From b164fdda54c1289488b47a46136e6214f2fb221d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E2=80=9Cjalonthomas=E2=80=9D?= <jalonthomas@google.com>
Date: Tue, 12 Aug 2025 14:09:46 -0400
Subject: [PATCH 1/4] Add embedding origin to set permission command

---
 index.html | 20 +++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

diff --git a/index.html b/index.html
index ae14061..b945713 100644
--- a/index.html
+++ b/index.html
@@ -1235,15 +1235,21 @@ <h2 id="automation">
         <p>
           To <dfn data-for="WebDriver">set a permission</dfn> given a {{PermissionDescriptor}}
           |descriptor:PermissionDescriptor|, a {{PermissionState}} |state:PermissionState|, an
-          optional |origin|, and an optional |user agent|:
+          optional |origin|, an optional |embedding origin|, and an optional |user agent|:
         </p>
         <ol>
           <li>Let |target origin| be [=current settings object=]'s [=environment settings
           object/origin=] if |origin| is null, or |origin| otherwise.
           </li>
+          <li>Let |target embedding origin| be |target origin| if |embedding origin| is null, 
+          or |embedding origin| otherwise.
+          </li>
           <li>Let |targets| be a <a>list</a> containing all [=environment settings objects=] whose
-          [=environment settings object/origin=] is [=same origin=] with |target origin|, and which
-          belong to the |user agent| if provided, or all user agents otherwise.
+          [=environment settings object/origin=] is [=same origin=] with |target origin| and whose
+          [=environment/top-level origin=] is [=same origin=] with |target embedding origin|.
+          </li>
+          <li> If |user agent| is provided, filter |targets| to include only those that belong to
+          the provided |user agent|.
           </li>
           <li>Let |tasks| be an empty <a>list</a>.
           </li>
@@ -1437,6 +1443,7 @@ <h6 id="webdriver-bidi-command-permissions-setPermission">
                       descriptor: permissions.PermissionDescriptor,
                       state: permissions.PermissionState,
                       origin: text,
+                      ? embeddingOrigin: text,
                       ? userContext: text,
                     }
                   </pre>
@@ -1476,11 +1483,14 @@ <h6 id="webdriver-bidi-command-permissions-setPermission">
                   </li>
                   <li>Let |origin| be the value of the `origin` field of |command parameters|.
                   </li>
+                  <li>Let |embedding origin| be the value of the `embeddingOrigin` field of
+                  |command parameters|, if present, and `default` otherwise.
+                  </li>
                   <li>Let |user agent| be the [=user agent=] that represents the [=user context=]
                   with the id |user context id|.
                   </li>
-                  <li>[=Set a permission=] with |typedDescriptor|, |state|, |origin|, and |user
-                  agent|.
+                  <li>[=Set a permission=] with |typedDescriptor|, |state|, |origin|, |embedding
+                  origin|, and |user agent|.
                   </li>
                   <li>Return [=success=] with data `null`.
                   </li>

From bad0c1a726cbc7e34fd48187376447ddb9a58f58 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E2=80=9Cjalonthomas=E2=80=9D?= <jalonthomas@google.com>
Date: Thu, 14 Aug 2025 10:52:12 -0400
Subject: [PATCH 2/4] Change the key generation algorithm to use an origin and
 top level origin instead of an ESO

---
 index.html | 53 +++++++++++++++++++++++++++++++++++------------------
 1 file changed, 35 insertions(+), 18 deletions(-)

