Use SecureContext attribute for IDL of Credential Mgmt API

Use SecureContext attribute for IDL of Credential Mgmt API

This reflects the change to the Credential Management API here
https://github.com/w3c/webappsec-credential-management/pull/55/files/a58d0ba3a4a53c53fa1f469fd8ebab5afc18e355

BUG=400674

[battre, 2017-01-16 18:02:50]

The CQ bit was checked by battre@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2017-01-16 18:03:01]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[battre, 2017-01-16 18:05:34]

The CQ bit was checked by battre@chromium.org to run a CQ dry run

[battre, 2017-01-16 18:05:47]

battre@chromium.org changed reviewers:
+ mkwst@chromium.org

[battre, 2017-01-16 18:05:48]

Hi Mike,

could you please take a look at this CL?

I tried checking that 
new PasswordCredential({
    id: 'id',
    password: 'pencil',
    name: 'name',
    iconURL: 'https://example.com/icon.png'
});
throws an exception when called in an insecure context but that is not
happening. Any idea why?

[commit-bot: I haz the power, 2017-01-16 18:05:51]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2017-01-16 19:30:02]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2017-01-16 19:30:03]

Dry run: This issue passed the CQ dry run.

[battre, 2017-01-23 09:35:30]

Friendly ping @mkwst. Could you please take a look? Thanks.

[battre, 2017-01-23 10:35:27]

battre@chromium.org changed reviewers:
+ peria@chromium.org

[battre, 2017-01-23 10:35:28]

+peria to comment on my question here
https://codereview.chromium.org/2634923003/#msg5

[peria, 2017-01-23 10:46:30]

peria@chromium.org changed reviewers:
+ yukishiino@chromium.org

[peria, 2017-01-23 10:46:31]

I'm sorry, I'm not an expert of SecureContext's behavior.
Yuki (+ in R) may have some idea.

[Yuki, 2017-01-24 14:19:41]

As far as I checked, [SecureContext] is not correctly implemented for
interfaces.  Interfaces are exposed regardless of [SecureContext].

mkwst@ is the implementor of [SecureContext].  I think it's best to consult with
them.

[Mike West, 2017-01-25 10:54:53]

1. I think this is a good change, but as it alters the web-visible effects of
APIs, it will need to go through the process defined at
https://www.chromium.org/blink/launching-features. It's tiny, so "Intent to
Implement and Ship" is probably the right approach.

2. I stopped working on `[SecureContext]` because esprehn@ had concerns about
the performance impact of `[OriginTrial]`, which the implementation was closely
following. yukishiino@, do you know whether those concerns been resolved? If so,
I can take another look at this attribute's implementation.

On 2017/01/24 at 14:19:41, yukishiino wrote:
> As far as I checked, [SecureContext] is not correctly implemented for
interfaces.  Interfaces are exposed regardless of [SecureContext].
> 
> mkwst@ is the implementor of [SecureContext].  I think it's best to consult
with them.

[Yuki, 2017-01-26 06:23:19]

Description was changed from

==========
Use SecureContext attribute for IDL of Credential Mgmt API

This reflects the change to the Credential Management API here
https://github.com/w3c/webappsec-credential-management/pull/55/files/a58d0ba3...

BUG=400674
==========

to

==========
Use SecureContext attribute for IDL of Credential Mgmt API

This reflects the change to the Credential Management API here
https://github.com/w3c/webappsec-credential-management/pull/55/files/a58d0ba3...

BUG=400674
==========

[Yuki, 2017-01-26 06:25:47]

On 2017/01/25 10:54:53, Mike West (sloooooow) wrote:
> 2. I stopped working on `[SecureContext]` because esprehn@ had concerns about
> the performance impact of `[OriginTrial]`, which the implementation was
closely
> following. yukishiino@, do you know whether those concerns been resolved? If
so,
> I can take another look at this attribute's implementation.

I didn't know (or remember) the concern on the performance, including if it's
resolved or not.  +cc: iclelland@ who is actively working on [OriginTrial].  I
guess it's okay now?

[iclelland, 2017-01-26 13:54:07]

On 2017/01/26 06:25:47, Yuki wrote:
> On 2017/01/25 10:54:53, Mike West (sloooooow) wrote:
> > 2. I stopped working on `[SecureContext]` because esprehn@ had concerns
about
> > the performance impact of `[OriginTrial]`, which the implementation was
> closely
> > following. yukishiino@, do you know whether those concerns been resolved? If
> so,
> > I can take another look at this attribute's implementation.
> 
> I didn't know (or remember) the concern on the performance, including if it's
> resolved or not.  +cc: iclelland@ who is actively working on [OriginTrial].  I
> guess it's okay now?

[OriginTrial] is much more performant now -- there is still a small bit of
overhead to attach properties to objects, but I don't think it's much more than
just installing them unconditionally.

The key thing is that we now do it when the prototype for the object is first
accessed, by hooking into constructorForType, rather than eagerly instantiating
things like Navigator on context creation.