Shivani Sharma

> > It's only to transistion from no-cookie to the unpartitioned cookie. Network cache and service worker are good points. I don't see how they can be used for exfiltration...

> I'm curious if perhaps an additional cookie attribute (or a variant of `SameSite` attribute) could help. So `paymentmethod.com` in a 1P context could return a response with `Set-Cookie: ...;...

cc @igrigorik

@madmath Thanks for the response! > The issue I was raising before is that your State One has no cookie access for the resource fetch, so `HttpOnly` cookie set in...

> I think there's still a bit of drift in what we're saying. I would want the PII to only be made available in the fenced frame, and not available...

Another question... > > I'm using the term "bundle" as either cookie, service worker "offline" cache, web bundle, ... > Is having the user's data as well as the html...

more than cached network requests I meant the document and subresources would be part of a web bundle and that web bundle can be refreshed e.g. when the user visits...

@igrigorik @madmath I wanted to clarify the behavior that a fenced-frames based button would have on user click. To reiterate, for privacy, no information from the cookie can flow out...

Hey all, In terms of an update: Now that the fenced frames initial mode (supporting Protected Audience and Shared Storage) is getting ready to ship [(Intent to ship)](https://groups.google.com/a/chromium.org/g/blink-dev/c/tpw8wW0VenQ), the team...

> Is the thinking that this overlay would be somehow in-built in this feature? I'm trying to wrap my head around how the unrestricted Shared Storage data is caged in...