Rely upon FedCM as a trust signal for storage access, rather than modifying requestStorageAccess

[bvandersloot-mozilla]

No description provided.

[bvandersloot-mozilla]

Actually, I don't think the connected accounts set makes sense as a trust signal for this Credential, since it can be stored and collected. This permits finer control over where storage access can be granted.

The key thing I think should be preserved here is whether or not the domain is preventing silent access. If a site goes out of its way to call navigator.credentials.preventSilentAccess(), then we shouldn't be using things from the credential store without a dialog.

We could add that as a constraint to the proposal from Google: https://github.com/explainers-by-googlers/storage-access-for-fedcm

or we could match that explainer to this syntax.

@johannhof - this was really your issue - thoughts?

[johannhof]

That makes sense to me, I think. I filed the issue above to track this.

[bvandersloot-mozilla]

I think this is resolved, but leaving open until we discuss in the CG.