[SearchProviders] Add Explainer for setting recommended DSE API

SearchProviders/explainer.md

@@ -0,0 +1,68 @@
+# Search Providers --- Reset Search Provier to brand's recommended.
+
+## Authors:
+
+- [Wei Gu](mailto:[email protected])
+
+## Status of this Document
+
+This document is a starting point for engaging the community and standards
+bodies in developing collaborative solutions fit for the Web. As the solutions
+to problems described in this document progress along the standards-track, we
+will retain this document as an archive and use this section to keep the
+community up-to-date with the most current standards venue and content location
+of future work and discussions.
+
+* This document status: **Active**
+* Expected venue: [W3C Web Incubator Community Group](https://wicg.io/)
+* **Current version: this document**
+
+## Introduction
+
+Browsers have a list of search providers and each browser brand implementation has a recommended search provider. This proposal aims to standardize the API that could be leveraged by webpages to detect whether current default search provider is the brand recommended search provider and reset the current default search provider to brand's recommended one.
+
+## Goals
+
+The goals of the API are:
+
+- Provide an API to detect whether current search provider is brand's recommended search provier.
+- Provide an API to reset current search provider to brand's recommended search provier.
+
+## Non-Goals
+
+The API is not intended to be used for:
+
+- Add new search provider.
+- Update a search provider.
+- Delete a search provider.
+
+## Use Cases
+
+The feature is intended to be used by any web page that wants to restore the current default search provider to brand's recommended search provider. Here is scenario in which this can be useful to users: **Microsoft Edge** as example
+
+- User opens a web page (Bing SERP).
+- JaveScript calls the API to detect whether current default search provider is **Microsoft** recommended search provider.
+- Page popups UI for user to reset the current default search provider to **Microsoft** recommended search provider.
+>>![scenario](scenario.gif)
+
+## Proposed Solution
+
+### Detect whether current search provider is brand's recommended.
+
+```js
+chrome.searchProviders.isRecommendedDSE((success: boolean) => void);
+```
+> #### NOTE
+> This API will return **true** if a search provider is already the brand's recommended one, otherwise **false**.
+
+### Reset current search provider to brand's recommended.
+
+```js
+chrome.searchProviders.resetToRecommendedDSE((success: boolean) => void)
+```
+> #### NOTE
+> This API will return **true** if a search provider is set to the recommended one, otherwise **false**.
+
+## Security and Privacy Considerations
+
+Please refer [security-privacy](./security-privacy.md)

SearchProviders/security-privacy.md

@@ -0,0 +1,79 @@
+# Early Self-Review Questionnaire: Security and Privacy
+
+## Security and Privacy questionnaire for [explainer](explainer.md)
+
+1. **What information might this feature expose to Web sites or other parties, and for what purposes is that exposure necessary?**
+
+    This feature exposes information to the origins if the web site from a search provider.
+
+    Note: the default implementation will only expose to Bing.com origin.
+
+2. **Do features in your specification expose the minimum amount of information necessary to enable their intended uses?**
+
+    Yes.
+
+3. **How do the features in your specification deal with personal information, personally-identifiable information (PII), or information derived from them?**
+
+    There is no information of this type being handled by the feature.
+
+4. **How do the features in your specification deal with sensitive information?**
+
+    There is no sensitive information handled by the feature. 
+
+5. **Do the features in your specification introduce new state for an origin that persists across browsing sessions?**
+
+    No, this feature does not introduce new states tied to an origin.
+
+6. **Do the features in your specification expose information about the underlying platform to origins?**
+
+    This feature exposes information to the origins if the web site from a search provider.
+
+    Note: the default implementation will only expose to Bing.com origin.
+
+7. **Does this specification allow an origin to send data to the underlying platform?**
+
+    No.
+
+8. **Do features in this specification enable access to device sensors?**
+
+    No.
+
+9. **Do features in this specification enable new script execution/loading mechanisms?**
+
+    No.
+
+10. **Do features in this specification allow an origin to access other devices?**
+
+    No.
+
+11. **Do features in this specification allow an origin some measure of control over a user agent’s native UI?**
+
+    No.
+
+12. **What temporary identifiers do the features in this specification create or expose to the web?**
+
+    None.
+
+13. **How does this specification distinguish between behavior in first-party and third-party contexts?**
+
+    It does not make such distinction.
+
+14. **How do the features in this specification work in the context of a browser’s Private Browsing or Incognito mode?**
+
+    No difference.
+
+15. **Does this specification have both "Security Considerations" and "Privacy Considerations" sections?**
+
+    The API does not introduce any new security or privacy considerations.
+
+16. **Do features in your specification enable origins to downgrade default security protections?**
+
+    No.
+
+17. **How does your feature handle non-"fully active" documents?**
+
+    No difference.
+
+18. **What should this questionnaire have asked?**
+
+    N/A.