diff --git a/README.md b/README.md
index 25fbf60..4971850 100644
--- a/README.md
+++ b/README.md
@@ -303,6 +303,18 @@ Another way in which this API might enhance the web's fingerprinting surface is
Finally, we intend to prohibit (in the specification) any use of user-specific information in producing the results. For example, it would not be permissible to fine-tune the translation model based on information the user has entered into the browser in the past.
+### Permissions policy, iframes, and workers
+
+By default, these APIs are only available to top-level `Window`s, and to their same-origin iframes. Access to the APIs can be delegated to cross-origin iframes using the [Permissions Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/Permissions_Policy) `allow=""` attribute:
+
+```html
+
+```
+
+These APIs are currently not available in workers, due to the complexity of establishing a responsible document for each worker in order to check the permissions policy status. See [this discussion](https://github.com/webmachinelearning/translation-api/issues/18#issuecomment-2705630392) for more. It may be possible to loosen this restriction over time, if use cases arise.
+
+Note that although the APIs are not exposed to web platform workers, a browser could expose them to extension service workers, which are outside the scope of web platform specifications and have a different permissions model.
+
## Alternatives considered and under consideration
### Streaming input support
diff --git a/index.bs b/index.bs
index cd354e8..42ede48 100644
--- a/index.bs
+++ b/index.bs
@@ -41,7 +41,7 @@ For now, see the [explainer](https://github.com/webmachinelearning/translation-a
The translator API
<![CDATA[
-[Exposed=(Window,Worker), SecureContext]
+[Exposed=Window, SecureContext]
interface Translator {
static Promise<Translator> create(TranslatorCreateOptions options);
static Promise<Availability> availability(TranslatorCreateCoreOptions options);
@@ -86,7 +86,7 @@ dictionary TranslatorTranslateOptions {
<div algorithm>
The static <dfn method for="Translator">create(|options|)</dfn> method steps are:
- 1. Return the result of [=creating an AI model object=] given |options|, [=validate and canonicalize translator options=], [=compute translator options availability=], [=download the translation model=], [=initialize the translation model=], and [=create the translator object=].
+ 1. Return the result of [=creating an AI model object=] given |options|, "{{translator}}", [=validate and canonicalize translator options=], [=compute translator options availability=], [=download the translation model=], [=initialize the translation model=], and [=create the translator object=].
</div>
<div algorithm>
@@ -151,7 +151,7 @@ dictionary TranslatorTranslateOptions {
<div algorithm>
The static <dfn method for="Translator">availability(|options|)</dfn> method steps are:
- 1. Return the result of [=computing AI model availability=] given |options|, [=validate and canonicalize translator options=], and [=compute translator options availability=].
+ 1. Return the result of [=computing AI model availability=] given |options|, "{{translator}}", [=validate and canonicalize translator options=], and [=compute translator options availability=].
</div>
<div algorithm>
@@ -451,10 +451,14 @@ When translation fails, the following possible reasons may be surfaced to the we
<p class="note">This table does not give the complete list of exceptions that can be surfaced by the translator API. It only contains those which can come from certain [=implementation-defined=] steps.
+<h3 id="translator-permissions-policy">Permissions policy integration</h3>
+
+Access to the translator API is gated behind the [=policy-controlled feature=] "<dfn permission>translator</dfn>", which has a [=policy-controlled feature/default allowlist=] of <code>[=default allowlist/'self'=]</code>.
+
<h2 id="language-detector-api">The language detector API</h2>
<xmp class="idl">
-[Exposed=(Window,Worker), SecureContext]
+[Exposed=Window, SecureContext]
interface LanguageDetector {
Promise<LanguageDetector> create(
optional LanguageDetectorCreateOptions options = {}
@@ -502,7 +506,7 @@ dictionary LanguageDetectionResult {
<div algorithm>
The static <dfn method for="LanguageDetector">create(|options|)</dfn> method steps are:
- 1. Return the result of [=creating an AI model object=] given |options|, [=validate and canonicalize language detector options=], [=compute language detector options availability=], [=download the language detector model=], [=initialize the language detector model=], and [=create the language detector object=].
+ 1. Return the result of [=creating an AI model object=] given |options|, "{{language-detector}}", [=validate and canonicalize language detector options=], [=compute language detector options availability=], [=download the language detector model=], [=initialize the language detector model=], and [=create the language detector object=].
</div>
<div algorithm>
@@ -562,7 +566,7 @@ dictionary LanguageDetectionResult {
<div algorithm>
The static <dfn method for="LanguageDetector">availability(|options|)</dfn> method steps are:
- 1. Return the result of [=computing AI model availability=] given |options|, [=validate and canonicalize language detector options=], and [=compute language detector options availability=].
+ 1. Return the result of [=computing AI model availability=] given |options|, "{{language-detector}}", [=validate and canonicalize language detector options=], and [=compute language detector options availability=].
</div>
<!-- TODO: consider deduping this with writing assistance APIs, as it's very similar. (Not similar to translator though!) -->
@@ -784,3 +788,7 @@ When language detection fails, the following possible reasons may be surfaced to
</table>
<p class="note">This table does not give the complete list of exceptions that can be surfaced by the language detector API. It only contains those which can come from certain [=implementation-defined=] steps.
+
+<h3 id="language-detector-permissions-policy">Permissions policy integration</h3>
+
+Access to the language detector API is gated behind the [=policy-controlled feature=] "<dfn permission>language-detector</dfn>", which has a [=policy-controlled feature/default allowlist=] of <code>[=default allowlist/'self'=]</code>.
diff --git a/security-privacy-questionnaire.md b/security-privacy-questionnaire.md
index 6e99167..b12ab59 100644
--- a/security-privacy-questionnaire.md
+++ b/security-privacy-questionnaire.md
@@ -67,9 +67,9 @@ None.
> 13. How does this specification distinguish between behavior in first-party and
> third-party contexts?
-We are not yet sure. Our default course of action is to give the same capabilities to both first- and third-party contexts. It is easy to imagine use cases where this could be useful, e.g. a third party customer-support widget that provides translation functionality.
+We use permissions policy to disallow the usage of these features by default in third-party (cross-origin) contexts. However, the top-level site can delegate to cross-origin iframes.
-However, it seems likely that some of the mitigations for the [anti-fingerprinting considerations](./README.md#privacy-considerations) will require some sort of distinction between first- and third-party contexts. For example, partitioning download status, or only using the top-level site's detected language, or similar.
+It's also possible that the [anti-fingerprinting considerations](./README.md#privacy-considerations) will require some sort of distinction between first- and third-party contexts. For example, partitioning download status, or only using the top-level site's detected language, or similar.
> 14. How do the features in this specification work in the context of a browser’s
> Private Browsing or Incognito mode?
]]>