From 253c468c4d19745ba8a61fc39510deac05f62189 Mon Sep 17 00:00:00 2001
From: Garrett Tanzer <gtanzer@chromium.org>
Date: Thu, 6 Apr 2023 17:53:11 +0000
Subject: [PATCH 01/42] in progress

---
 spec.bs | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/spec.bs b/spec.bs
index e30ffa49..fb553265 100644
--- a/spec.bs
+++ b/spec.bs
@@ -333,7 +333,13 @@ serves as the key to the <{fencedframe}> element's [=fenced navigable container/
 
 A <dfn export>fenced frame config</dfn> is a struct with the following [=struct/items=]:
 
-* An <dfn for="fenced frame config">urn uuid</dfn>, a [=urn uuid=] string
+* A <dfn for="fenced frame config">urn uuid</dfn>, a [=urn uuid=] string
+* optional FencedFrameProperty mapped url
+* optional FencedFrameProperty container size (width + height)
+* optional FencedFrameProperty content size (width + height)
+* optional FencedFrameProperty interest group descriptor (owner + name)
+* optional exhaustive sandbox flags
+* optional exhaustive permissions
 * <span class=XXX>TODO: Specify the other members</span>
 
 

From 7a8c42c14c45c31ce49deb9d1dd4495c6e359d6f Mon Sep 17 00:00:00 2001
From: Garrett Tanzer <gtanzer@chromium.org>
Date: Fri, 7 Apr 2023 15:07:30 +0000
Subject: [PATCH 02/42] config skeleton

---
 spec.bs | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/spec.bs b/spec.bs
index fb553265..9cea81c3 100644
--- a/spec.bs
+++ b/spec.bs
@@ -334,13 +334,15 @@ serves as the key to the <{fencedframe}> element's [=fenced navigable container/
 A <dfn export>fenced frame config</dfn> is a struct with the following [=struct/items=]:
 
 * A <dfn for="fenced frame config">urn uuid</dfn>, a [=urn uuid=] string
-* optional FencedFrameProperty mapped url
-* optional FencedFrameProperty container size (width + height)
-* optional FencedFrameProperty content size (width + height)
-* optional FencedFrameProperty interest group descriptor (owner + name)
-* optional exhaustive sandbox flags
-* optional exhaustive permissions
-* <span class=XXX>TODO: Specify the other members</span>
+* <dfn for="fenced frame config">mapped url</dfn>, optional<url * boolean> (boolean is visibility to embedder)
+* <dfn for="fenced frame config">container size</dfn>, optional<(width:X * height:X) * boolean * boolean>
+* <dfn for="fenced frame config">content size</dfn>, optional<(width:X * height:X) * boolean * boolean>
+* <dfn for="fenced frame config">interest group descriptor</dfn>, optional<(owner:string + name:string) * boolean * boolean>
+* <dfn for="fenced frame config">effective sandbox flags</dfn>, optional<sandbox flags * boolean * boolean>
+* <dfn for="fenced frame config">effective permissions</dfn>, optional<permissions * boolean * boolean>
+* <dfn for="fenced frame config">fenced frame reporter</dfn>, optional<reporter * boolean * boolean>: TODO make sure reporters handles component ads correctly
+* <dfn for="fenced frame config">exfiltration budget metadata</dfn>, optional<(origin * double * boolean) * boolean * boolean>
+* <dfn for="fenced frame config">nested configs</dfn>, optional<(sequence of configs) * boolean * boolean>
 
 
 <h3 id=fence-interface>The {{Fence}} interface</h3>

From 6c88d0ed84696b1801cf60c1054179b8b4306005 Mon Sep 17 00:00:00 2001
From: Garrett Tanzer <gtanzer@chromium.org>
Date: Fri, 7 Apr 2023 15:28:03 +0000
Subject: [PATCH 03/42] add config instance

---
 spec.bs | 24 +++++++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

diff --git a/spec.bs b/spec.bs
index 9cea81c3..24dc4b3b 100644
--- a/spec.bs
+++ b/spec.bs
@@ -333,7 +333,6 @@ serves as the key to the <{fencedframe}> element's [=fenced navigable container/
 
 A <dfn export>fenced frame config</dfn> is a struct with the following [=struct/items=]:
 
-* A <dfn for="fenced frame config">urn uuid</dfn>, a [=urn uuid=] string
 * <dfn for="fenced frame config">mapped url</dfn>, optional<url * boolean> (boolean is visibility to embedder)
 * <dfn for="fenced frame config">container size</dfn>, optional<(width:X * height:X) * boolean * boolean>
 * <dfn for="fenced frame config">content size</dfn>, optional<(width:X * height:X) * boolean * boolean>
@@ -344,6 +343,29 @@ A <dfn export>fenced frame config</dfn> is a struct with the following [=struct/
 * <dfn for="fenced frame config">exfiltration budget metadata</dfn>, optional<(origin * double * boolean) * boolean * boolean>
 * <dfn for="fenced frame config">nested configs</dfn>, optional<(sequence of configs) * boolean * boolean>
 
+A <dfn export>fenced frame config mapping</dfn> is a map where each entry has the following structure:
+* The key is a <dfn for="fenced frame config mapping">urn uuid</dfn>, a [=urn uuid=] string
+* The value is a fenced frame config
+TODO: Set up the mapping so that it can be removed from the spec when urn iframes are gone?
+
+A <dfn export>fenced frame config instance</dfn> is a struct with the following [=struct/items=]:
+* <dfn for="fenced frame config instance">mapped url</dfn>
+* <dfn for="fenced frame config instance">container size</dfn>
+* <dfn for="fenced frame config instance">content size</dfn>
+* <dfn for="fenced frame config instance">interest group descriptor</dfn>
+* <dfn for="fenced frame config instance">effective sandbox flags</dfn>
+* <dfn for="fenced frame config instance">effective permissions</dfn>
+* <dfn for="fenced frame config instance">fenced frame reporter</dfn> TODO: including automatic beacon info
+* <dfn for="fenced frame config instance">exfiltration budget metadata</dfn>
+* <dfn for="fenced frame config instance">nested configs</dfn>
+* <dfn for="fenced frame config instance">partition nonce</dfn>
+* <dfn for="fenced frame config instance">embedder shared storage context</dfn>
+
+<div algorithm=config instantiation>
+  In order to instantiate a fenced frame config (to construct a fenced frame config instance), run these steps:
+
+  1. foo
+</div>
 
 <h3 id=fence-interface>The {{Fence}} interface</h3>
 

From 652b055b1a60c0fdd062c71f78d7516205fd3aef Mon Sep 17 00:00:00 2001
From: Garrett Tanzer <gtanzer@chromium.org>
Date: Fri, 7 Apr 2023 15:28:37 +0000
Subject: [PATCH 04/42] fix indent error

---
 spec.bs | 1 +
 1 file changed, 1 insertion(+)

diff --git a/spec.bs b/spec.bs
index 24dc4b3b..087c5722 100644
--- a/spec.bs
+++ b/spec.bs
@@ -346,6 +346,7 @@ A <dfn export>fenced frame config</dfn> is a struct with the following [=struct/
 A <dfn export>fenced frame config mapping</dfn> is a map where each entry has the following structure:
 * The key is a <dfn for="fenced frame config mapping">urn uuid</dfn>, a [=urn uuid=] string
 * The value is a fenced frame config
+
 TODO: Set up the mapping so that it can be removed from the spec when urn iframes are gone?
 
 A <dfn export>fenced frame config instance</dfn> is a struct with the following [=struct/items=]:

From eb4b785f5ecb25cbe9f8a5b7be284a1725aa8d6e Mon Sep 17 00:00:00 2001
From: Garrett Tanzer <gtanzer@chromium.org>
Date: Fri, 7 Apr 2023 15:32:05 +0000
Subject: [PATCH 05/42] move things around

---
 spec.bs | 18 +++---------------
 1 file changed, 3 insertions(+), 15 deletions(-)

diff --git a/spec.bs b/spec.bs
index 087c5722..16996986 100644
--- a/spec.bs
+++ b/spec.bs
@@ -289,9 +289,11 @@ elements that the <code>[=width=]</code> and <code>[=height=]</code> dimension a
 
 <h3 id=configuration-map>Configuration mapping</h3>
 
-Each [=traversable navigable=] has a <dfn for="traversable navigable" export>urn configuration
+Each [=traversable navigable=] has a <dfn for="traversable navigable" export>fenced frame config
 mapping</dfn>, a [=map=] mapping [=urn uuids=] to [=fenced frame config=] [=structs=].
 
+TODO: Set up the mapping so that it can be removed from the spec when urn iframes are gone?
+
 Note: This mapping is consulted during [=navigate|navigation=], and written to by what we
 colloquially refer to as *URN-generating APIs* or *config-generating APIs*, that generate both [=urn
 uuids=] and [=fenced frame configs=] for use in navigating <{fencedframe}> and <{iframe}> elements.
@@ -323,14 +325,6 @@ Issue: Fix the "indistinguishable" IDL bug with the unions above.</span>
 Each {{FencedFrameConfig}} has a <dfn for=fencedframeconfig>url</dfn>, which is a string, initially
 null.
 
-Each {{FencedFrameConfig}} has a <dfn for=fencedframeconfig>urn uuid</dfn>, which is a [=urn uuid=]
-string, initially null.
-
-Note: A {{FencedFrameConfig}}'s [=fencedframeconfig/urn uuid=] is a non-web-exposed unique ID that
-serves as the key to the <{fencedframe}> element's [=fenced navigable container/fenced navigable=]'s
-<span class=XXX>URN config mapping</span>, which maps [=urn uuids=] to [=fenced frame config=]
-[=structs=] (that represent the web-exposed {{FencedFrameConfig}} object).
-
 A <dfn export>fenced frame config</dfn> is a struct with the following [=struct/items=]:
 
 * <dfn for="fenced frame config">mapped url</dfn>, optional<url * boolean> (boolean is visibility to embedder)
@@ -343,12 +337,6 @@ A <dfn export>fenced frame config</dfn> is a struct with the following [=struct/
 * <dfn for="fenced frame config">exfiltration budget metadata</dfn>, optional<(origin * double * boolean) * boolean * boolean>
 * <dfn for="fenced frame config">nested configs</dfn>, optional<(sequence of configs) * boolean * boolean>
 
-A <dfn export>fenced frame config mapping</dfn> is a map where each entry has the following structure:
-* The key is a <dfn for="fenced frame config mapping">urn uuid</dfn>, a [=urn uuid=] string
-* The value is a fenced frame config
-
-TODO: Set up the mapping so that it can be removed from the spec when urn iframes are gone?
-
 A <dfn export>fenced frame config instance</dfn> is a struct with the following [=struct/items=]:
 * <dfn for="fenced frame config instance">mapped url</dfn>
 * <dfn for="fenced frame config instance">container size</dfn>

From fe49697c91d44defab581df82204f5c2973b47e7 Mon Sep 17 00:00:00 2001
From: Dominic Farolino <domfarolino@gmail.com>
Date: Fri, 7 Apr 2023 11:53:14 -0400
Subject: [PATCH 06/42] Dfn style

---
 spec.bs | 37 ++++++++++++++++++++++++++++---------
 1 file changed, 28 insertions(+), 9 deletions(-)

diff --git a/spec.bs b/spec.bs
index 16996986..71b1320c 100644
--- a/spec.bs
+++ b/spec.bs
@@ -327,15 +327,34 @@ null.
 
