Add permissions policies and remove worker support

README.md

@@ -303,6 +303,18 @@ Another way in which this API might enhance the web's fingerprinting surface is
 
 Finally, we intend to prohibit (in the specification) any use of user-specific information in producing the results. For example, it would not be permissible to fine-tune the translation model based on information the user has entered into the browser in the past.
 
+### Permissions policy, iframes, and workers
+
+By default, these APIs are only available to top-level `Window`s, and to their same-origin iframes. Access to the APIs can be delegated to cross-origin iframes using the [Permissions Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/Permissions_Policy) `allow=""` attribute:
+
+```html
+<iframe src="https://example.com/" allow="translator language-detector"></iframe>
+```
+
+These APIs are currently not available in workers, due to the complexity of establishing a responsible document for each worker in order to check the permissions policy status. See [this discussion](https://github.com/webmachinelearning/translation-api/issues/18#issuecomment-2705630392) for more. It may be possible to loosen this restriction over time, if use cases arise.
+
+Note that although the APIs are not exposed to web platform workers, a browser could expose them to extension service workers, which are outside the scope of web platform specifications and have a different permissions model.
+
 ## Alternatives considered and under consideration
 
 ### Streaming input support

index.bs

@@ -41,7 +41,7 @@ For now, see the [explainer](https://github.com/webmachinelearning/translation-a
 <h2 id="translator-api">The translator API</h2>
 
 <xmp class="idl">
-[Exposed=(Window,Worker), SecureContext]
+[Exposed=Window, SecureContext]
 interface Translator {
   static Promise<Translator> create(TranslatorCreateOptions options);
   static Promise<Availability> availability(TranslatorCreateCoreOptions options);
@@ -86,7 +86,7 @@ dictionary TranslatorTranslateOptions {
 <div algorithm>
   The static <dfn method for="Translator">create(|options|)</dfn> method steps are:
 
-  1. Return the result of [=creating an AI model object=] given |options|, [=validate and canonicalize translator options=], [=compute translator options availability=], [=download the translation model=], [=initialize the translation model=], and [=create the translator object=].
+  1. Return the result of [=creating an AI model object=] given |options|, "{{translator}}", [=validate and canonicalize translator options=], [=compute translator options availability=], [=download the translation model=], [=initialize the translation model=], and [=create the translator object=].
 </div>
 
 <div algorithm>
@@ -151,7 +151,7 @@ dictionary TranslatorTranslateOptions {
 <div algorithm>
   The static <dfn method for="Translator">availability(|options|)</dfn> method steps are:
 
-  1. Return the result of [=computing AI model availability=] given |options|, [=validate and canonicalize translator options=], and [=compute translator options availability=].
+  1. Return the result of [=computing AI model availability=] given |options|, "{{translator}}", [=validate and canonicalize translator options=], and [=compute translator options availability=].
 </div>
 
 <div algorithm>
@@ -451,10 +451,14 @@ When translation fails, the following possible reasons may be surfaced to the we
 
 <p class="note">This table does not give the complete list of exceptions that can be surfaced by the translator API. It only contains those which can come from certain [=implementation-defined=] steps.
 
+<h3 id="translator-permissions-policy">Permissions policy integration</h3>
+
+Access to the translator API is gated behind the [=policy-controlled feature=] "<dfn permission>translator</dfn>", which has a [=policy-controlled feature/default allowlist=] of <code>[=default allowlist/'self'=]</code>.
+
 <h2 id="language-detector-api">The language detector API</h2>
 
 <xmp class="idl">
-[Exposed=(Window,Worker), SecureContext]
+[Exposed=Window, SecureContext]
 interface LanguageDetector {
   Promise<LanguageDetector> create(
     optional LanguageDetectorCreateOptions options = {}
@@ -502,7 +506,7 @@ dictionary LanguageDetectionResult {
 <div algorithm>
   The static <dfn method for="LanguageDetector">create(|options|)</dfn> method steps are:
 
-  1. Return the result of [=creating an AI model object=] given |options|, [=validate and canonicalize language detector options=], [=compute language detector options availability=], [=download the language detector model=], [=initialize the language detector model=], and [=create the language detector object=].
+  1. Return the result of [=creating an AI model object=] given |options|, "{{language-detector}}", [=validate and canonicalize language detector options=], [=compute language detector options availability=], [=download the language detector model=], [=initialize the language detector model=], and [=create the language detector object=].
 </div>
 
 <div algorithm>
@@ -562,7 +566,7 @@ dictionary LanguageDetectionResult {
 <div algorithm>
   The static <dfn method for="LanguageDetector">availability(|options|)</dfn> method steps are:
 
-  1. Return the result of [=computing AI model availability=] given |options|, [=validate and canonicalize language detector options=], and [=compute language detector options availability=].
+  1. Return the result of [=computing AI model availability=] given |options|, "{{language-detector}}", [=validate and canonicalize language detector options=], and [=compute language detector options availability=].
 </div>
 
 <!-- TODO: consider deduping this with writing assistance APIs, as it's very similar. (Not similar to translator though!) -->
@@ -784,3 +788,7 @@ When language detection fails, the following possible reasons may be surfaced to
 </table>
 
 <p class="note">This table does not give the complete list of exceptions that can be surfaced by the language detector API. It only contains those which can come from certain [=implementation-defined=] steps.
+
+<h3 id="language-detector-permissions-policy">Permissions policy integration</h3>
+
+Access to the language detector API is gated behind the [=policy-controlled feature=] "<dfn permission>language-detector</dfn>", which has a [=policy-controlled feature/default allowlist=] of <code>[=default allowlist/'self'=]</code>.

security-privacy-questionnaire.md

@@ -67,9 +67,9 @@ None.
 > 13.  How does this specification distinguish between behavior in first-party and
 >      third-party contexts?
 
-We are not yet sure. Our default course of action is to give the same capabilities to both first- and third-party contexts. It is easy to imagine use cases where this could be useful, e.g. a third party customer-support widget that provides translation functionality.
+We use permissions policy to disallow the usage of these features by default in third-party (cross-origin) contexts. However, the top-level site can delegate to cross-origin iframes.
 
-However, it seems likely that some of the mitigations for the [anti-fingerprinting considerations](./README.md#privacy-considerations) will require some sort of distinction between first- and third-party contexts. For example, partitioning download status, or only using the top-level site's detected language, or similar.
+It's also possible that the [anti-fingerprinting considerations](./README.md#privacy-considerations) will require some sort of distinction between first- and third-party contexts. For example, partitioning download status, or only using the top-level site's detected language, or similar.
 
 > 14.  How do the features in this specification work in the context of a browser’s
 >      Private Browsing or Incognito mode?