Who is assumed to have access to first and delegated party assets?

[eriktaubeneck]

I know that this is unchanged, but I'm going to open an issue about this one. I find this a little unclear as presented here.

Is this all first and third parties? I think that - for threat model purposes - we might assume that this is indeed all information from all sites, but that might be a little over-broad.

Also, I'd like to see us talk about sites rather than parties. Even if we need to acknowledge that apps are not web sites, they should follow roughly similar rules when it comes to their composition.

Originally posted by @martinthomson in #14 (comment)

[eriktaubeneck]

I certainly agree there is some work to do here. I think the idea was that we want to assume that an attacker might not only control some number of helper parties, but also a first or third party (this should also now be delegated party...). From there, we basically assume that the helper party could also have the first/delegated party assets. But, yes, a new issue for this would be great. I would love to get more input here.

I'm unopinionated on party vs site (though maybe we want to use site/app to be explicit.) I'll open a PR with that swap and try to get some input.

Originally posted by @eriktaubeneck in #14 (comment).