 A <dfn export>fenced frame config</dfn> is a struct with the following [=struct/items=]:
 
-* <dfn for="fenced frame config">mapped url</dfn>, optional<url * boolean> (boolean is visibility to embedder)
-* <dfn for="fenced frame config">container size</dfn>, optional<(width:X * height:X) * boolean * boolean>
-* <dfn for="fenced frame config">content size</dfn>, optional<(width:X * height:X) * boolean * boolean>
-* <dfn for="fenced frame config">interest group descriptor</dfn>, optional<(owner:string + name:string) * boolean * boolean>
-* <dfn for="fenced frame config">effective sandbox flags</dfn>, optional<sandbox flags * boolean * boolean>
-* <dfn for="fenced frame config">effective permissions</dfn>, optional<permissions * boolean * boolean>
-* <dfn for="fenced frame config">fenced frame reporter</dfn>, optional<reporter * boolean * boolean>: TODO make sure reporters handles component ads correctly
-* <dfn for="fenced frame config">exfiltration budget metadata</dfn>, optional<(origin * double * boolean) * boolean * boolean>
-* <dfn for="fenced frame config">nested configs</dfn>, optional<(sequence of configs) * boolean * boolean>
+<dl export dfn-for="fenced frame config">
+  : <dfn>mapped url</dfn>
+  :: optional<url * boolean> (boolean is visibility to embedder)
+
+  : <dfn>container size</dfn>
+  :: optional<(width:X * height:X) * boolean * boolean>
+
+  : <dfn>content size</dfn>
+  :: optional<(width:X * height:X) * boolean * boolean>
+
+  : <dfn>interest group descriptor</dfn>
+  :: optional<(owner:string + name:string) * boolean * boolean>
+
+  : <dfn>effective sandbox flags</dfn>
+  :: optional<sandbox flags * boolean * boolean>
+
+  : <dfn>effective permissions</dfn>
+  :: optional<permissions * boolean * boolean>
+
+  : <dfn>fenced frame reporter</dfn>
+  :: optional<reporter * boolean * boolean>: TODO make sure reporters handles component ads correctly
+
+  : <dfn>exfiltration budget metadata</dfn>
+  :: optional<(origin * double * boolean) * boolean * boolean>
+
+  : <dfn>nested configs</dfn>
+  :: optional<(sequence of configs) * boolean * boolean>
+</dl>
 
 A <dfn export>fenced frame config instance</dfn> is a struct with the following [=struct/items=]:
 * <dfn for="fenced frame config instance">mapped url</dfn>

From d4314cec1a75f2164d6483b31134a51ebdafee20 Mon Sep 17 00:00:00 2001
From: Garrett Tanzer <gtanzer@chromium.org>
Date: Fri, 7 Apr 2023 17:45:10 +0000
Subject: [PATCH 07/42] reformat

---
 spec.bs | 39 +++++++++++++++++++++++++++------------
 1 file changed, 27 insertions(+), 12 deletions(-)

diff --git a/spec.bs b/spec.bs
index 71b1320c..87231525 100644
--- a/spec.bs
+++ b/spec.bs
@@ -329,7 +329,7 @@ A <dfn export>fenced frame config</dfn> is a struct with the following [=struct/
 
 <dl export dfn-for="fenced frame config">
   : <dfn>mapped url</dfn>
-  :: optional<url * boolean> (boolean is visibility to embedder)
+  :: optional<url * boolean * boolean> (boolean is visibility to embedder)
 
   : <dfn>container size</dfn>
   :: optional<(width:X * height:X) * boolean * boolean>
@@ -356,18 +356,33 @@ A <dfn export>fenced frame config</dfn> is a struct with the following [=struct/
   :: optional<(sequence of configs) * boolean * boolean>
 </dl>
 
+
 A <dfn export>fenced frame config instance</dfn> is a struct with the following [=struct/items=]:
-* <dfn for="fenced frame config instance">mapped url</dfn>
-* <dfn for="fenced frame config instance">container size</dfn>
-* <dfn for="fenced frame config instance">content size</dfn>
-* <dfn for="fenced frame config instance">interest group descriptor</dfn>
-* <dfn for="fenced frame config instance">effective sandbox flags</dfn>
-* <dfn for="fenced frame config instance">effective permissions</dfn>
-* <dfn for="fenced frame config instance">fenced frame reporter</dfn> TODO: including automatic beacon info
-* <dfn for="fenced frame config instance">exfiltration budget metadata</dfn>
-* <dfn for="fenced frame config instance">nested configs</dfn>
-* <dfn for="fenced frame config instance">partition nonce</dfn>
-* <dfn for="fenced frame config instance">embedder shared storage context</dfn>
+
+<dl export dfn-for="fenced frame config instance">
+  : <dfn>mapped url</dfn>
+  :: optional<url * boolean * boolean>
+  : <dfn>container size</dfn>
+  :: optional<(width:X * height:X) * boolean * boolean>
+  : <dfn>content size</dfn>
+  :: optional<(width:X * height:X) * boolean * boolean>
+  : <dfn>interest group descriptor</dfn>
+  :: optional<(owner:string + name:string) * boolean * boolean>
+  : <dfn>effective sandbox flags</dfn>
+  :: optional<sandbox flags * boolean * boolean>
+  : <dfn>effective permissions</dfn>
+  :: optional<permissions * boolean * boolean>
+  : <dfn>fenced frame reporter</dfn> TODO: including automatic beacon info
+  :: optional<reporter * boolean * boolean>
+  : <dfn>exfiltration budget metadata</dfn>
+  :: optional<(origin * double * boolean) * boolean * boolean>
+  : <dfn>nested configs</dfn>
+  :: optional<(sequence of configs) * boolean * boolean>
+  : <dfn>partition nonce</dfn>
+  :: partition nonce
+  : <dfn>embedder shared storage context</dfn>
+  :: optional<string>
+</dl>
 
 <div algorithm=config instantiation>
   In order to instantiate a fenced frame config (to construct a fenced frame config instance), run these steps:

From b0230c8db538aa171188c3ccf84d48f82cfaac91 Mon Sep 17 00:00:00 2001
From: Garrett Tanzer <gtanzer@chromium.org>
Date: Fri, 7 Apr 2023 18:04:31 +0000
Subject: [PATCH 08/42] more

---
 spec.bs | 37 +++++++++++++++++++++++++++++++++++--
 1 file changed, 35 insertions(+), 2 deletions(-)

diff --git a/spec.bs b/spec.bs
index 87231525..026a358a 100644
--- a/spec.bs
+++ b/spec.bs
@@ -354,6 +354,9 @@ A <dfn export>fenced frame config</dfn> is a struct with the following [=struct/
 
   : <dfn>nested configs</dfn>
   :: optional<(sequence of configs) * boolean * boolean>
+
+  : <dfn>embedder shared storage context</dfn>
+  :: optional<string>
 </dl>
 
 
@@ -362,32 +365,62 @@ A <dfn export>fenced frame config instance</dfn> is a struct with the following
 <dl export dfn-for="fenced frame config instance">
   : <dfn>mapped url</dfn>
   :: optional<url * boolean * boolean>
+
   : <dfn>container size</dfn>
   :: optional<(width:X * height:X) * boolean * boolean>
+
   : <dfn>content size</dfn>
   :: optional<(width:X * height:X) * boolean * boolean>
+
   : <dfn>interest group descriptor</dfn>
   :: optional<(owner:string + name:string) * boolean * boolean>
+
   : <dfn>effective sandbox flags</dfn>
   :: optional<sandbox flags * boolean * boolean>
+
   : <dfn>effective permissions</dfn>
   :: optional<permissions * boolean * boolean>
+
   : <dfn>fenced frame reporter</dfn> TODO: including automatic beacon info
   :: optional<reporter * boolean * boolean>
+
   : <dfn>exfiltration budget metadata</dfn>
   :: optional<(origin * double * boolean) * boolean * boolean>
+
   : <dfn>nested configs</dfn>
   :: optional<(sequence of configs) * boolean * boolean>
+
   : <dfn>partition nonce</dfn>
   :: partition nonce
+
   : <dfn>embedder shared storage context</dfn>
   :: optional<string>
 </dl>
 
 <div algorithm=config instantiation>
-  In order to instantiate a fenced frame config (to construct a fenced frame config instance), run these steps:
+  In order to initialize a [=fenced frame config instance=] from a [=fenced frame config=], run these steps:
+
+  1. Initialize [=fenced frame config instance/mapped url=] with [=fenced frame config/mapped url=]
+
+  1. Initialize [=fenced frame config instance/container size=] with [=fenced frame config/container size=]
+
+  1. Initialize [=fenced frame config instance/content size=] with [=fenced frame config/content size=]
+
+  1. Initialize [=fenced frame config instance/interest group descriptor=] with [=fenced frame config/interest group descriptor=]
+
+  1. Initialize [=fenced frame config instance/effective sandbox flags=] with [=fenced frame config/effective sandbox flags=]
+
+  1. Initialize [=fenced frame config instance/effective permissions=] with [=fenced frame config/effective permissions=]
+
+  1. TODO: fenced frame reporter
+
+  1. TODO: budget metadata
+
+  1. TODO: nested configs
+
+  1. Initialize [=fenced frame config instance/partition nonce=] with a random TODO(ref):partition nonce.
 
-  1. foo
+  1. Initialize [=fenced frame config instance/embedder shared storage context=] with [=fenced frame config/embedder shared storage context=].
 </div>
 
 <h3 id=fence-interface>The {{Fence}} interface</h3>

From 82d464d1e84afb63573a3d71d8a16044bb71177f Mon Sep 17 00:00:00 2001
From: Garrett Tanzer <gtanzer@chromium.org>
Date: Fri, 7 Apr 2023 18:15:21 +0000
Subject: [PATCH 09/42] describe nested configs instantiation

---
 spec.bs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/spec.bs b/spec.bs
index 026a358a..f9e8018f 100644
--- a/spec.bs
+++ b/spec.bs
@@ -388,7 +388,7 @@ A <dfn export>fenced frame config instance</dfn> is a struct with the following
   :: optional<(origin * double * boolean) * boolean * boolean>
 
   : <dfn>nested configs</dfn>
-  :: optional<(sequence of configs) * boolean * boolean>
+  :: optional<(sequence of urn config pairs) * boolean * boolean>
 
   : <dfn>partition nonce</dfn>
   :: partition nonce
@@ -416,7 +416,7 @@ A <dfn export>fenced frame config instance</dfn> is a struct with the following
 
   1. TODO: budget metadata
 
-  1. TODO: nested configs
+  1. If [=fenced frame config/nested configs=] is null, initialize [=fenced frame config instance/nested configs=] to null. Otherwise, initialize [=fenced frame config instance/nested configs=] with an [=ordered map=], where for each [=fenced frame config=] in [=fenced frame config/nested configs=], there is an entry where the key is a randomly sampled [=urn uuid=] and the value is the [=fenced frame config=]. TODO: copy over visibility values
 
   1. Initialize [=fenced frame config instance/partition nonce=] with a random TODO(ref):partition nonce.
 

From 95e5cdaa1da0732f348bcef875e5ba5cc9c97a04 Mon Sep 17 00:00:00 2001
From: Garrett Tanzer <gtanzer@chromium.org>
Date: Mon, 10 Apr 2023 20:11:07 +0000
Subject: [PATCH 10/42] more

---
 spec.bs | 52 ++++++++++++++++++++++++++++++----------------------
 1 file changed, 30 insertions(+), 22 deletions(-)

diff --git a/spec.bs b/spec.bs
index f9e8018f..92e1eef7 100644
--- a/spec.bs
+++ b/spec.bs
@@ -323,40 +323,42 @@ maps to an internal [=fenced frame config=] [=struct=].
 Issue: Fix the "indistinguishable" IDL bug with the unions above.</span>
 
 Each {{FencedFrameConfig}} has a <dfn for=fencedframeconfig>url</dfn>, which is a string, initially
-null.
+null. TODO: flesh out {{FencedFrameConfig}}
+
+A <dfn export for=fencedframeconfig>visibility</dfn> is either "<dfn export for=visibility>`opaque`</dfn>" or "<dfn export for=visibility>`transparent`</dfn>". There are two kinds of [=fencedframeconfig/visibility=]: <dfn export for=visibility>visibility to embedder</dfn> and <dfn export for=visibility>visibility to content</dfn>.
 
 A <dfn export>fenced frame config</dfn> is a struct with the following [=struct/items=]:
 
 <dl export dfn-for="fenced frame config">
   : <dfn>mapped url</dfn>
-  :: optional<url * boolean * boolean> (boolean is visibility to embedder)
+  :: null, or a struct containing a url (which is a string), a [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
 
   : <dfn>container size</dfn>
-  :: optional<(width:X * height:X) * boolean * boolean>
+  :: null, or a struct containing a size (which is a width and a height), a [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
 
   : <dfn>content size</dfn>
-  :: optional<(width:X * height:X) * boolean * boolean>
+  :: null, or a struct containing a size (which is a width and a height), a [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
 
   : <dfn>interest group descriptor</dfn>
-  :: optional<(owner:string + name:string) * boolean * boolean>
+  :: null, or a struct containing an interest group descriptor (which is a struct containing an owner and a name), a [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
 
   : <dfn>effective sandbox flags</dfn>
-  :: optional<sandbox flags * boolean * boolean>
+  :: null, or a struct containing a set of sandbox flags, a [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
 
   : <dfn>effective permissions</dfn>
-  :: optional<permissions * boolean * boolean>
+  :: null, or a struct containing a set of permissions, a [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
 
   : <dfn>fenced frame reporter</dfn>
-  :: optional<reporter * boolean * boolean>: TODO make sure reporters handles component ads correctly
+  :: null, or a struct containing a fenced frame reporter, a [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
 
   : <dfn>exfiltration budget metadata</dfn>
-  :: optional<(origin * double * boolean) * boolean * boolean>
+  :: null, or a struct containing an exfiltration budget metadata, a [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
 
   : <dfn>nested configs</dfn>
-  :: optional<(sequence of configs) * boolean * boolean>
+  :: null, or a struct containing a sequence of [=fenced frame configs=], a [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
 
   : <dfn>embedder shared storage context</dfn>
-  :: optional<string>
+  :: null, or an embedder shared storage context (which is a string)
 </dl>
 
 
@@ -364,37 +366,37 @@ A <dfn export>fenced frame config instance</dfn> is a struct with the following
 
 <dl export dfn-for="fenced frame config instance">
   : <dfn>mapped url</dfn>
-  :: optional<url * boolean * boolean>
+  :: null, or a struct containing a url (which is a string), a [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
 
   : <dfn>container size</dfn>
-  :: optional<(width:X * height:X) * boolean * boolean>
+  :: null, or a struct containing a size (which is a width and a height), a [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
 
   : <dfn>content size</dfn>
-  :: optional<(width:X * height:X) * boolean * boolean>
+  :: null, or a struct containing a size (which is a width and a height), a [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
 
   : <dfn>interest group descriptor</dfn>
-  :: optional<(owner:string + name:string) * boolean * boolean>
+  :: null, or a struct containing an interest group descriptor (which is a struct containing an owner and a name), a [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
 
   : <dfn>effective sandbox flags</dfn>
-  :: optional<sandbox flags * boolean * boolean>
+  :: null, or a struct containing a set of sandbox flags, a [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
 