diff --git a/index.html b/index.html
index b945713..2322764 100644
--- a/index.html
+++ b/index.html
@@ -630,7 +630,7 @@ <h2>
         </dt>
         <dd>
           <p>
-            Takes an [=environment settings object=], and returns a new [=permission key=]. If
+            Takes an |origin| and a |top level origin|, and returns a new [=permission key=]. If
             unspecified, this defaults to the [=default permission key generation algorithm=]. A
             feature that specifies a custom [=powerful feature/permission key generation
             algorithm=] MUST also specify a [=powerful feature/permission key comparison
@@ -639,10 +639,10 @@ <h2>
           <div class="algorithm">
             <p>
               The <dfn class="export">default permission key generation algorithm</dfn>, given an
-              [=environment settings object=] |settings|, runs the following steps:
+              |origin| and a |top level origin|, runs the following steps:
             </p>
             <ol>
-              <li>Return |settings|'s [=environment/top-level origin=].
+              <li>Return |top level origin|.
               </li>
             </ol>
           </div>
@@ -805,7 +805,8 @@ <h3 id="reading-current-states">
               </ol>
             </li>
             <li>Let |key| be the result of [=powerful feature/permission key generation
-            algorithm|generating a permission key=] for |descriptor| with |settings|.
+            algorithm|generating a permission key=] with |settings|'s [=origin=] and |settings|'s
+            [=environment/top-level origin=].
             </li>
             <li>Let |entry| be the result of [=get a permission store entry|getting a permission
             store entry=] with |descriptor| and |key|.
@@ -855,8 +856,11 @@ <h3 id="requesting-more-permission">
                 this framework.
               </p>
             </li>
+            <li>Let |settings| be the [=current settings object=].
+            </li>
             <li>Let |key| be the result of [=powerful feature/permission key generation
-            algorithm|generating a permission key=] with the [=current settings object=].
+            algorithm|generating a permission key=] with |settings|'s [=origin=] and
+            |settings|'s [=environment/top-level origin=].
             </li>
             <li>[=Queue a task=] on the [=current settings object=]'s [=environment settings
             object/responsible event loop=] to [=set a permission store entry=] with |descriptor|,
@@ -1235,21 +1239,31 @@ <h2 id="automation">
         <p>
           To <dfn data-for="WebDriver">set a permission</dfn> given a {{PermissionDescriptor}}
           |descriptor:PermissionDescriptor|, a {{PermissionState}} |state:PermissionState|, an
-          optional |origin|, an optional |embedding origin|, and an optional |user agent|:
+          optional [=permission key=] |key|, and an optional |user agent|:
         </p>
         <ol>
-          <li>Let |target origin| be [=current settings object=]'s [=environment settings
-          object/origin=] if |origin| is null, or |origin| otherwise.
+          <li>Let |target key| be the result of [=powerful feature/permission key generation
+          algorithm|generating a permission key=] with [=current settings object=]'s [=environment
+          settings object/origin=] and [=current settings object=]'s [=environment/top-level
+          origin=] if |key| is null, or |key| otherwise.
           </li>
-          <li>Let |target embedding origin| be |target origin| if |embedding origin| is null, 
-          or |embedding origin| otherwise.
+          <li>Let |settings list| be a <a>list</a> containing all [=environment settings objects=]
+          which belong to the |user agent| if provided, or all user agents otherwise.
           </li>
-          <li>Let |targets| be a <a>list</a> containing all [=environment settings objects=] whose
-          [=environment settings object/origin=] is [=same origin=] with |target origin| and whose
-          [=environment/top-level origin=] is [=same origin=] with |target embedding origin|.
+          <li>Let |targets| be an empty <a>list</a>.
+          </li>
+          <li>For each [=environment settings object=] |settings| in |settings list|:
+            <ol>
+              <li>Let |settings key| be be the result of [=powerful feature/permission key generation
+              algorithm|generating a permission key=] with |settings|'s [=origin=] and |settings|'s
+              [=environment/top-level origin=].
+              </li>
+              <li>[=list/Append=] |settings| to |targets| if |settings key| matches
+              |target key| according to the [=powerful feature/permission key comparison
+              algorithm=].
+              </li>
+            </ol>
           </li>
-          <li> If |user agent| is provided, filter |targets| to include only those that belong to
-          the provided |user agent|.
           </li>
           <li>Let |tasks| be an empty <a>list</a>.
           </li>
@@ -1484,13 +1498,16 @@ <h6 id="webdriver-bidi-command-permissions-setPermission">
                   <li>Let |origin| be the value of the `origin` field of |command parameters|.
                   </li>
                   <li>Let |embedding origin| be the value of the `embeddingOrigin` field of
-                  |command parameters|, if present, and `default` otherwise.
+                  |command parameters|, if present, and |origin| otherwise.
+                  </li>
+                  <li>Let |key| be the result of [=powerful feature/permission key generation
+                  algorithm|generating a permission key=] with |origin| and |embedding origin|.
                   </li>
                   <li>Let |user agent| be the [=user agent=] that represents the [=user context=]
                   with the id |user context id|.
                   </li>
-                  <li>[=Set a permission=] with |typedDescriptor|, |state|, |origin|, |embedding
-                  origin|, and |user agent|.
+                  <li>[=Set a permission=] with |typedDescriptor|, |state|, |key|, and |user
+                  agent|.
                   </li>
                   <li>Return [=success=] with data `null`.
                   </li>

