Skip to content

Commit

Permalink
Support workers in privacy algos
Browse files Browse the repository at this point in the history
  • Loading branch information
@kenchris
kenchris committed Oct 10, 2023
1 parent 3965ad2 commit aac2c45
Showing 1 changed file with 126 additions and 60 deletions.
186 changes: 126 additions & 60 deletions index.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -889,67 +889,133 @@ <h3>Supporting algorithms</h3>
</li>
</ul>
</aside>
The <dfn>passes privacy test</dfn> steps given the argument |observer:PressureObserver| and
its [=relevant global object=] |relevantGlobal|, are as follows:
<ol>
<li>
If |relevantGlobal| is a {{WorkerGlobalScope}} object:
<ol>
<li>
If |relevantGlobal|'s relevant worker is not a <a href="https://html.spec.whatwg.org/multipage/workers.html#active-needed-worker">
active needed worker</a>, return false.
</li>
<li>
Otherwise, return true.
</li>
</ol>
</li>
<li>
If |relevantGlobal| is a {{Window}} object:
<ol>
<li>
<p>
To determine the <dfn>owning global object</dfn> for a {{DedicatedWorkerGlobalScope}} |workerGlobalScope|:
<ol>
<li>
If |workerGlobalScope|'s [=WorkerGlobalScope/owner set=] consists of a single {{Document}} |document|,
then return |document|'s [=relevant global object=].
</li>
<li>
If |workerGlobalScope|'s [=WorkerGlobalScope/owner set=] consists of a single {{DedicatedWorkerGlobalScope}}
|parentWorkerGlobalScope|, then return |parentWorkerGlobalScope|'s [=owning global object=].
</li>
<li>
Return null.
</li>
</ol>
<aside class="note">
A {{DedicatedWorkerGlobalScope}}'s [=WorkerGlobalScope/owner set=] will always have exactly one item.
</aside>
</p>
<p>
The <dfn>passes window privacy test</dfn> steps given the argument |observer:PressureObserver| and
its [=relevant global object=] |relevantGlobal|, are as follows:
<ol>
<li>
Assert: |relevantGlobal| is a {{Window}} object.
</li>
<li>
If |relevantGlobal|'s [=associated document=] is not [=Document/fully active=], return false.
</li>
<li>
[=list/For each=] |origin| in
<a href="https://w3c.github.io/picture-in-picture/#initiators-of-active-picture-in-picture-sessions">
initiators of active Picture-in-Picture sessions</a>:
<ol>
<li>
If |relevantGlobal|'s [=relevant settings object=]'s [=origin=] is [=same origin=] with |origin|, return true.
</li>
</ol>
</li>
<li>
If |relevantGlobal|'s [=browsing context=] is [=context is capturing|capturing=], return true.
</li>
<li>
Let |topLevelBC| be |relevantGlobal|'s [=browsing context=]'s [=top-level browsing context=].
</li>
<li>
If |topLevelBC| does not have [=top-level traversable/system focus=], return false.
</li>
<li>
Let |focusedDocument| be the |topLevelBC|'s
<a href="https://html.spec.whatwg.org/multipage/interaction.html#currently-focused-area-of-a-top-level-browsing-context">
currently focused area</a>'s [=Node/node document=].
</li>
<li>
If |relevantGlobal|'s [=relevant settings object=]'s [=origin=] is [=same origin=] with
|focusedDocument|'s [=origin=], return true.
</li>
<li>
Otherwise, return false.
</li>
</ol>
</li>
</ol>
<aside class="note">
As there might be multiple observers, each with a different [=requested sampling rate=], the underlying
[=platform collector=] will need to use a [=sampling rate=] that fulfills all these requirements. This also
means that not every data sample from the [=platform collector=] needs to be delivered to each active
observer.
</aside>
</li>
<li>
[=list/For each=] |origin| in
<a href="https://w3c.github.io/picture-in-picture/#initiators-of-active-picture-in-picture-sessions">
initiators of active Picture-in-Picture sessions</a>:
<ol>
<li>
If |relevantGlobal|'s [=relevant settings object=]'s [=origin=] is [=same origin=] with |origin|, return true.
</li>
</ol>
</li>
<li>
If |relevantGlobal|'s [=browsing context=] is [=context is capturing|capturing=], return true.
</li>
<li>
Let |topLevelBC| be |relevantGlobal|'s [=browsing context=]'s [=top-level browsing context=].
</li>
<li>
If |topLevelBC| does not have [=top-level traversable/system focus=], return false.
</li>
<li>
Let |focusedDocument| be the |topLevelBC|'s
<a href="https://html.spec.whatwg.org/multipage/interaction.html#currently-focused-area-of-a-top-level-browsing-context">
currently focused area</a>'s [=Node/node document=].
</li>
<li>
If |relevantGlobal|'s [=relevant settings object=]'s [=origin=] is [=same origin=] with
|focusedDocument|'s [=origin=], return true.
</li>
<li>
Otherwise, return false.
</li>
</ol>
</p>
<p>
The <dfn>passes privacy test</dfn> steps given the argument |observer:PressureObserver| and
its [=relevant global object=] |relevantGlobal|, are as follows:
<ol>
<li>
If |relevantGlobal| is a {{WorkerGlobalScope}} object:
<ol>
<li>
If |relevantGlobal|'s relevant worker is not a <a href="https://html.spec.whatwg.org/multipage/workers.html#active-needed-worker">
active needed worker</a>, return false.
</li>
<li>
If |relevantGlobal| is a {{DedicatedWorkerGlobalScope}} object:
<ol>
<li>
Let |ownerGlobal| be |relevantGlobal|'s [=owning global object=].
</li>
<li>
Assert: |ownerGlobal| is not null.
</li>
<li>