   : <dfn>effective permissions</dfn>
-  :: optional<permissions * boolean * boolean>
+  :: null, or a struct containing a set of permissions, a [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
 
   : <dfn>fenced frame reporter</dfn> TODO: including automatic beacon info
-  :: optional<reporter * boolean * boolean>
+  :: null, or a struct containing a fenced frame reporter, a [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
 
   : <dfn>exfiltration budget metadata</dfn>
-  :: optional<(origin * double * boolean) * boolean * boolean>
+  :: null, or a struct containing an exfiltration budget metadata, a [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
 
   : <dfn>nested configs</dfn>
-  :: optional<(sequence of urn config pairs) * boolean * boolean>
+  :: null, or a struct containing a sequence of pairs of [=urn uuids] and [=fenced frame configs=], a [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
 
   : <dfn>partition nonce</dfn>
-  :: partition nonce
+  :: a partition nonce
 
   : <dfn>embedder shared storage context</dfn>
-  :: optional<string>
+  :: null, or an embedder shared storage context (which is a string)
 </dl>
 
 <div algorithm=config instantiation>
@@ -423,6 +425,12 @@ A <dfn export>fenced frame config instance</dfn> is a struct with the following
   1. Initialize [=fenced frame config instance/embedder shared storage context=] with [=fenced frame config/embedder shared storage context=].
 </div>
 
+<div algorithm=redaction>
+  In order to redact a [=fenced frame config=], run these steps:
+
+  1. TODO
+</div>
+
 <h3 id=fence-interface>The {{Fence}} interface</h3>
 
 <span class=XXX>Describe this infrastructure in detail.</span>

From be5bb1f11dd62b14302d1ebe691fe3f201767ffd Mon Sep 17 00:00:00 2001
From: Garrett Tanzer <gtanzer@chromium.org>
Date: Mon, 10 Apr 2023 20:53:35 +0000
Subject: [PATCH 11/42] intro summary text

---
 spec.bs | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/spec.bs b/spec.bs
index 92e1eef7..0ce7b989 100644
--- a/spec.bs
+++ b/spec.bs
@@ -325,6 +325,12 @@ Issue: Fix the "indistinguishable" IDL bug with the unions above.</span>
 Each {{FencedFrameConfig}} has a <dfn for=fencedframeconfig>url</dfn>, which is a string, initially
 null. TODO: flesh out {{FencedFrameConfig}}
 
+A key feature of the <{fencedframe}> element is that web platform APIs can configure the behavior of the frame in a way that limits the ability of other execution contexts to modify or inspect this configuration, for security or privacy reasons. For example, the FLEDGE API (TODO:ref) performs on-device ad auctions over cross-site data, and it is important that the ad that wins the auction can be loaded into a frame, without the API caller knowing _which ad_ won the auction, or being able to manipulate the environment in which the ad loads.
+
+We achieve this using the concept of a "fenced frame config". A fenced frame config is a collection of fields that can be loaded into <{fencedframe}> elements and that specifies the resulting environments. Fenced frame configs can only be constructed by web platform APIs, not initialized or modified arbitrarily. Their fields also contain "visibilities" for different entities, which dictate whether the field should be "redacted" when inspected by particular execution contexts. Each time a fenced frame config is loaded into a <{fencedframe}> element, it is instantiated as a new "fenced frame config instance", which governs that particular context.
+
+We now establish some preliminary types:
+
 A <dfn export for=fencedframeconfig>visibility</dfn> is either "<dfn export for=visibility>`opaque`</dfn>" or "<dfn export for=visibility>`transparent`</dfn>". There are two kinds of [=fencedframeconfig/visibility=]: <dfn export for=visibility>visibility to embedder</dfn> and <dfn export for=visibility>visibility to content</dfn>.
 
 A <dfn export>fenced frame config</dfn> is a struct with the following [=struct/items=]:

From 166bff4e25471590ba60de263f1e3a963ca3f006 Mon Sep 17 00:00:00 2001
From: Garrett Tanzer <gtanzer@chromium.org>
Date: Mon, 10 Apr 2023 21:18:24 +0000
Subject: [PATCH 12/42] change config instantiation formatting

---
 spec.bs | 61 ++++++++++++++++++++++++++++++++++++++++-----------------
 1 file changed, 43 insertions(+), 18 deletions(-)

diff --git a/spec.bs b/spec.bs
index 0ce7b989..ad2baf73 100644
--- a/spec.bs
+++ b/spec.bs
@@ -333,6 +333,20 @@ We now establish some preliminary types:
 
 A <dfn export for=fencedframeconfig>visibility</dfn> is either "<dfn export for=visibility>`opaque`</dfn>" or "<dfn export for=visibility>`transparent`</dfn>". There are two kinds of [=fencedframeconfig/visibility=]: <dfn export for=visibility>visibility to embedder</dfn> and <dfn export for=visibility>visibility to content</dfn>.
 
+An <dfn export for=fencedframeconfig>interest group descriptor</dfn> is TODO.
+
+An <dfn export for=fencedframeconfig>exhaustive set of sandbox flags</dfn> is TODO.
+
+An <dfn export for=fencedframeconfig>exhaustive set of permissions</dfn> is TODO.
+
+A <dfn export for=fencedframeconfig>fenced frame reporter</dfn> is TODO.
+
+An <dfn export for=fencedframeconfig>exfiltration budget metadata</dfn> is TODO.
+
+An <dfn export for=fencedframeconfig>embedder shared storage context</dfn> is TODO.
+
+A <dfn export>partition nonce</dfn> is TODO.
+
 A <dfn export>fenced frame config</dfn> is a struct with the following [=struct/items=]:
 
 <dl export dfn-for="fenced frame config">
@@ -346,25 +360,25 @@ A <dfn export>fenced frame config</dfn> is a struct with the following [=struct/
   :: null, or a struct containing a size (which is a width and a height), a [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
 
   : <dfn>interest group descriptor</dfn>
-  :: null, or a struct containing an interest group descriptor (which is a struct containing an owner and a name), a [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
+  :: null, or a struct containing an [=fencedframeconfig/interest group descriptor=], a [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
 
   : <dfn>effective sandbox flags</dfn>
-  :: null, or a struct containing a set of sandbox flags, a [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
+  :: null, or a struct containing an [=fencedframeconfig/exhaustive set of sandbox flags=], a [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
 
   : <dfn>effective permissions</dfn>
-  :: null, or a struct containing a set of permissions, a [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
+  :: null, or a struct containing an [=fencedframeconfig/exhaustive set of permissions=], a [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
 
   : <dfn>fenced frame reporter</dfn>
-  :: null, or a struct containing a fenced frame reporter, a [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
+  :: null, or a struct containing a [=fencedframeconfig/fenced frame reporter=], a [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
 
   : <dfn>exfiltration budget metadata</dfn>
-  :: null, or a struct containing an exfiltration budget metadata, a [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
+  :: null, or a struct containing an [=fencedframeconfig/exfiltration budget metadata=], a [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
 
   : <dfn>nested configs</dfn>
   :: null, or a struct containing a sequence of [=fenced frame configs=], a [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
 
   : <dfn>embedder shared storage context</dfn>
-  :: null, or an embedder shared storage context (which is a string)
+  :: null, or an [=fencedframeconfig/embedder shared storage context=]
 </dl>
 
 
@@ -406,29 +420,40 @@ A <dfn export>fenced frame config instance</dfn> is a struct with the following
 </dl>
 
 <div algorithm=config instantiation>
-  In order to initialize a [=fenced frame config instance=] from a [=fenced frame config=], run these steps:
+  A [=fenced frame config instance=] is initialized from a [=fenced frame config=] as follows:
 
-  1. Initialize [=fenced frame config instance/mapped url=] with [=fenced frame config/mapped url=]
+    : [=fenced frame config instance/mapped url=]
+    :: the [=fenced frame config=]'s [=fenced frame config/mapped url=]
 
-  1. Initialize [=fenced frame config instance/container size=] with [=fenced frame config/container size=]
+    : [=fenced frame config instance/container size=]
+    :: the [=fenced frame config=]'s [=fenced frame config/container size=]
 
-  1. Initialize [=fenced frame config instance/content size=] with [=fenced frame config/content size=]
+    : [=fenced frame config instance/content size=]
+    :: the [=fenced frame config=]'s [=fenced frame config/content size=]
 
-  1. Initialize [=fenced frame config instance/interest group descriptor=] with [=fenced frame config/interest group descriptor=]
+    : [=fenced frame config instance/interest group descriptor=]
+    :: the [=fenced frame config=]'s [=fenced frame config/interest group descriptor=]
 
-  1. Initialize [=fenced frame config instance/effective sandbox flags=] with [=fenced frame config/effective sandbox flags=]
+    : [=fenced frame config instance/effective sandbox flags=]
+    :: the [=fenced frame config=]'s [=fenced frame config/effective sandbox flags=]
 
-  1. Initialize [=fenced frame config instance/effective permissions=] with [=fenced frame config/effective permissions=]
+    : [=fenced frame config instance/effective permissions=]
+    :: the [=fenced frame config=]'s [=fenced frame config/effective permissions=]
 
-  1. TODO: fenced frame reporter
+    : TODO: fenced frame reporter
+    :: the [=fenced frame config=]'s
 
-  1. TODO: budget metadata
+    : TODO: budget metadata
+    :: the [=fenced frame config=]'s
 
-  1. If [=fenced frame config/nested configs=] is null, initialize [=fenced frame config instance/nested configs=] to null. Otherwise, initialize [=fenced frame config instance/nested configs=] with an [=ordered map=], where for each [=fenced frame config=] in [=fenced frame config/nested configs=], there is an entry where the key is a randomly sampled [=urn uuid=] and the value is the [=fenced frame config=]. TODO: copy over visibility values
+    : [=fenced frame config instance/nested configs=]
+    :: If the [=fenced frame config=]'s [=fenced frame config/nested configs=] is null, set to null. Otherwise, set the [=fenced frame config instance/nested configs=] to an [=ordered map=], where for each [=fenced frame config=] in [=fenced frame config/nested configs=], there is an entry where the key is a randomly sampled [=urn uuid=] and the value is the [=fenced frame config=]. Copy the [=visibility/visibility to embedder=] from the [=fenced frame config=]'s [=fenced frame config/nested configs=]'s [=visibility/visibility to embedder=], and the [=visibility/visibility to content=] from the [=fenced frame config=]'s [=fenced frame config/nested configs=]'s [=visibility/visibility to content=].
 
-  1. Initialize [=fenced frame config instance/partition nonce=] with a random TODO(ref):partition nonce.
+    : [=fenced frame config instance/partition nonce=]
+    :: a random [=partition nonce=]
 
-  1. Initialize [=fenced frame config instance/embedder shared storage context=] with [=fenced frame config/embedder shared storage context=].
+    : [=fenced frame config instance/embedder shared storage context=]
+    :: the [=fenced frame config=]'s [=fenced frame config/embedder shared storage context=]
 </div>
 
 <div algorithm=redaction>

From 0d24a58e60c36ee7fe981ff4a89eeddd5a9d7d2a Mon Sep 17 00:00:00 2001
From: Garrett Tanzer <gtanzer@chromium.org>
Date: Mon, 10 Apr 2023 21:21:06 +0000
Subject: [PATCH 13/42] move TODO to github issue

---
 spec.bs | 2 --
 1 file changed, 2 deletions(-)

diff --git a/spec.bs b/spec.bs
index ad2baf73..a2d3fd64 100644
--- a/spec.bs
+++ b/spec.bs
@@ -292,8 +292,6 @@ elements that the <code>[=width=]</code> and <code>[=height=]</code> dimension a
 Each [=traversable navigable=] has a <dfn for="traversable navigable" export>fenced frame config
 mapping</dfn>, a [=map=] mapping [=urn uuids=] to [=fenced frame config=] [=structs=].
 
-TODO: Set up the mapping so that it can be removed from the spec when urn iframes are gone?
-
 Note: This mapping is consulted during [=navigate|navigation=], and written to by what we
 colloquially refer to as *URN-generating APIs* or *config-generating APIs*, that generate both [=urn
 uuids=] and [=fenced frame configs=] for use in navigating <{fencedframe}> and <{iframe}> elements.

From 06ee8f5fbd107eccce39dc57a7e8c2331b0f06ad Mon Sep 17 00:00:00 2001
From: Garrett Tanzer <gtanzer@chromium.org>
Date: Mon, 10 Apr 2023 21:53:42 +0000
Subject: [PATCH 14/42] more

---
 spec.bs | 40 ++++++++++++++++++++++------------------
 1 file changed, 22 insertions(+), 18 deletions(-)

diff --git a/spec.bs b/spec.bs
index a2d3fd64..1a58f8b0 100644
--- a/spec.bs
+++ b/spec.bs
@@ -331,17 +331,21 @@ We now establish some preliminary types:
 
 A <dfn export for=fencedframeconfig>visibility</dfn> is either "<dfn export for=visibility>`opaque`</dfn>" or "<dfn export for=visibility>`transparent`</dfn>". There are two kinds of [=fencedframeconfig/visibility=]: <dfn export for=visibility>visibility to embedder</dfn> and <dfn export for=visibility>visibility to content</dfn>.
 
-An <dfn export for=fencedframeconfig>interest group descriptor</dfn> is TODO.
+A <dfn export for=fencedframetype>mapped url</dfn> is TODO.
 
