 16:32:06 could be more options there? not yet 16:32:13 2) under storage pressure, disk is getting full 16:32:17 this proposal applies 16:32:22 opted in by the site 16:32:29 default behavior is that under pressure, all data is wiped 16:32:43 if a user is clearing data for privacy reasons, all data will be cleared 16:32:50 zakim, q? 16:32:50 I see muodov, JohnWilander on the speaker queue 16:32:59 zakim, ack next 16:33:00 I see JohnWilander on the speaker queue 16:33:34 question: do you consider automatic expiration? how session storage automatically expires 16:33:41 or session cookies removed when browser is closed? 16:33:52 not currently in the explainer 16:33:57 it could be something we create an issue for 16:34:00 and consider use-cases 16:34:19 could add to the explainer after elaboration, perhaps 16:34:35 muodov: will elaborate 16:34:45 There is a storage spec issue on sesssion buckets already: https://github.com/whatwg/storage/issues/71 16:34:57 could be copied over in popups? 16:35:08 does the use-case rely on that? 16:35:20 popups: window.open, target=blank, etc 16:35:23 q+ 16:35:31 q++ 16:35:35 dynamically created subdomains, using sessionstorage to have some state 16:35:45 goes away when you close the tab 16:35:51 survives tab reload 16:36:11 would be very nice if it is possible to separate/partition storage 16:36:42 bkardell jumps the queue: company admits they don't care which tab a user is in. inability to sync data is a nightmare 16:36:48 q- 16:36:53 zakim, q? 16:36:53 I see JohnWilander, + on the speaker queue 16:36:56 zakim, ack next 16:36:57 I see + on the speaker queue 16:37:06 bkardell___: so it's quite specific, if the user opens two tabs independently they wouldn't share sessionStorage 16:37:14 bkardell___: and you'd have to use BroadcastChannel or some such 16:37:24 referring to functionality in Safari: deleting website data for domains 16:37:36 bkardell___: sessionStorage is only copied over from a starting tab to a new one opened from there 16:37:37 not because there's a lack of storage or user going through storage settings 16:37:46 part of privacy protection 16:37:56 maybe there's a way for buckets to inform this feature 16:38:04 s/admits they don't care/was adamant that it was necessary to reflect your 'session' in any tabs you were in, and they did open new windows. But also that was a nightmare. For whatever that is worth 16:38:10 data important for functionality, take that in consideration before clearing data 16:38:18 chrome lacks same-site cookies by default 16:38:26 same-site none: cookies i intend to use in a partitioned context 16:38:29 more likely to go away? 16:38:38 feature: clear all cookies that could be used in a 3P context 16:38:42 not an outlandish thought 16:38:52 could ever get to a good faith situation there? 16:39:02 where functionality in buckets wouldn't be misused to store tracking data 16:39:32 JohnWilander mentioning to muodev: sessionstorage similar, per-tab, per-session 16:39:36 sessionstorage is weird in other ways 16:39:40 ties to the tab not to the origin 16:39:47 should be revisited 16:39:53 muodev: that's what's missing 16:39:57 q? 16:40:01 q+ 16:40:08 zhaoz has joined #storage-buckets 16:40:09 q- + 16:40:28 storage buckets is an opportunity to fix several of the problematic things in earlier storage specs 16:40:41 aram: yes, exactly what was in mind 16:40:49 would not rely on the occurrence of this API right now 16:40:52 but hopeful 16:41:01 data not accessible to 3P, so don't clear 16:41:02 etc 16:41:20 data is protected, that makes it not accessible to 3P in a more dynamic way, so don't clear it 16:41:29 looking for ways to make it easier to retain a login for users 16:41:38 while respecting the choice of UA RE: privacy 16:41:41 and dynamic clearing for that reason 16:41:45 might not be the proposal 16:41:49 but might be a future proposal? 16:41:52 q? 16:41:53 zakim, q? 16:41:54 I see asuth on the speaker queue 16:42:10 zakim, ack next 16:42:11 I see no one on the speaker queue 16:42:18 durability? 16:42:42 sessionstorage, storage gets cleared, association with tab and cleared on shutdown 16:42:52 should there be a bucket that gets cleared on browser shutdown? 16:43:13 muodov: ideally, replicate sessionstorage, tied to tab 16:43:31 question more general: cookie. clearing when browser is shutdown? strange 16:43:50 question is more like: would we consider any type of automatic removal that's not defined by an expiration date 16:44:06 q+ JohnWilander 16:44:12 zakim, ack next 16:44:14 I see no one on the speaker queue 16:44:20 HTTP-only cookies? 16:44:25 protocol things, not JS 16:44:30 can't get to HTTP-only cookies 16:44:34 things goes towards what you want 16:44:48 want ability as a dev to say: this is my indexeddb. even if i run 3P code, they shouldn't get access to this 16:44:57 please consider this more isolated and not tainted... keep it around 16:45:06 aram: very interesting dimension 16:45:15 bucket we wish to be very isolated from any 3P 16:45:20 in exchange for that, store it longer? 16:45:25 could be passed by network request... 