Georg Koppen:
Hi all!
Below is the updated version taking the feedback I got so far into account. If you think it did not address the points you brought up, please say so (and do so as well in case new issues popped up since the first draft got sent).
We had quite some discussion about doing First Party Isolation (FPI) on top of the security slider. I think that idea is sufficiently complex that it merits an own proposal, especially as I still don't see how we can get it right. See bug 21034 for the context where at least one example is shown that the security provided by the slider gets actually worse with FPI. So, we seem to be in a situation that FPI both enhances and decreases the security benefits promised by the slider depending on the context and on users expectations which seems tricky to resolve.
After rethinking my example in #21034 I think I am not really convinced that it is a good one for showing that FPI makes things worse. Additionally, it seems to me the discussion we had so far about FPI for security settings seems to have shifted from having '"Safe", "Safer", and "Safest"'-per site (as in the bug) to "exceptions to Safer and Safest"-per site. That might be a useful distinction for the discussion of the slider and FPI.
Georg