-An <dfn export for=fencedframeconfig>exhaustive set of sandbox flags</dfn> is TODO.
+A <dfn export for=fencedframetype>size</dfn> is TODO.
 
-An <dfn export for=fencedframeconfig>exhaustive set of permissions</dfn> is TODO.
+An <dfn export for=fencedframetype>interest group descriptor</dfn> is TODO.
 
-A <dfn export for=fencedframeconfig>fenced frame reporter</dfn> is TODO.
+An <dfn export for=fencedframetype>exhaustive set of sandbox flags</dfn> is TODO.
 
-An <dfn export for=fencedframeconfig>exfiltration budget metadata</dfn> is TODO.
+An <dfn export for=fencedframetype>exhaustive set of permissions</dfn> is TODO.
 
-An <dfn export for=fencedframeconfig>embedder shared storage context</dfn> is TODO.
+A <dfn export for=fencedframetype>fenced frame reporter</dfn> is TODO.
+
+An <dfn export for=fencedframetype>exfiltration budget metadata</dfn> is TODO.
+
+An <dfn export for=fencedframetype>embedder shared storage context</dfn> is TODO.
 
 A <dfn export>partition nonce</dfn> is TODO.
 
@@ -349,34 +353,34 @@ A <dfn export>fenced frame config</dfn> is a struct with the following [=struct/
 
 <dl export dfn-for="fenced frame config">
   : <dfn>mapped url</dfn>
-  :: null, or a struct containing a url (which is a string), a [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
+  :: null, or a struct containing a [=fencedframetype/mapped url=] and a [=visibility/visibility to embedder=]
 
   : <dfn>container size</dfn>
-  :: null, or a struct containing a size (which is a width and a height), a [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
+  :: null, or a struct containing a [=fencedframetype/size=] and a [=visibility/visibility to content=]
 
   : <dfn>content size</dfn>
-  :: null, or a struct containing a size (which is a width and a height), a [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
+  :: null, or a struct containing a [=fencedframetype/size=] and a [=visibility/visibility to embedder=]
 
   : <dfn>interest group descriptor</dfn>
-  :: null, or a struct containing an [=fencedframeconfig/interest group descriptor=], a [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
+  :: null, or a struct containing an [=fencedframetype/interest group descriptor=], a [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
 
   : <dfn>effective sandbox flags</dfn>
-  :: null, or a struct containing an [=fencedframeconfig/exhaustive set of sandbox flags=], a [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
+  :: null, or a struct containing an [=fencedframetype/exhaustive set of sandbox flags=], a [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
 
   : <dfn>effective permissions</dfn>
-  :: null, or a struct containing an [=fencedframeconfig/exhaustive set of permissions=], a [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
+  :: null, or a struct containing an [=fencedframetype/exhaustive set of permissions=], a [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
 
   : <dfn>fenced frame reporter</dfn>
-  :: null, or a struct containing a [=fencedframeconfig/fenced frame reporter=], a [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
+  :: null, or a struct containing a [=fencedframetype/fenced frame reporter=], a [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
 
   : <dfn>exfiltration budget metadata</dfn>
-  :: null, or a struct containing an [=fencedframeconfig/exfiltration budget metadata=], a [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
+  :: null, or a struct containing an [=fencedframetype/exfiltration budget metadata=], a [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
 
   : <dfn>nested configs</dfn>
   :: null, or a struct containing a sequence of [=fenced frame configs=], a [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
 
   : <dfn>embedder shared storage context</dfn>
-  :: null, or an [=fencedframeconfig/embedder shared storage context=]
+  :: null, or an [=fencedframetype/embedder shared storage context=]
 </dl>
 
 
@@ -384,13 +388,13 @@ A <dfn export>fenced frame config instance</dfn> is a struct with the following
 
 <dl export dfn-for="fenced frame config instance">
   : <dfn>mapped url</dfn>
-  :: null, or a struct containing a url (which is a string), a [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
+  :: null, or a struct containing a url (which is a string) and a [=visibility/visibility to embedder=]
 
   : <dfn>container size</dfn>
-  :: null, or a struct containing a size (which is a width and a height), a [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
+  :: null, or a struct containing a size (which is a width and a height) and a [=visibility/visibility to content=]
 
   : <dfn>content size</dfn>
-  :: null, or a struct containing a size (which is a width and a height), a [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
+  :: null, or a struct containing a size (which is a width and a height) and a [=visibility/visibility to embedder=]
 
   : <dfn>interest group descriptor</dfn>
   :: null, or a struct containing an interest group descriptor (which is a struct containing an owner and a name), a [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]

From ac16848027f673170878e7ec9dc0be99a744e5b7 Mon Sep 17 00:00:00 2001
From: Garrett Tanzer <gtanzer@chromium.org>
Date: Tue, 11 Apr 2023 14:17:43 +0000
Subject: [PATCH 15/42] more

---
 spec.bs | 38 +++++++++++++++++++-------------------
 1 file changed, 19 insertions(+), 19 deletions(-)

diff --git a/spec.bs b/spec.bs
index 1a58f8b0..a7c7fd2c 100644
--- a/spec.bs
+++ b/spec.bs
@@ -345,7 +345,7 @@ A <dfn export for=fencedframetype>fenced frame reporter</dfn> is TODO.
 
 An <dfn export for=fencedframetype>exfiltration budget metadata</dfn> is TODO.
 
-An <dfn export for=fencedframetype>embedder shared storage context</dfn> is TODO.
+An <dfn export for=fencedframetype>embedder shared storage context</dfn> is a string.
 
 A <dfn export>partition nonce</dfn> is TODO.
 
@@ -365,7 +365,7 @@ A <dfn export>fenced frame config</dfn> is a struct with the following [=struct/
   :: null, or a struct containing an [=fencedframetype/interest group descriptor=], a [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
 
   : <dfn>effective sandbox flags</dfn>
-  :: null, or a struct containing an [=fencedframetype/exhaustive set of sandbox flags=], a [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
+  :: null, or a struct containing an [=fencedframetype/exhaustive set of sandbox flags=] and a [=visibility/visibility to embedder=]
 
   : <dfn>effective permissions</dfn>
   :: null, or a struct containing an [=fencedframetype/exhaustive set of permissions=], a [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
@@ -377,7 +377,7 @@ A <dfn export>fenced frame config</dfn> is a struct with the following [=struct/
   :: null, or a struct containing an [=fencedframetype/exfiltration budget metadata=], a [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
 
   : <dfn>nested configs</dfn>
-  :: null, or a struct containing a sequence of [=fenced frame configs=], a [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
+  :: null, or a struct containing a sequence of [=fenced frame configs=] and a [=visibility/visibility to embedder=]
 
   : <dfn>embedder shared storage context</dfn>
   :: null, or an [=fencedframetype/embedder shared storage context=]
@@ -388,37 +388,37 @@ A <dfn export>fenced frame config instance</dfn> is a struct with the following
 
 <dl export dfn-for="fenced frame config instance">
   : <dfn>mapped url</dfn>
-  :: null, or a struct containing a url (which is a string) and a [=visibility/visibility to embedder=]
+  :: null, or a struct containing a [=fencedframetype/mapped url=] and a [=visibility/visibility to embedder=]
 
   : <dfn>container size</dfn>
-  :: null, or a struct containing a size (which is a width and a height) and a [=visibility/visibility to content=]
+  :: null, or a struct containing a [=fencedframetype/size=] and a [=visibility/visibility to content=]
 
   : <dfn>content size</dfn>
-  :: null, or a struct containing a size (which is a width and a height) and a [=visibility/visibility to embedder=]
+  :: null, or a struct containing a [=fencedframetype/size=] and a [=visibility/visibility to embedder=]
 
   : <dfn>interest group descriptor</dfn>
-  :: null, or a struct containing an interest group descriptor (which is a struct containing an owner and a name), a [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
+  :: null, or a struct containing an [=fencedframetype/interest group descriptor=], a [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
 
   : <dfn>effective sandbox flags</dfn>
-  :: null, or a struct containing a set of sandbox flags, a [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
+  :: null, or a struct containing an [=fencedframetype/exhaustive set of sandbox flags=] and a [=visibility/visibility to embedder=]
 
   : <dfn>effective permissions</dfn>
-  :: null, or a struct containing a set of permissions, a [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
+  :: null, or a struct containing an [=fencedframetype/exhaustive set of permissions=] and a [=visibility/visibility to embedder=]
 
   : <dfn>fenced frame reporter</dfn> TODO: including automatic beacon info
-  :: null, or a struct containing a fenced frame reporter, a [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
+  :: null, or a struct containing a [=fencedframetype/fenced frame reporter=], a [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
 
   : <dfn>exfiltration budget metadata</dfn>
-  :: null, or a struct containing an exfiltration budget metadata, a [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
+  :: null, or a struct containing an [=fencedframetype/exfiltration budget metadata=], a [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
 
   : <dfn>nested configs</dfn>
-  :: null, or a struct containing a sequence of pairs of [=urn uuids] and [=fenced frame configs=], a [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
+  :: null, or a struct containing a sequence of pairs of [=urn uuids] and [=fenced frame configs=] and a [=visibility/visibility to embedder=]
 
   : <dfn>partition nonce</dfn>
-  :: a partition nonce
+  :: a [=partition nonce=]
 
   : <dfn>embedder shared storage context</dfn>
-  :: null, or an embedder shared storage context (which is a string)
+  :: null, or an [=fencedframetype/embedder shared storage context=]
 </dl>
 
 <div algorithm=config instantiation>
@@ -442,17 +442,17 @@ A <dfn export>fenced frame config instance</dfn> is a struct with the following
     : [=fenced frame config instance/effective permissions=]
     :: the [=fenced frame config=]'s [=fenced frame config/effective permissions=]
 
-    : TODO: fenced frame reporter
-    :: the [=fenced frame config=]'s
+    : [=fenced frame config instance/fenced frame reporter=]
+    :: the [=fenced frame config=]'s TODO
 
-    : TODO: budget metadata
-    :: the [=fenced frame config=]'s
+    : [=fenced frame config instance/exfiltration budget metadata=]
+    :: the [=fenced frame config=]'s TODO
 
     : [=fenced frame config instance/nested configs=]
     :: If the [=fenced frame config=]'s [=fenced frame config/nested configs=] is null, set to null. Otherwise, set the [=fenced frame config instance/nested configs=] to an [=ordered map=], where for each [=fenced frame config=] in [=fenced frame config/nested configs=], there is an entry where the key is a randomly sampled [=urn uuid=] and the value is the [=fenced frame config=]. Copy the [=visibility/visibility to embedder=] from the [=fenced frame config=]'s [=fenced frame config/nested configs=]'s [=visibility/visibility to embedder=], and the [=visibility/visibility to content=] from the [=fenced frame config=]'s [=fenced frame config/nested configs=]'s [=visibility/visibility to content=].
 
     : [=fenced frame config instance/partition nonce=]
-    :: a random [=partition nonce=]
+    :: a random [=partition nonce=] (TODO)
 
     : [=fenced frame config instance/embedder shared storage context=]
     :: the [=fenced frame config=]'s [=fenced frame config/embedder shared storage context=]

From 98aa564983347623c1e4cfba796691e92621305e Mon Sep 17 00:00:00 2001
From: Garrett Tanzer <gtanzer@chromium.org>
Date: Tue, 11 Apr 2023 14:25:55 +0000
Subject: [PATCH 16/42] fix compile error?

---
 spec.bs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/spec.bs b/spec.bs
index a7c7fd2c..e8a0cd02 100644
--- a/spec.bs
+++ b/spec.bs
@@ -421,7 +421,7 @@ A <dfn export>fenced frame config instance</dfn> is a struct with the following
   :: null, or an [=fencedframetype/embedder shared storage context=]
 </dl>
 
-<div algorithm=config instantiation>
+<div algorithm=configinstantiation>
   A [=fenced frame config instance=] is initialized from a [=fenced frame config=] as follows:
 
     : [=fenced frame config instance/mapped url=]

From 214e86befd44e509bfc6546f0b62ea1655c93866 Mon Sep 17 00:00:00 2001
From: Garrett Tanzer <gtanzer@chromium.org>
Date: Tue, 11 Apr 2023 19:45:19 +0000
Subject: [PATCH 17/42] 100 max column width

---
 spec.bs | 87 ++++++++++++++++++++++++++++++++++++++++++---------------
 1 file changed, 64 insertions(+), 23 deletions(-)

diff --git a/spec.bs b/spec.bs
index e8a0cd02..2e774724 100644
--- a/spec.bs
+++ b/spec.bs
@@ -323,13 +323,28 @@ Issue: Fix the "indistinguishable" IDL bug with the unions above.</span>
 Each {{FencedFrameConfig}} has a <dfn for=fencedframeconfig>url</dfn>, which is a string, initially
 null. TODO: flesh out {{FencedFrameConfig}}
 
-A key feature of the <{fencedframe}> element is that web platform APIs can configure the behavior of the frame in a way that limits the ability of other execution contexts to modify or inspect this configuration, for security or privacy reasons. For example, the FLEDGE API (TODO:ref) performs on-device ad auctions over cross-site data, and it is important that the ad that wins the auction can be loaded into a frame, without the API caller knowing _which ad_ won the auction, or being able to manipulate the environment in which the ad loads.
-
-We achieve this using the concept of a "fenced frame config". A fenced frame config is a collection of fields that can be loaded into <{fencedframe}> elements and that specifies the resulting environments. Fenced frame configs can only be constructed by web platform APIs, not initialized or modified arbitrarily. Their fields also contain "visibilities" for different entities, which dictate whether the field should be "redacted" when inspected by particular execution contexts. Each time a fenced frame config is loaded into a <{fencedframe}> element, it is instantiated as a new "fenced frame config instance", which governs that particular context.
+A key feature of the <{fencedframe}> element is that web platform APIs can configure the behavior
+of the frame in a way that limits the ability of other execution contexts to modify or inspect this
+configuration, for security or privacy reasons. For example, the FLEDGE API (TODO:ref) performs
+on-device ad auctions over cross-site data, and it is important that the ad that wins the auction
+can be loaded into a frame, without the API caller knowing which ad won the auction or being able
+to manipulate the environment in which the ad loads.
+
+We achieve this using the concept of a "fenced frame config". A fenced frame config is a collection
+of fields that can be loaded into <{fencedframe}> elements and that specifies the resulting
+environments. Fenced frame configs can only be constructed by web platform APIs, not initialized
+or modified arbitrarily. Their fields also contain "visibilities" for different entities, which
+dictate whether the field should be "redacted" when inspected by particular execution contexts.
+Each time a fenced frame config is loaded into a <{fencedframe}> element, it is instantiated as a
+new "fenced frame config instance", which governs that particular context.
 