16:45:33 1P leaking deliberately to 3P, different use-case 16:45:36 q+ 16:45:45 could achieve the same by opening an iframe and never load 3P data there 16:45:52 "is logged in" very interesting idea 16:45:57 talking about a 3rd state 16:46:08 data stored and available to site, data evicted for whatever reason 16:46:14 in the middle, "is logged in", hiding data 16:46:29 some time has passed. UA hides data, keeps it around 16:46:32 e.g. email drafts 16:46:41 could find middle ground with "forever storage" 16:46:44 tied to user being logged in 16:46:51 zero_liu has joined #storage-buckets 16:46:58 q? 16:47:10 WaPo could be early devs/testers 16:47:16 lots of work right now, but after that 16:47:18 interested 16:47:29 zakim, ack next 16:47:30 I see no one on the speaker queue 16:47:31 this is very interesting, thank you for this session 16:47:37 please file github issues 16:47:40 to continue discussion 16:47:47 q+ 16:47:48 want more clarity and use-cases 16:47:55 this is the 1st version of this API 16:48:00 will iterate 16:48:19 zakim, ack next 16:48:20 I see no one on the speaker queue 16:48:25 q+ zero_liu 16:48:36 storage specs has endpoints 16:48:48 would imply that this requires File System Access 16:48:59 next-steps? one small point of confusion 16:49:10 scoping-wise: chrome indicated they were thinking of re-doing quota management 16:49:16 not dependent on free disk-space 16:49:30 if quota bucket storage is intended to be part of that change, or informative? 16:49:40 document how eviction works with quota management? 16:49:45 q? 16:49:56 answer: yes. would love help to write the spec to get it right 16:50:08 chrome around quota: don't consider free disk space anymore when computing quota 16:50:15 because of security issues discussed in the explainer 16:50:27 hoping buckets gives sites a way to explain how storage is structure 16:50:32 future: allocating and logging quota 16:50:39 firefox has some thoughts 16:50:46 should consider opinions together 16:50:59 doing some work there, good direction, shouldn't be a big feature bloat on the spec 16:51:09 explainer -> diffs on storage specs, do small steps 16:51:11 zakim, q? 16:51:11 I see zero_liu on the speaker queue 16:51:21 zakim, ack next 16:51:22 I see no one on the speaker queue 16:51:30 zero: on internal Google team 16:51:40 chrome and firefox: different models to grant permissions 16:51:47 popups vs implicit grant 16:52:00 will allow users to define and persist permissions in different buckets? 16:52:16 existing mechanisms from UAs? challenging for popup mechanism to deliver in this new world 16:52:21 want to hear from both Chrome and Firefox 16:52:30 any idea of unifying the grant process? 16:52:55 asuth: storage spec specifies a permission to get the ability to persist things 16:52:59 request persistence or not 16:53:08 browsers don't want to standardize UX on how that works 16:53:16 Firefox: an explicit prompt, no plans to change that 16:53:32 it's always difficult to provide informed consent to users when they're not under duress 16:53:36 chrome uses frecency 16:53:46 q+ to ask about where this spec will live 16:53:51 buckets allows firefox to provide more data to provide stronger things there 16:54:02 firefox as a UA: goal not to provide a contract to a site to never delete 16:54:12 it will be UA-biased. UI won't be standardized 16:54:28 in Chrome: no popups because there's no good way for users to make an informed decision 16:54:32 aligned on general idea 16:54:41 want buckets API to allow UA to make a per-bucket decision 16:54:54 in a future world, if you have a small bucket, persistence could be granted without any trouble 16:55:10 https://wicg.github.io/storage-buckets/explainer#introduction “This explainer proposes changes to the Storage Standard. 16:55:15 writing messaging client with encryption, keys could be stored in a bucket, and messages in another bucket that could be evicted 16:55:26 similar to Firefox: persistence does not override users' will 16:55:51 might show warning: hey developer, you thought this was important before, etc 16:55:55 but won't block on deleting 16:56:03 q? 16:56:10 zakim, ack next 16:56:11 MikeSmith, you wanted to ask about where this spec will live 16:56:11 I see no one on the speaker queue 16:56:20 MikeSmith from w3c in tokyo 16:56:34 plan for spec to live wholly within storage standard? or to have something else in addition to that? 16:56:45 would be in storage spec 16:56:48 to have buckets entirely 16:57:27 yes, thank you! 16:57:41 asuth: thanks for working on this 16:58:05 please create issues and keep discussing 16:58:10 everyone: Please let's continue the discussion on GitHub issues! 16:58:11 zakim, stop this meeting 16:58:11 I don't understand 'stop this meeting', oyiptong 16:58:18 zakim, stop meeting 16:58:18 I don't understand 'stop meeting', oyiptong 16:58:41 zakim, end this meeting 16:58:41 As of this point the attendees have been oyiptong, Ayu, Ishii, (Google), Andrew, Sutherland, Mek, lgombos___, Joshua, Bell, Francois_Daoust, Victor, Costan, JohnWilander, AramZS 16:58:44 RRSAgent, please draft minutes v2 16:58:44 I have made the request to generate https://www.w3.org/2020/10/29-storage-buckets-minutes.html Zakim 16:58:47 I am happy to have been of service, oyiptong; please remember to excuse RRSAgent. Goodbye 16:58:51 Zakim has left #storage-buckets 16:59:26 rssagent, excuse us 17:00:29 rssagent, leave 17:00:39 RRSAgent, leave 17:00:39 I see no action items