Charlie Harrison

> I don't think the compat label is required here, as this is something we can easily change after shipping, and have no reason to believe would result in site...

Just to clarify (based on feedback from the 3/6 meeting), the cookie requirement we have on the API right now is intentional to ensure that the debug reports are not...

We have https://github.com/patcg/docs-and-reports/blob/main/design-dimensions/README.md but it is really high level i.e. it does not discuss at all things like API surface details, etc it focuses more on "design dimensions" / architectural...

Hey @logicad we are thinking of changing the event-report-window minimum to be 1 hour. I think that should fix this issue, is that right? https://github.com/WICG/attribution-reporting-api/pull/865

> with (a) I am not sure if it is true that default * requires all frames to opt-out if they don't want children to use the API. My understanding...

@jfggit yes that's my understanding (I agree it is kind of confusing). My guess is that most of the docs you read were implicitly assuming a default value of `"self"`,...

@jfggit I understand it is a large migration from the status-quo to use `allow-recursive`, but in the steady state I think most SSPs will be familiar with the API and...

> I am not sure this is correct. I believe, with default as '*', permissions-policy: attribution-reporting=() is sufficient to disable the feature for all nested frames. I made an example...

@jfggit that's true. I wonder @clelland if permissions policy ever considered making the top level headers "automatically" set the `allow` bits on iframes from an ergonomics POV?

> my biggest concern here is that an allow-recursive as described essentially silently changes the default allowlist to * at a point in the frame tree Any thoughts on how...