 We now establish some preliminary types:
 
-A <dfn export for=fencedframeconfig>visibility</dfn> is either "<dfn export for=visibility>`opaque`</dfn>" or "<dfn export for=visibility>`transparent`</dfn>". There are two kinds of [=fencedframeconfig/visibility=]: <dfn export for=visibility>visibility to embedder</dfn> and <dfn export for=visibility>visibility to content</dfn>.
+A <dfn export for=fencedframeconfig>visibility</dfn> is either
+"<dfn export for=visibility>`opaque`</dfn>" or "<dfn export for=visibility>`transparent`</dfn>".
+There are two kinds of [=fencedframeconfig/visibility=]:
+<dfn export for=visibility>visibility to embedder</dfn> and
+<dfn export for=visibility>visibility to content</dfn>.
 
 A <dfn export for=fencedframetype>mapped url</dfn> is TODO.
 
@@ -353,31 +368,40 @@ A <dfn export>fenced frame config</dfn> is a struct with the following [=struct/
 
 <dl export dfn-for="fenced frame config">
   : <dfn>mapped url</dfn>
-  :: null, or a struct containing a [=fencedframetype/mapped url=] and a [=visibility/visibility to embedder=]
+  :: null, or a struct containing a [=fencedframetype/mapped url=] and a
+     [=visibility/visibility to embedder=]
 
   : <dfn>container size</dfn>
-  :: null, or a struct containing a [=fencedframetype/size=] and a [=visibility/visibility to content=]
+  :: null, or a struct containing a [=fencedframetype/size=] and a
+     [=visibility/visibility to content=]
 
   : <dfn>content size</dfn>
-  :: null, or a struct containing a [=fencedframetype/size=] and a [=visibility/visibility to embedder=]
+  :: null, or a struct containing a [=fencedframetype/size=] and a
+     [=visibility/visibility to embedder=]
 
   : <dfn>interest group descriptor</dfn>
-  :: null, or a struct containing an [=fencedframetype/interest group descriptor=], a [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
+  :: null, or a struct containing an [=fencedframetype/interest group descriptor=], a
+     [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
 
   : <dfn>effective sandbox flags</dfn>
-  :: null, or a struct containing an [=fencedframetype/exhaustive set of sandbox flags=] and a [=visibility/visibility to embedder=]
+  :: null, or a struct containing an [=fencedframetype/exhaustive set of sandbox flags=] and a
+     [=visibility/visibility to embedder=]
 
   : <dfn>effective permissions</dfn>
-  :: null, or a struct containing an [=fencedframetype/exhaustive set of permissions=], a [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
+  :: null, or a struct containing an [=fencedframetype/exhaustive set of permissions=], a
+     [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
 
   : <dfn>fenced frame reporter</dfn>
-  :: null, or a struct containing a [=fencedframetype/fenced frame reporter=], a [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
+  :: null, or a struct containing a [=fencedframetype/fenced frame reporter=], a
+     [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
 
   : <dfn>exfiltration budget metadata</dfn>
-  :: null, or a struct containing an [=fencedframetype/exfiltration budget metadata=], a [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
+  :: null, or a struct containing an [=fencedframetype/exfiltration budget metadata=], a
+     [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
 
   : <dfn>nested configs</dfn>
-  :: null, or a struct containing a sequence of [=fenced frame configs=] and a [=visibility/visibility to embedder=]
+  :: null, or a struct containing a sequence of [=fenced frame configs=] and a
+     [=visibility/visibility to embedder=]
 
   : <dfn>embedder shared storage context</dfn>
   :: null, or an [=fencedframetype/embedder shared storage context=]
@@ -388,31 +412,40 @@ A <dfn export>fenced frame config instance</dfn> is a struct with the following
 
 <dl export dfn-for="fenced frame config instance">
   : <dfn>mapped url</dfn>
-  :: null, or a struct containing a [=fencedframetype/mapped url=] and a [=visibility/visibility to embedder=]
+  :: null, or a struct containing a [=fencedframetype/mapped url=] and a
+     [=visibility/visibility to embedder=]
 
   : <dfn>container size</dfn>
-  :: null, or a struct containing a [=fencedframetype/size=] and a [=visibility/visibility to content=]
+  :: null, or a struct containing a [=fencedframetype/size=] and a
+     [=visibility/visibility to content=]
 
   : <dfn>content size</dfn>
-  :: null, or a struct containing a [=fencedframetype/size=] and a [=visibility/visibility to embedder=]
+  :: null, or a struct containing a [=fencedframetype/size=] and a
+     [=visibility/visibility to embedder=]
 
   : <dfn>interest group descriptor</dfn>
-  :: null, or a struct containing an [=fencedframetype/interest group descriptor=], a [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
+  :: null, or a struct containing an [=fencedframetype/interest group descriptor=], a
+     [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
 
   : <dfn>effective sandbox flags</dfn>
-  :: null, or a struct containing an [=fencedframetype/exhaustive set of sandbox flags=] and a [=visibility/visibility to embedder=]
+  :: null, or a struct containing an [=fencedframetype/exhaustive set of sandbox flags=] and a
+     [=visibility/visibility to embedder=]
 
   : <dfn>effective permissions</dfn>
-  :: null, or a struct containing an [=fencedframetype/exhaustive set of permissions=] and a [=visibility/visibility to embedder=]
+  :: null, or a struct containing an [=fencedframetype/exhaustive set of permissions=] and a
+     [=visibility/visibility to embedder=]
 
   : <dfn>fenced frame reporter</dfn> TODO: including automatic beacon info
-  :: null, or a struct containing a [=fencedframetype/fenced frame reporter=], a [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
+  :: null, or a struct containing a [=fencedframetype/fenced frame reporter=], a
+     [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
 
   : <dfn>exfiltration budget metadata</dfn>
-  :: null, or a struct containing an [=fencedframetype/exfiltration budget metadata=], a [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
+  :: null, or a struct containing an [=fencedframetype/exfiltration budget metadata=], a
+     [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
 
   : <dfn>nested configs</dfn>
-  :: null, or a struct containing a sequence of pairs of [=urn uuids] and [=fenced frame configs=] and a [=visibility/visibility to embedder=]
+  :: null, or a struct containing a sequence of pairs of [=urn uuids] and [=fenced frame configs=]
+     and a [=visibility/visibility to embedder=]
 
   : <dfn>partition nonce</dfn>
   :: a [=partition nonce=]
@@ -449,7 +482,15 @@ A <dfn export>fenced frame config instance</dfn> is a struct with the following
     :: the [=fenced frame config=]'s TODO
 
     : [=fenced frame config instance/nested configs=]
-    :: If the [=fenced frame config=]'s [=fenced frame config/nested configs=] is null, set to null. Otherwise, set the [=fenced frame config instance/nested configs=] to an [=ordered map=], where for each [=fenced frame config=] in [=fenced frame config/nested configs=], there is an entry where the key is a randomly sampled [=urn uuid=] and the value is the [=fenced frame config=]. Copy the [=visibility/visibility to embedder=] from the [=fenced frame config=]'s [=fenced frame config/nested configs=]'s [=visibility/visibility to embedder=], and the [=visibility/visibility to content=] from the [=fenced frame config=]'s [=fenced frame config/nested configs=]'s [=visibility/visibility to content=].
+    :: If the [=fenced frame config=]'s [=fenced frame config/nested configs=] is null, set to
+       null. Otherwise, set the [=fenced frame config instance/nested configs=] to an
+       [=ordered map=], where for each [=fenced frame config=] in
+       [=fenced frame config/nested configs=], there is an entry where the key is a randomly
+       sampled [=urn uuid=] and the value is the [=fenced frame config=]. Copy the
+       [=visibility/visibility to embedder=] from the [=fenced frame config=]'s
+       [=fenced frame config/nested configs=]'s [=visibility/visibility to embedder=], and the
+       [=visibility/visibility to content=] from the [=fenced frame config=]'s
+       [=fenced frame config/nested configs=]'s [=visibility/visibility to content=].
 
     : [=fenced frame config instance/partition nonce=]
     :: a random [=partition nonce=] (TODO)

From e86d78a0a0afc0bf6f73615aa09ecab71a187ced Mon Sep 17 00:00:00 2001
From: Garrett Tanzer <gtanzer@chromium.org>
Date: Wed, 12 Apr 2023 18:09:44 +0000
Subject: [PATCH 18/42] elaborate on fenced frame config mapping

---
 spec.bs | 39 ++++++++++++++++++++++++++++++++++++---
 1 file changed, 36 insertions(+), 3 deletions(-)

diff --git a/spec.bs b/spec.bs
index 2e774724..94d60974 100644
--- a/spec.bs
+++ b/spec.bs
@@ -287,10 +287,11 @@ href="https://html.spec.whatwg.org/multipage/embedded-content-other.html#dimensi
 attributes</a> section. This section will be updated to include <{fencedframe}> in the list of
 elements that the <code>[=width=]</code> and <code>[=height=]</code> dimension attributes apply to.
 
-<h3 id=configuration-map>Configuration mapping</h3>
+<h3 id=fenced-frame-config-map>Fenced frame config mapping</h3>
 
 Each [=traversable navigable=] has a <dfn for="traversable navigable" export>fenced frame config
-mapping</dfn>, a [=map=] mapping [=urn uuids=] to [=fenced frame config=] [=structs=].
+mapping</dfn>. At a high level, this object maps [=urn uuids=] to [=fenced frame config=]
+[=structs=].
 
 Note: This mapping is consulted during [=navigate|navigation=], and written to by what we
 colloquially refer to as *URN-generating APIs* or *config-generating APIs*, that generate both [=urn
@@ -298,6 +299,38 @@ uuids=] and [=fenced frame configs=] for use in navigating <{fencedframe}> and <
 See for example, the <a href=https://wicg.github.io/turtledove/>FLEDGE</a> and <a
 href=https://wicg.github.io/shared-storage/>Shared Storage</a> specifications.
 
+Each [=traversable navigable/fenced frame config mapping=] has a
+<dfn for="fenced frame config mapping" export>maximum number of configs</dfn>, which is
+implementation-defined. The [=maximum number of configs=] may be a nonnegative number or infinity.
+
+Note: It is important to specify the behavior of [=maximum number of configs=] because its
+semantics can interact with config-generating APIs in a privacy sensitive way.
+
+The [=traversable navigable/fenced frame config mapping=] actually consists of two submappings:
+<dl export dfn-for="fenced frame config mapping">
+  : <dfn>pending fenced frame config mapping</dfn>
+  :: a [=map=] from [=urn uuids=] to tuples of [=fenced frame configs=] and TODO: callbacks
+
+  : <dfn>finalized fenced frame config mapping</dfn>
+  :: a [=map=] from [=urn uuids=] to [=fenced frame configs=]
+</dl>
+
+At a high level, in order to store a config in the
+[=traversable navigable/fenced frame config mapping=], one must first store a pending config, and
+then turn the pending config into a finalized config. Those procedures are as follows:
+
+<div algorithm="store pending config">
+  In order to store a [=fenced frame config=] into the [=pending fenced frame config mapping=], run these steps:
+
+  1. TODO
+</div>
+
+<div algorithm="store finalized config">
+  In order to store a [=fenced frame config=] into the [=finalized fenced frame config mapping=], run these steps:
+
+  1. TODO
+</div>
+
 <h3 id=fenced-frame-config-interface>The {{FencedFrameConfig}} interface</h3>
 
 One major input to the <{fencedframe}> element is the {{FencedFrameConfig}} interface, which
@@ -454,7 +487,7 @@ A <dfn export>fenced frame config instance</dfn> is a struct with the following
   :: null, or an [=fencedframetype/embedder shared storage context=]
 </dl>
 
-<div algorithm=configinstantiation>
+<div algorithm="config instantiation">
   A [=fenced frame config instance=] is initialized from a [=fenced frame config=] as follows:
 
     : [=fenced frame config instance/mapped url=]

From 4a2d08eae431f58ebb06daa72a98513fea6c98a6 Mon Sep 17 00:00:00 2001
From: Garrett Tanzer <gtanzer@chromium.org>
Date: Wed, 12 Apr 2023 19:23:40 +0000
Subject: [PATCH 19/42] describe fenced frame config mapping

---
 spec.bs | 49 ++++++++++++++++++++++++++++++++++++++++---------
 1 file changed, 40 insertions(+), 9 deletions(-)

diff --git a/spec.bs b/spec.bs
index 94d60974..b75ca289 100644
--- a/spec.bs
+++ b/spec.bs
@@ -301,34 +301,65 @@ href=https://wicg.github.io/shared-storage/>Shared Storage</a> specifications.
 
