I'd like to ask WebKit leads for their stance on the Permissions-Policy header (https://www.chromestatus.com/feature/5745992911552512)

Permissions Policy is the new (since https://github.com/w3c/webappsec-permissions-policy/issues/359) name for Feature Policy, and the Permissions-Policy header is part of that spec.

WebKit has supported Feature Policy through the <iframe allow> attribute for some time, and the header has been designed to augment that functionality, by allowing sites to control which origins should never be granted use of powerful features. (Previously, the Feature-Policy header could be used to implicitly *grant* that delegation, rather than blocking it; that has been changed in response to developer feedback)

I'm happy to discuss this in any forum, if folks have questions.

Thanks!

Ian

Other references:

 Spec: https://w3c.github.io/webappsec-permissions-policy/

 Tag review: https://github.com/w3ctag/design-reviews/issues/341

 Original intent to prototype in Blink: https://groups.google.com/a/chromium.org/d/msg/blink-dev/As1ABvc2QdA/yZSpPXY4CAAJ