From 957021bcf4f0f5f509b54b2f5cc6196bf04ceaf4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E2=80=9Cjalonthomas=E2=80=9D?= <jalonthomas@google.com>
Date: Thu, 14 Aug 2025 15:55:18 -0400
Subject: [PATCH 3/4] Use topLevelOrigin, add descriptor to key generation, and
 use the ESO origin link

---
 index.html | 49 ++++++++++++++++++++++++++-----------------------
 1 file changed, 26 insertions(+), 23 deletions(-)

diff --git a/index.html b/index.html
index 2322764..9455600 100644
--- a/index.html
+++ b/index.html
@@ -630,16 +630,16 @@ <h2>
         </dt>
         <dd>
           <p>
-            Takes an |origin| and a |top level origin|, and returns a new [=permission key=]. If
-            unspecified, this defaults to the [=default permission key generation algorithm=]. A
-            feature that specifies a custom [=powerful feature/permission key generation
-            algorithm=] MUST also specify a [=powerful feature/permission key comparison
-            algorithm=].
+            Takes an [=origin=] |origin| and an [=origin=] |top level origin|, and returns a new
+            [=permission key=]. If unspecified, this defaults to the [=default permission key
+            generation algorithm=]. A feature that specifies a custom [=powerful feature/permission
+            key generation algorithm=] MUST also specify a [=powerful feature/permission key
+            comparison algorithm=].
           </p>
           <div class="algorithm">
             <p>
               The <dfn class="export">default permission key generation algorithm</dfn>, given an
-              |origin| and a |top level origin|, runs the following steps:
+               [=origin=] |origin| and an [=origin=] |top level origin|, runs the following steps:
             </p>
             <ol>
               <li>Return |top level origin|.
@@ -805,7 +805,8 @@ <h3 id="reading-current-states">
               </ol>
             </li>
             <li>Let |key| be the result of [=powerful feature/permission key generation
-            algorithm|generating a permission key=] with |settings|'s [=origin=] and |settings|'s
+            algorithm|generating a permission key=] for |descriptor| with |settings|'s
+            [=environment settings object/origin=] and |settings|'s
             [=environment/top-level origin=].
             </li>
             <li>Let |entry| be the result of [=get a permission store entry|getting a permission
@@ -859,8 +860,9 @@ <h3 id="requesting-more-permission">
             <li>Let |settings| be the [=current settings object=].
             </li>
             <li>Let |key| be the result of [=powerful feature/permission key generation
-            algorithm|generating a permission key=] with |settings|'s [=origin=] and
-            |settings|'s [=environment/top-level origin=].
+            algorithm|generating a permission key=] for |descriptor| with |settings|'s
+            [=environment settings object/origin=] and |settings|'s [=environment/top-level
+            origin=].
             </li>
             <li>[=Queue a task=] on the [=current settings object=]'s [=environment settings
             object/responsible event loop=] to [=set a permission store entry=] with |descriptor|,
@@ -1243,31 +1245,31 @@ <h2 id="automation">
         </p>
         <ol>
           <li>Let |target key| be the result of [=powerful feature/permission key generation
-          algorithm|generating a permission key=] with [=current settings object=]'s [=environment
-          settings object/origin=] and [=current settings object=]'s [=environment/top-level
-          origin=] if |key| is null, or |key| otherwise.
+          algorithm|generating a permission key=] for |descriptor| with [=current settings
+          object=]'s [=environment settings object/origin=] and [=current settings object=]'s
+          [=environment/top-level origin=] if |key| is null, or |key| otherwise.
           </li>
           <li>Let |settings list| be a <a>list</a> containing all [=environment settings objects=]
           which belong to the |user agent| if provided, or all user agents otherwise.
           </li>
           <li>Let |targets| be an empty <a>list</a>.
           </li>