 Each [=traversable navigable/fenced frame config mapping=] has a
 <dfn for="fenced frame config mapping" export>maximum number of configs</dfn>, which is
-implementation-defined. The [=maximum number of configs=] may be a nonnegative number or infinity.
+implementation-defined. The [=fenced frame config mapping/maximum number of configs=] may be a
+nonnegative number or infinity.
 
-Note: It is important to specify the behavior of [=maximum number of configs=] because its
-semantics can interact with config-generating APIs in a privacy sensitive way.
+Note: It is important to specify the behavior of
+[=fenced frame config mapping/maximum number of configs=] because its semantics can interact with
+config-generating APIs in a privacy sensitive way.
 
 The [=traversable navigable/fenced frame config mapping=] actually consists of two submappings:
 <dl export dfn-for="fenced frame config mapping">
   : <dfn>pending fenced frame config mapping</dfn>
-  :: a [=map=] from [=urn uuids=] to tuples of [=fenced frame configs=] and TODO: callbacks
+  :: a [=map=] from [=urn uuids=] to [=fenced frame configs=]
 
   : <dfn>finalized fenced frame config mapping</dfn>
   :: a [=map=] from [=urn uuids=] to [=fenced frame configs=]
 </dl>
 
-At a high level, in order to store a config in the
+At a high level, in order to store a [=fenced frame config=] in the
 [=traversable navigable/fenced frame config mapping=], one must first store a pending config, and
 then turn the pending config into a finalized config. Those procedures are as follows:
 
 <div algorithm="store pending config">
-  In order to store a [=fenced frame config=] into the [=pending fenced frame config mapping=], run these steps:
+  In order to store a [=fenced frame config=] into the
+  [=fenced frame config mapping/pending fenced frame config mapping=], run these steps:
 
-  1. TODO
+  1. If the size of the [=fenced frame config mapping/pending fenced frame config mapping=] + the
+     size of the [=fenced frame config mapping/finalized fenced frame config mapping=] meets or
+     exceeds the [=fenced frame config mapping/maximum number of configs=], return failure.
+
+  1. Randomly generate a [=urn uuid=], and insert into the [=fenced frame config mapping/pending
+     fenced frame config mapping=] an entry with the key [=urn uuid=] and the value
+     [=fenced frame config=].
 </div>
 
 <div algorithm="store finalized config">
-  In order to store a [=fenced frame config=] into the [=finalized fenced frame config mapping=], run these steps:
+  In order to store a pending [=fenced frame config=] at a [=urn uuid=] into the
+  [=fenced frame config mapping/finalized fenced frame config mapping=], run these steps:
 
-  1. TODO
+  1. If the [=urn uuid=] is not present in the
+     [=fenced frame config mapping/pending fenced frame config mapping=], return failure.
+
+  1. Remove the entry keyed by the [=urn uuid=] in the
+     [=fenced frame config mapping/pending fenced frame config mapping=], and insert into the
+     [=fenced frame config mapping/finalized fenced frame config mapping=] an entry with the key
+     [=urn uuid=] and the value [=fenced frame config=].
+</div>
+
+<div algorithm="look up config">
+  In order to look up a [=fenced frame config=] at a [=urn uuid=] in the
+  [=traversable navigable/fenced frame config mapping=] for navigation, run these steps:
+
+  1. If the [=urn uuid=] is present in the
+     [=fenced frame config mapping/pending fenced frame config mapping=], wait until it is no
+     longer present.
+
+  1. If the [=urn uuid=] is not present in the
+     [=fenced frame config mapping/finalized fenced frame config mapping=], return failure.
+
+  1. Return the value keyed by the [=urn uuid=] in the
+     [=fenced frame config mapping/finalized fenced frame config mapping=].
 </div>
 
 <h3 id=fenced-frame-config-interface>The {{FencedFrameConfig}} interface</h3>

From 3269b8318af867cef375e1fc104d72afee496854 Mon Sep 17 00:00:00 2001
From: Garrett Tanzer <gtanzer@chromium.org>
Date: Wed, 12 Apr 2023 19:26:08 +0000
Subject: [PATCH 20/42] fix urn uuids]

---
 spec.bs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/spec.bs b/spec.bs
index b75ca289..12a70c26 100644
--- a/spec.bs
+++ b/spec.bs
@@ -508,7 +508,7 @@ A <dfn export>fenced frame config instance</dfn> is a struct with the following
      [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
 
   : <dfn>nested configs</dfn>
-  :: null, or a struct containing a sequence of pairs of [=urn uuids] and [=fenced frame configs=]
+  :: null, or a struct containing a sequence of pairs of [=urn uuids=] and [=fenced frame configs=]
      and a [=visibility/visibility to embedder=]
 
   : <dfn>partition nonce</dfn>

From cb828dc655de5f6f541bd3b3ab1836a9b2deba68 Mon Sep 17 00:00:00 2001
From: Garrett Tanzer <gtanzer@chromium.org>
Date: Wed, 12 Apr 2023 20:31:47 +0000
Subject: [PATCH 21/42] update algorithm def

---
 spec.bs | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/spec.bs b/spec.bs
index 12a70c26..7de7a15e 100644
--- a/spec.bs
+++ b/spec.bs
@@ -321,9 +321,9 @@ At a high level, in order to store a [=fenced frame config=] in the
 [=traversable navigable/fenced frame config mapping=], one must first store a pending config, and
 then turn the pending config into a finalized config. Those procedures are as follows:
 
-<div algorithm="store pending config">
-  In order to store a [=fenced frame config=] into the
-  [=fenced frame config mapping/pending fenced frame config mapping=], run these steps:
+<div algorithm>
+  In order to <dfn export>store a [=fenced frame config=] into the
+  [=fenced frame config mapping/pending fenced frame config mapping=]</dfn>, run these steps:
 
   1. If the size of the [=fenced frame config mapping/pending fenced frame config mapping=] + the
      size of the [=fenced frame config mapping/finalized fenced frame config mapping=] meets or
@@ -334,9 +334,9 @@ then turn the pending config into a finalized config. Those procedures are as fo
      [=fenced frame config=].
 </div>
 
-<div algorithm="store finalized config">
-  In order to store a pending [=fenced frame config=] at a [=urn uuid=] into the
-  [=fenced frame config mapping/finalized fenced frame config mapping=], run these steps:
+<div algorithm>
+  In order to <dfn export>store a pending [=fenced frame config=] at a [=urn uuid=] into the
+  [=fenced frame config mapping/finalized fenced frame config mapping=]</dfn>, run these steps:
 
   1. If the [=urn uuid=] is not present in the
      [=fenced frame config mapping/pending fenced frame config mapping=], return failure.
@@ -347,9 +347,9 @@ then turn the pending config into a finalized config. Those procedures are as fo
      [=urn uuid=] and the value [=fenced frame config=].
 </div>
 
-<div algorithm="look up config">
-  In order to look up a [=fenced frame config=] at a [=urn uuid=] in the
-  [=traversable navigable/fenced frame config mapping=] for navigation, run these steps:
+<div algorithm>
+  In order to <dfn export>look up a [=fenced frame config=] at a [=urn uuid=] in the
+  [=traversable navigable/fenced frame config mapping=] for navigation</dfn>, run these steps:
 
   1. If the [=urn uuid=] is present in the
      [=fenced frame config mapping/pending fenced frame config mapping=], wait until it is no
@@ -563,8 +563,8 @@ A <dfn export>fenced frame config instance</dfn> is a struct with the following
     :: the [=fenced frame config=]'s [=fenced frame config/embedder shared storage context=]
 </div>
 
-<div algorithm=redaction>
-  In order to redact a [=fenced frame config=], run these steps:
+<div algorithm>
+  In order to <dfn export>redact a [=fenced frame config=]</dfn>, run these steps:
 
   1. TODO
 </div>

From d417e29ddb7d5c7524c9745628859cce71a5959c Mon Sep 17 00:00:00 2001
From: Garrett Tanzer <gtanzer@chromium.org>
Date: Thu, 13 Apr 2023 15:19:05 +0000
Subject: [PATCH 22/42] add error check boilerplate for window.fence apis

---
 spec.bs | 32 +++++++++++++++++++++++++++++++-
 1 file changed, 31 insertions(+), 1 deletion(-)

diff --git a/spec.bs b/spec.bs
index 7de7a15e..c7711324 100644
--- a/spec.bs
+++ b/spec.bs
@@ -391,7 +391,7 @@ A key feature of the <{fencedframe}> element is that web platform APIs can confi
 of the frame in a way that limits the ability of other execution contexts to modify or inspect this
 configuration, for security or privacy reasons. For example, the FLEDGE API (TODO:ref) performs
 on-device ad auctions over cross-site data, and it is important that the ad that wins the auction
-can be loaded into a frame, without the API caller knowing which ad won the auction or being able
+can be loaded into a frame, without the API caller knowing *which ad* won the auction or being able
 to manipulate the environment in which the ad loads.
 
 We achieve this using the concept of a "fenced frame config". A fenced frame config is a collection
@@ -601,18 +601,48 @@ A <dfn export>fenced frame config instance</dfn> is a struct with the following
 <div algorithm>
   The <dfn method for=Fence>reportEvent(<var ignore>event</var>)</dfn> method steps are:
 
+  1. Let *instance* be this [=traversable navigable=]'s [=fenced frame config instance=].
+
+  1. If *instance* is null, then return.
+
+  1. If *instance*'s [=fenced frame config instance/mapped url=] is null, then the behavior is
+     unspecified.
+
+  1. If this [=document=]'s [=origin=] and *instance*'s
+     [=fenced frame config instance/mapped url=]'s origin are not [=same origin=], then return.
+
   1. <span class=XXX>Fill this out!</span>
 </div>
 
 <div algorithm>
   The <dfn method for=Fence>setReportEventDataForAutomaticBeacons(<var ignore>event</var>)</dfn> method steps are:
 
+  1. Let *instance* be this [=traversable navigable=]'s [=fenced frame config instance=].
+
+  1. If *instance* is null, then return.
+
+  1. If *instance*'s [=fenced frame config instance/mapped url=] is null, then the behavior is
+     unspecified.
+
+  1. If this [=document=]'s [=origin=] and *instance*'s
+     [=fenced frame config instance/mapped url=]'s origin are not [=same origin=], then return.
+
   1. <span class=XXX>Fill this out!</span>
 </div>
 
 <div algorithm>
   The <dfn method for=Fence>getNestedConfigs()</dfn> method steps are:
 
+  1. Let *instance* be this [=traversable navigable=]'s [=fenced frame config instance=].
+
+  1. If *instance* is null, then return.
+
+  1. If *instance*'s [=fenced frame config instance/mapped url=] is null, then the behavior is
+     unspecified.
+
+  1. If this [=document=]'s [=origin=] and *instance*'s
+     [=fenced frame config instance/mapped url=]'s origin are not [=same origin=], then return.
+
   1. <span class=XXX>Fill this out!</span>
 </div>
 

From 218fdd1ac4002279175533577dde82f9636f554d Mon Sep 17 00:00:00 2001
From: Garrett Tanzer <gtanzer@chromium.org>
Date: Thu, 13 Apr 2023 16:20:11 +0000
Subject: [PATCH 23/42] finish description of getNestedConfigs

---
 spec.bs | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/spec.bs b/spec.bs
index c7711324..a494cb8e 100644
--- a/spec.bs
+++ b/spec.bs
@@ -384,6 +384,13 @@ maps to an internal [=fenced frame config=] [=struct=].
 
 Issue: Fix the "indistinguishable" IDL bug with the unions above.</span>
 
+<div algorithm>
+  In order to <dfn export>lift a [=urn uuid=] and [=fenced frame config=] into a
+  {{FencedFrameConfig}}</dfn>, run these steps:
+
+  1. TODO
+</div>
+
 Each {{FencedFrameConfig}} has a <dfn for=fencedframeconfig>url</dfn>, which is a string, initially
 null. TODO: flesh out {{FencedFrameConfig}}
 
@@ -471,7 +478,6 @@ A <dfn export>fenced frame config</dfn> is a struct with the following [=struct/
   :: null, or an [=fencedframetype/embedder shared storage context=]
 </dl>
 
-
 A <dfn export>fenced frame config instance</dfn> is a struct with the following [=struct/items=]:
 
 <dl export dfn-for="fenced frame config instance">
@@ -643,7 +649,14 @@ A <dfn export>fenced frame config instance</dfn> is a struct with the following
   1. If this [=document=]'s [=origin=] and *instance*'s
      [=fenced frame config instance/mapped url=]'s origin are not [=same origin=], then return.
 