This comment has been minimized.

Sign in to view

Copy link
@arskama

arskama Oct 10, 2023
edited
Loading

Contributor

Should we cover the case of nested dedicated workers?
Dedicated worker can by principle spawn another dedicated worker.

So we would need to have a loop checking until top owner is Document.

This comment has been minimized.

Sign in to view

Copy link
@kenchris

kenchris Oct 10, 2023

Author Contributor

That case is handled by the recursive sub algo

This comment has been minimized.

Sign in to view

Copy link
@arskama

arskama Oct 10, 2023

Contributor

yes, sorry I missed that

This comment has been minimized.

Sign in to view

Copy link
@kenchris

kenchris Oct 10, 2023

Author Contributor

It's "owning global object" steps
Return the result of running [=passes window privacy test=] with |observer| and |ownerGlobal|.
</li>
</ol>
</li>
<li>
If |relevantGlobal| is a {{SharedWorkerGlobalScope}} object:
<ol>
<li>
[=list/For each=] |owner| in |relevantGlobal|'s [=WorkerGlobalScope/owner set=]:
<ol>
<li>
Assert: |owner| is {{Document}}.
</li>
<li>
If the result of running [=passes window privacy test=] with |observer| and |owner|'s
[=relevant global object=] is true, return true, or else [=iteration/continue=].
</li>
</ol>
<li>
Return false.
</li>
</li>
</ol>
</li>
</ol>
</li>
<li>
If |relevantGlobal| is not a {{Window}} object, return false.
</li>
<li>
Return the result of running [=passes window privacy test=] with |observer| and |relevantGlobal|.
</li>
</ol>
<aside class="note">
{{SharedWorkerGlobalScope}} is only exposed to the {{Window}} object, so shared workers
can only be created in this scope, which means that all owners will be {{Document}} objects.
</aside>
<aside class="note">
As there might be multiple observers, each with a different [=requested sampling rate=], the underlying
[=platform collector=] will need to use a [=sampling rate=] that fulfills all these requirements. This also
means that not every data sample from the [=platform collector=] needs to be delivered to each active
observer.
</aside>
</p>
The <dfn>passes rate test</dfn> steps given the argument |observer:PressureObserver|,
|source:PressureSource| and |timestamp:DOMHighResTimeStamp|, are as follows:
<ol>
Expand Down

0 comments on commit aac2c45

Please sign in to comment.