-          <li>For each [=environment settings object=] |settings| in |settings list|:
+          <li>[=list/For each=] [=environment settings object=] |settings| in |settings list|:
             <ol>
-              <li>Let |settings key| be be the result of [=powerful feature/permission key generation
-              algorithm|generating a permission key=] with |settings|'s [=origin=] and |settings|'s
-              [=environment/top-level origin=].
+              <li>Let |settings key| be be the result of [=powerful feature/permission key
+              generation algorithm|generating a permission key=] for |descriptor| with |settings|'s
+              [=origin=] and |settings|'s [=environment/top-level origin=].
               </li>
-              <li>[=list/Append=] |settings| to |targets| if |settings key| matches
-              |target key| according to the [=powerful feature/permission key comparison
-              algorithm=].
+              <li>Let |matches| be the result of running the [=powerful feature/permission key
+              comparison algorithm=] for |descriptor|, given |settings key| and |key|.
               </li>
+              <li>If |matches|, then [=list/append=] |settings| to |targets|.
             </ol>
           </li>
           </li>
           <li>Let |tasks| be an empty <a>list</a>.
           </li>
-          <li>For each [=environment settings object=] |target| in |targets|:
+          <li>[=list/For each=] [=environment settings object=] |target| in |targets|:
             <ol>
               <li>[=Queue a task=] |task| on the [=permissions task source=] of |target|'s
               [=relevant settings object=]'s [=environment settings object/global object=]'s
@@ -1457,7 +1459,7 @@ <h6 id="webdriver-bidi-command-permissions-setPermission">
                       descriptor: permissions.PermissionDescriptor,
                       state: permissions.PermissionState,
                       origin: text,
-                      ? embeddingOrigin: text,
+                      ? topLevelOrigin: text,
                       ? userContext: text,
                     }
                   </pre>
@@ -1497,11 +1499,12 @@ <h6 id="webdriver-bidi-command-permissions-setPermission">
                   </li>
                   <li>Let |origin| be the value of the `origin` field of |command parameters|.
                   </li>
-                  <li>Let |embedding origin| be the value of the `embeddingOrigin` field of
+                  <li>Let |top level origin| be the value of the `topLevelOrigin` field of
                   |command parameters|, if present, and |origin| otherwise.
                   </li>
                   <li>Let |key| be the result of [=powerful feature/permission key generation
-                  algorithm|generating a permission key=] with |origin| and |embedding origin|.
+                  algorithm|generating a permission key=] for |descriptor| with |origin| and
+                  |top level origin|.
                   </li>
                   <li>Let |user agent| be the [=user agent=] that represents the [=user context=]
                   with the id |user context id|.

From 48416938dcc56c99f8e09a2c668334ec16738742 Mon Sep 17 00:00:00 2001
From: jalonthomas <64996364+jalonthomas@users.noreply.github.com>
Date: Fri, 15 Aug 2025 09:44:52 -0400
Subject: [PATCH 4/4] Update index.html

Co-authored-by: Chris Fredrickson <cfredric@users.noreply.github.com>
---
 index.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/index.html b/index.html
index 9455600..ef0c27d 100644
--- a/index.html
+++ b/index.html
@@ -1258,7 +1258,7 @@ <h2 id="automation">
             <ol>
               <li>Let |settings key| be be the result of [=powerful feature/permission key
               generation algorithm|generating a permission key=] for |descriptor| with |settings|'s
-              [=origin=] and |settings|'s [=environment/top-level origin=].
+              [=environment settings object/origin=] and |settings|'s [=environment/top-level origin=].
               </li>
               <li>Let |matches| be the result of running the [=powerful feature/permission key
               comparison algorithm=] for |descriptor|, given |settings key| and |key|.