-  1. <span class=XXX>Fill this out!</span>
+  1. Let *results* be a sequence of {{FencedFrameConfig}}s.
+
+  1. For each [=urn uuid=] *urn* and [=fenced frame config=] *config* in *instance*'s
+     [=fenced frame config instance/nested configs=]:
+     1. Redact *config* for the embedder (TODO:ref), into *redacted config*.
+     2. Lift *urn* and *redacted config* into a {{FencedFrameConfig}}, and append it to *results*.
+
+  1. Return *results*.
 </div>
 
 <h3 id=new-request-destination>New [=request=] [=request/destination=]</h3>

From 51b819e49544a13c0c75ca9e09fa78df4f495db4 Mon Sep 17 00:00:00 2001
From: Garrett Tanzer <gtanzer@chromium.org>
Date: Thu, 13 Apr 2023 16:36:33 +0000
Subject: [PATCH 24/42] add nested config mapping

---
 spec.bs | 51 +++++++++++++++++++++++++++++++++++----------------
 1 file changed, 35 insertions(+), 16 deletions(-)

diff --git a/spec.bs b/spec.bs
index a494cb8e..902aa25a 100644
--- a/spec.bs
+++ b/spec.bs
@@ -308,12 +308,15 @@ Note: It is important to specify the behavior of
 [=fenced frame config mapping/maximum number of configs=] because its semantics can interact with
 config-generating APIs in a privacy sensitive way.
 
-The [=traversable navigable/fenced frame config mapping=] actually consists of two submappings:
+The [=traversable navigable/fenced frame config mapping=] actually consists of three submappings:
 <dl export dfn-for="fenced frame config mapping">
-  : <dfn>pending fenced frame config mapping</dfn>
+  : <dfn>pending config mapping</dfn>
   :: a [=map=] from [=urn uuids=] to [=fenced frame configs=]
 
-  : <dfn>finalized fenced frame config mapping</dfn>
+  : <dfn>finalized config mapping</dfn>
+  :: a [=map=] from [=urn uuids=] to [=fenced frame configs=]
+
+  : <dfn>nested config mapping</dfn>
   :: a [=map=] from [=urn uuids=] to [=fenced frame configs=]
 </dl>
 
@@ -323,43 +326,59 @@ then turn the pending config into a finalized config. Those procedures are as fo
 
 <div algorithm>
   In order to <dfn export>store a [=fenced frame config=] into the
-  [=fenced frame config mapping/pending fenced frame config mapping=]</dfn>, run these steps:
+  [=fenced frame config mapping/pending config mapping=]</dfn>, run these steps:
 
-  1. If the size of the [=fenced frame config mapping/pending fenced frame config mapping=] + the
-     size of the [=fenced frame config mapping/finalized fenced frame config mapping=] meets or
+  1. If the size of the [=fenced frame config mapping/pending config mapping=] + the
+     size of the [=fenced frame config mapping/finalized config mapping=] meets or
      exceeds the [=fenced frame config mapping/maximum number of configs=], return failure.
 
   1. Randomly generate a [=urn uuid=], and insert into the [=fenced frame config mapping/pending
-     fenced frame config mapping=] an entry with the key [=urn uuid=] and the value
+     config mapping=] an entry with the key [=urn uuid=] and the value
      [=fenced frame config=].
 </div>
 
 <div algorithm>
   In order to <dfn export>store a pending [=fenced frame config=] at a [=urn uuid=] into the
-  [=fenced frame config mapping/finalized fenced frame config mapping=]</dfn>, run these steps:
+  [=fenced frame config mapping/finalized config mapping=]</dfn>, run these steps:
 
   1. If the [=urn uuid=] is not present in the
-     [=fenced frame config mapping/pending fenced frame config mapping=], return failure.
+     [=fenced frame config mapping/pending config mapping=], return failure.
 
   1. Remove the entry keyed by the [=urn uuid=] in the
-     [=fenced frame config mapping/pending fenced frame config mapping=], and insert into the
-     [=fenced frame config mapping/finalized fenced frame config mapping=] an entry with the key
+     [=fenced frame config mapping/pending config mapping=], and insert into the
+     [=fenced frame config mapping/finalized config mapping=] an entry with the key
      [=urn uuid=] and the value [=fenced frame config=].
 </div>
 
+<div algorithm>
+  In order to <dfn export>store [=fenced frame config instance/nested configs=] into the
+  [=fenced frame config mapping/nested config mapping=]</dfn>, run these steps:
+
+  1. If [=fenced frame config instance/nested configs=] is null, return.
+
+  1. For each [=urn uuid=] *urn* and [=fenced frame config=] *config* in the
+     [=fenced frame config instance/nested configs=]:
+
+     1. Insert an entry into the [=fenced frame config mapping/nested config mapping=] with key
+        *urn* and value *config*.
+</div>
+
+
 <div algorithm>
   In order to <dfn export>look up a [=fenced frame config=] at a [=urn uuid=] in the
   [=traversable navigable/fenced frame config mapping=] for navigation</dfn>, run these steps:
 
   1. If the [=urn uuid=] is present in the
-     [=fenced frame config mapping/pending fenced frame config mapping=], wait until it is no
+     [=fenced frame config mapping/nested config mapping=], return its value.
+
+  1. If the [=urn uuid=] is present in the
+     [=fenced frame config mapping/pending config mapping=], wait until it is no
      longer present.
 
-  1. If the [=urn uuid=] is not present in the
-     [=fenced frame config mapping/finalized fenced frame config mapping=], return failure.
+  1. If the [=urn uuid=] is present in the
+     [=fenced frame config mapping/finalized config mapping=], return its value.
 
-  1. Return the value keyed by the [=urn uuid=] in the
-     [=fenced frame config mapping/finalized fenced frame config mapping=].
+  1. Return failure.
 </div>
 
 <h3 id=fenced-frame-config-interface>The {{FencedFrameConfig}} interface</h3>

From 767a34189bbe96d9099f01cd0a313c173f22f033 Mon Sep 17 00:00:00 2001
From: Garrett Tanzer <gtanzer@chromium.org>
Date: Thu, 13 Apr 2023 18:51:29 +0000
Subject: [PATCH 25/42] boilerplate for reportevent and automatic beacons

---
 spec.bs | 31 +++++++++++++++++++++++++++++--
 1 file changed, 29 insertions(+), 2 deletions(-)

diff --git a/spec.bs b/spec.bs
index 902aa25a..09e7c749 100644
--- a/spec.bs
+++ b/spec.bs
@@ -448,6 +448,24 @@ An <dfn export for=fencedframetype>exhaustive set of permissions</dfn> is TODO.
 
 A <dfn export for=fencedframetype>fenced frame reporter</dfn> is TODO.
 
+<div algorithm>
+  In order to <dfn export> report an event</dfn>, run these steps:
+
+  1. TODO
+</div>
+
+<div algorithm>
+  In order to <dfn export> report a private aggregation event</dfn>, run these steps:
+
+  1. TODO
+</div>
+
+<div algorithm>
+  In order to <dfn export> set automatic beacon data</dfn>, run these steps:
+
+  1. TODO
+</div>
+
 An <dfn export for=fencedframetype>exfiltration budget metadata</dfn> is TODO.
 
 An <dfn export for=fencedframetype>embedder shared storage context</dfn> is a string.
@@ -636,7 +654,11 @@ A <dfn export>fenced frame config instance</dfn> is a struct with the following
   1. If this [=document=]'s [=origin=] and *instance*'s
      [=fenced frame config instance/mapped url=]'s origin are not [=same origin=], then return.
 
-  1. <span class=XXX>Fill this out!</span>
+  1. If *event* is a `DOMString`, run [=report a private aggregation event=] with *event* and
+     *instance*'s [=fenced frame config instance/fenced frame reporter=].
+
+  1. If *event* is a `FenceEvent`, run [=report an event=] with *event* and *instance*'s
+     [=fenced frame config instance/fenced frame reporter=].
 </div>
 
 <div algorithm>
@@ -652,7 +674,10 @@ A <dfn export>fenced frame config instance</dfn> is a struct with the following
   1. If this [=document=]'s [=origin=] and *instance*'s
      [=fenced frame config instance/mapped url=]'s origin are not [=same origin=], then return.
 
-  1. <span class=XXX>Fill this out!</span>
+  1. If *instance*'s [=fenced frame config instance/fenced frame reporter=] is null, then return.
+
+  1. Run [=set automatic beacon data=] with *event* and *instance*'s
+     [=fenced frame config instance/fenced frame reporter=].
 </div>
 
 <div algorithm>
@@ -668,6 +693,8 @@ A <dfn export>fenced frame config instance</dfn> is a struct with the following
   1. If this [=document=]'s [=origin=] and *instance*'s
      [=fenced frame config instance/mapped url=]'s origin are not [=same origin=], then return.
 
+  1. If *instance*'s [=fenced frame config instance/nested configs=] is null, then return.
+
   1. Let *results* be a sequence of {{FencedFrameConfig}}s.
 
   1. For each [=urn uuid=] *urn* and [=fenced frame config=] *config* in *instance*'s

From f388f395d37897667059b0877821d24dee1431d2 Mon Sep 17 00:00:00 2001
From: Garrett Tanzer <gtanzer@chromium.org>
Date: Thu, 13 Apr 2023 22:55:41 +0000
Subject: [PATCH 26/42] update Fence getter + blurb

---
 spec.bs | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/spec.bs b/spec.bs
index 09e7c749..719244d1 100644
--- a/spec.bs
+++ b/spec.bs
@@ -614,7 +614,7 @@ A <dfn export>fenced frame config instance</dfn> is a struct with the following
 
 <h3 id=fence-interface>The {{Fence}} interface</h3>
 
-<span class=XXX>Describe this infrastructure in detail.</span>
+Several APIs specific to fenced frames are defined on the {{Fence}} interface.
 
 <pre class=idl>
   enum FenceReportingDestination {
@@ -810,8 +810,8 @@ Each {{Window}} object has an associated <dfn for=Window>fence</dfn>, which is a
 
 <div algorithm>
   The <dfn attribute for=Window>fence</dfn> getter steps are:
-    1. If [=this=]'s [=Window/navigable=]'s [=navigable/loading mode=] is "`fencedframe`", return
-       [=this=]'s [=Window/fence=].
+    1. If [=this=]'s [=Window/navigable=]'s [=fenced frame config instance=] is not null, then
+       return [=this=]'s [=Window/fence=].
 
     1. Return null.
 </div>

From fb0c9d92bd0ae5533d981a8a4450bac3050c67be Mon Sep 17 00:00:00 2001
From: Garrett Tanzer <gtanzer@chromium.org>
Date: Thu, 13 Apr 2023 23:25:23 +0000
Subject: [PATCH 27/42] add some types and format todos

---
 spec.bs | 44 ++++++++++++++++++++++++--------------------
 1 file changed, 24 insertions(+), 20 deletions(-)

diff --git a/spec.bs b/spec.bs
index 719244d1..bc72e712 100644
--- a/spec.bs
+++ b/spec.bs
@@ -407,7 +407,7 @@ Issue: Fix the "indistinguishable" IDL bug with the unions above.</span>
   In order to <dfn export>lift a [=urn uuid=] and [=fenced frame config=] into a
   {{FencedFrameConfig}}</dfn>, run these steps:
 
-  1. TODO
+  1. <span class=XXX>TODO: Fill this in</span>
 </div>
 
 Each {{FencedFrameConfig}} has a <dfn for=fencedframeconfig>url</dfn>, which is a string, initially
@@ -430,47 +430,51 @@ new "fenced frame config instance", which governs that particular context.
 
 We now establish some preliminary types:
 
-A <dfn export for=fencedframeconfig>visibility</dfn> is either
-"<dfn export for=visibility>`opaque`</dfn>" or "<dfn export for=visibility>`transparent`</dfn>".
-There are two kinds of [=fencedframeconfig/visibility=]:
-<dfn export for=visibility>visibility to embedder</dfn> and
+A <dfn export for=fencedframeconfig>visibility</dfn> is either "<dfn export for=visibility>
+`opaque`</dfn>" or "<dfn export for=visibility>`transparent`</dfn>". There are two kinds of
+[=fencedframeconfig/visibility=]: <dfn export for=visibility>visibility to embedder</dfn> and
 <dfn export for=visibility>visibility to content</dfn>.
 
-A <dfn export for=fencedframetype>mapped url</dfn> is TODO.
+A <dfn export for=fencedframetype>mapped url</dfn> is a [=url=]. <span class=XXX>TODO: Stipulate a
+url with particular schemes?</span>
 
-A <dfn export for=fencedframetype>size</dfn> is TODO.
+A <dfn export for=fencedframetype>size</dfn> is a struct with non-negative integer <dfn export for=
+"size">width</dfn> and non-negative integer <dfn export for="size">height</dfn>. <span class=XXX>
+TODO: Maybe change the numeric type.</span>
 
-An <dfn export for=fencedframetype>interest group descriptor</dfn> is TODO.
+An <dfn export for=fencedframetype>interest group descriptor</dfn> is a struct with <dfn export
+for="interest group descriptor">owner</dfn>, which is a string, and <dfn export for="interest group
+descriptor">name</dfn>, which is a string.
 
