Can web apps leverage First Party Sets for their app scope?

[alancutter]

Web apps are sites that can be installed on a user's device appearing similar to a native app. As a safety mechanism the user the user agent shows warning UI when they navigate outside of the app's URL scope while in a web app window.

Example: Navigating to https://google.com in the Twitter web app.

Currently a web app's URL scope is tied to a single origin which is a problem for sites that span multiple origins. There is an existing effort to extend web app scopes multi origin via a scope_extensions manifest field.

Do you think First Party Sets could serve the web app multi origin scope use case and dedup much of this effort?

[krgovind]

Thanks for the idea, @alancutter. This sounds similar to the proposal in #46, could you confirm? If yes, may we continue the discussion on that issue?

[alancutter]

That's on a specific concern with integrating the two, I would like to get thoughts on the high level idea of whether they are overlapping.

My current read of it (in discussion with @mgiuca) is that First Party Sets is highly concerned about data sharing between origins because of the risk of internet wide user tracking. To mitigate this risk FPS is going to use a curated global list of internet properties to limit sets of origins from sprawling out of control.

For web app scope_extensions the multi origin associations will not facilitate data sharing and doesn't come with the same tracking risks, just different UX treatment. For this reason it is okay for scope_extensions to not use a centralised list and instead allow origins to mutually associated each other via web-app-origin-association.json files.

Does this high level take sound reasonable?