-An <dfn export for=fencedframetype>exhaustive set of sandbox flags</dfn> is TODO.
+An <dfn export for=fencedframetype>exhaustive set of sandbox flags</dfn> is <span class=XXX>TODO: Specify the type for this.</span>
 
-An <dfn export for=fencedframetype>exhaustive set of permissions</dfn> is TODO.
+An <dfn export for=fencedframetype>exhaustive set of permissions</dfn> is <span class=XXX>TODO: Specify the type for this.</span>
 
-A <dfn export for=fencedframetype>fenced frame reporter</dfn> is TODO.
+A <dfn export for=fencedframetype>fenced frame reporter</dfn> is <span class=XXX>TODO: Specify the type for this.</span>
 
 <div algorithm>
   In order to <dfn export> report an event</dfn>, run these steps:
 
-  1. TODO
+  1. <span class=XXX>TODO: fill this in</span>
 </div>
 
 <div algorithm>
   In order to <dfn export> report a private aggregation event</dfn>, run these steps:
 
-  1. TODO
+  1. <span class=XXX>TODO: Fill this in</span>
 </div>
 
 <div algorithm>
   In order to <dfn export> set automatic beacon data</dfn>, run these steps:
 
-  1. TODO
+  1. <span class=XXX>TODO: Fill this in</span>
 </div>
 
-An <dfn export for=fencedframetype>exfiltration budget metadata</dfn> is TODO.
+An <dfn export for=fencedframetype>exfiltration budget metadata</dfn> is <span class=XXX>TODO: Specify the type for this.</span>
 
 An <dfn export for=fencedframetype>embedder shared storage context</dfn> is a string.
 
-A <dfn export>partition nonce</dfn> is TODO.
+A <dfn export>partition nonce</dfn> is <span class=XXX>TODO: Specify the type for this.</span>
 
 A <dfn export>fenced frame config</dfn> is a struct with the following [=struct/items=]:
 
@@ -583,10 +587,10 @@ A <dfn export>fenced frame config instance</dfn> is a struct with the following
     :: the [=fenced frame config=]'s [=fenced frame config/effective permissions=]
 
     : [=fenced frame config instance/fenced frame reporter=]
-    :: the [=fenced frame config=]'s TODO
+    :: the [=fenced frame config=]'s <span class=XXX>TODO: Fill this in</span>
 
     : [=fenced frame config instance/exfiltration budget metadata=]
-    :: the [=fenced frame config=]'s TODO
+    :: the [=fenced frame config=]'s <span class=XXX>TODO: Fill this in</span>
 
     : [=fenced frame config instance/nested configs=]
     :: If the [=fenced frame config=]'s [=fenced frame config/nested configs=] is null, set to
@@ -600,7 +604,7 @@ A <dfn export>fenced frame config instance</dfn> is a struct with the following
        [=fenced frame config/nested configs=]'s [=visibility/visibility to content=].
 
     : [=fenced frame config instance/partition nonce=]
-    :: a random [=partition nonce=] (TODO)
+    :: a random [=partition nonce=] <span class=XXX>TODO: Specify what this means</span>
 
     : [=fenced frame config instance/embedder shared storage context=]
     :: the [=fenced frame config=]'s [=fenced frame config/embedder shared storage context=]
@@ -609,7 +613,7 @@ A <dfn export>fenced frame config instance</dfn> is a struct with the following
 <div algorithm>
   In order to <dfn export>redact a [=fenced frame config=]</dfn>, run these steps:
 
-  1. TODO
+  1. <span class=XXX>TODO: Fill this in</span>
 </div>
 
 <h3 id=fence-interface>The {{Fence}} interface</h3>

From 82cba6114f4c56af80e2799a0e8159d6b202b1be Mon Sep 17 00:00:00 2001
From: Garrett Tanzer <gtanzer@chromium.org>
Date: Thu, 13 Apr 2023 23:27:50 +0000
Subject: [PATCH 28/42] fix reportevent

---
 spec.bs | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/spec.bs b/spec.bs
index bc72e712..db94b1e1 100644
--- a/spec.bs
+++ b/spec.bs
@@ -658,6 +658,8 @@ Several APIs specific to fenced frames are defined on the {{Fence}} interface.
   1. If this [=document=]'s [=origin=] and *instance*'s
      [=fenced frame config instance/mapped url=]'s origin are not [=same origin=], then return.
 
+  1. If *instance*'s [=fenced frame config instance/fenced frame reporter=] is null, then return.
+
   1. If *event* is a `DOMString`, run [=report a private aggregation event=] with *event* and
      *instance*'s [=fenced frame config instance/fenced frame reporter=].
 

From eff00929ddf8d66c1d936404b65331fa95337b40 Mon Sep 17 00:00:00 2001
From: Garrett Tanzer <gtanzer@chromium.org>
Date: Thu, 13 Apr 2023 23:59:49 +0000
Subject: [PATCH 29/42] elaborate on exfiltration budget metadata

---
 spec.bs | 30 +++++++++++++++++++++++++-----
 1 file changed, 25 insertions(+), 5 deletions(-)

diff --git a/spec.bs b/spec.bs
index db94b1e1..1ff14f50 100644
--- a/spec.bs
+++ b/spec.bs
@@ -470,7 +470,16 @@ A <dfn export for=fencedframetype>fenced frame reporter</dfn> is <span class=XXX
   1. <span class=XXX>TODO: Fill this in</span>
 </div>
 
-An <dfn export for=fencedframetype>exfiltration budget metadata</dfn> is <span class=XXX>TODO: Specify the type for this.</span>
+An <dfn export for=fencedframetype>exfiltration budget metadata</dfn> is a struct containing an
+<dfn export for="exfiltration budget metadata">origin</dfn>, which is an [=origin=]; and an <dfn
+export for="exfiltration budget metadata">amount to debit</dfn>, which is a non-negative valid
+floating point number <span class=XXX>TODO: ref to float</span>.
+
+An <dfn export for=fencedframetype>exfiltration budget metadata reference</dfn> is a struct
+containing an <dfn export for="exfiltration budget metadata reference">origin</dfn>, which is an
+[=origin=]; and an <dfn export for="exfiltration budget metadata reference">amount to debit
+reference</dfn>, which is a mutable reference to a non-negative valid floating point number.
+<span class=XXX>TODO: are mutable references a thing in spec?</span>
 
 An <dfn export for=fencedframetype>embedder shared storage context</dfn> is a string.
 
@@ -550,8 +559,8 @@ A <dfn export>fenced frame config instance</dfn> is a struct with the following
   :: null, or a struct containing a [=fencedframetype/fenced frame reporter=], a
      [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
 
-  : <dfn>exfiltration budget metadata</dfn>
-  :: null, or a struct containing an [=fencedframetype/exfiltration budget metadata=], a
+  : <dfn>exfiltration budget metadata reference</dfn>
+  :: null, or a struct containing an [=fencedframetype/exfiltration budget metadata reference=], a
      [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
 
   : <dfn>nested configs</dfn>
@@ -589,8 +598,19 @@ A <dfn export>fenced frame config instance</dfn> is a struct with the following
     : [=fenced frame config instance/fenced frame reporter=]
     :: the [=fenced frame config=]'s <span class=XXX>TODO: Fill this in</span>
 
-    : [=fenced frame config instance/exfiltration budget metadata=]
-    :: the [=fenced frame config=]'s <span class=XXX>TODO: Fill this in</span>
+    : [=fenced frame config instance/exfiltration budget metadata reference=]
+    :: If the [=fenced frame config=]'s [=fenced frame config/exfiltration budget metadata=] is
+       null, set to null. Otherwise, set the [=fenced frame config instance/exfiltration budget
+       metadata reference=] to an [=fencedframetype/exfiltration budget metadata reference=] where
+       the [=exfiltration budget metadata reference/origin=] is the [=fenced frame config=]'s
+       [=fenced frame config/exfiltration budget metadata=]'s [=exfiltration budget metadata/
+       origin=], and the [=exfiltration budget metadata reference/amount to debit reference=] is
+       a reference to the [=fenced frame config=]'s [=fenced frame config/exfiltration budget
+       metadata=]'s [=exfiltration budget metadata/amount to debit=]. Copy the
+       [=visibility/visibility to embedder=] from the [=fenced frame config=]'s
+       [=fenced frame config/exfiltration budget metadata=]'s [=visibility/visibility to embedder=], and the
+       [=visibility/visibility to content=] from the [=fenced frame config=]'s
+       [=fenced frame config/exfiltration budget metadata=]'s [=visibility/visibility to content=].
 
     : [=fenced frame config instance/nested configs=]
     :: If the [=fenced frame config=]'s [=fenced frame config/nested configs=] is null, set to

From f8463bba0152097e5c2cafbe9e29883b68f05997 Mon Sep 17 00:00:00 2001
From: Dominic Farolino <domfarolino@gmail.com>
Date: Fri, 14 Apr 2023 10:14:12 +0200
Subject: [PATCH 30/42] Dom cleanup

 * Use infra.spec.whatwg.org
 * Separate the dfn of fenced frame config mapping from traversable navigable
   member of the same type
 * Make algorithm names more casual, and signatures more formal with variables
---
 spec.bs | 79 ++++++++++++++++++++++++++++++++-------------------------
 1 file changed, 44 insertions(+), 35 deletions(-)

diff --git a/spec.bs b/spec.bs
index 1ff14f50..8b6ef698 100644
--- a/spec.bs
+++ b/spec.bs
@@ -290,8 +290,7 @@ elements that the <code>[=width=]</code> and <code>[=height=]</code> dimension a
 <h3 id=fenced-frame-config-map>Fenced frame config mapping</h3>
 
 Each [=traversable navigable=] has a <dfn for="traversable navigable" export>fenced frame config
-mapping</dfn>. At a high level, this object maps [=urn uuids=] to [=fenced frame config=]
-[=structs=].
+mapping</dfn>, which is a new [=fenced frame config mapping=].
 
 Note: This mapping is consulted during [=navigate|navigation=], and written to by what we
 colloquially refer to as *URN-generating APIs* or *config-generating APIs*, that generate both [=urn
@@ -299,68 +298,78 @@ uuids=] and [=fenced frame configs=] for use in navigating <{fencedframe}> and <
 See for example, the <a href=https://wicg.github.io/turtledove/>FLEDGE</a> and <a
 href=https://wicg.github.io/shared-storage/>Shared Storage</a> specifications.
 
-Each [=traversable navigable/fenced frame config mapping=] has a
-<dfn for="fenced frame config mapping" export>maximum number of configs</dfn>, which is
-implementation-defined. The [=fenced frame config mapping/maximum number of configs=] may be a
-nonnegative number or infinity.
+A <dfn>fenced frame config mapping</dfn> has three submappings:
 
-Note: It is important to specify the behavior of
-[=fenced frame config mapping/maximum number of configs=] because its semantics can interact with
-config-generating APIs in a privacy sensitive way.
-
-The [=traversable navigable/fenced frame config mapping=] actually consists of three submappings:
 <dl export dfn-for="fenced frame config mapping">
   : <dfn>pending config mapping</dfn>
-  :: a [=map=] from [=urn uuids=] to [=fenced frame configs=]
+  :: a [=map=] whose [=map/keys=] are [=urn uuids=] and whose [=map/values=] are [=fenced frame configs=]
 
   : <dfn>finalized config mapping</dfn>
-  :: a [=map=] from [=urn uuids=] to [=fenced frame configs=]
+  :: a [=map=] whose [=map/keys=] are [=urn uuids=] and whose [=map/values=] are [=fenced frame configs=]
 
   : <dfn>nested config mapping</dfn>
-  :: a [=map=] from [=urn uuids=] to [=fenced frame configs=]
+  :: a [=map=] whose [=map/keys=] are [=urn uuids=] and whose [=map/values=] are [=fenced frame configs=]
 </dl>
 
+Each [=fenced frame config mapping=] has a <dfn for="fenced frame config mapping" export>maximum
+number of configs</dfn>, which is implementation-defined. The [=fenced frame config mapping/maximum
+number of configs=] may be a nonnegative number or infinity.
+
+Note: It is important to specify the behavior of
+[=fenced frame config mapping/maximum number of configs=] because its semantics can interact with
+config-generating APIs in a privacy sensitive way.
+
 At a high level, in order to store a [=fenced frame config=] in the
 [=traversable navigable/fenced frame config mapping=], one must first store a pending config, and
 then turn the pending config into a finalized config. Those procedures are as follows:
 
 <div algorithm>
-  In order to <dfn export>store a [=fenced frame config=] into the
-  [=fenced frame config mapping/pending config mapping=]</dfn>, run these steps:
+  To <dfn for="fenced frame config mapping" export>store a pending config</dfn> into a particular
+  [=fenced frame config mapping=] given a [=fenced frame config=] |config|, run these steps:
 
-  1. If the size of the [=fenced frame config mapping/pending config mapping=] + the
+  1. Let |pendingMapping| be the [=fenced frame config mapping/pending config mapping=] of the
+     associated [=fenced frame config mapping=].
+
+  1. If the [=map/size=] of the [=fenced frame config mapping/pending config mapping=] + the
      size of the [=fenced frame config mapping/finalized config mapping=] meets or
      exceeds the [=fenced frame config mapping/maximum number of configs=], return failure.
 
-  1. Randomly generate a [=urn uuid=], and insert into the [=fenced frame config mapping/pending
-     config mapping=] an entry with the key [=urn uuid=] and the value
-     [=fenced frame config=].
+  1. Let |urn| be a randomly generated [=urn uuid=].
+
+  1. [=map/Set=] |pendingMapping|[|urn|] to |config|.
 </div>
 
 <div algorithm>
-  In order to <dfn export>store a pending [=fenced frame config=] at a [=urn uuid=] into the
-  [=fenced frame config mapping/finalized config mapping=]</dfn>, run these steps:
+  To <dfn export>finalize a pending config</dfn> in a particular [=fenced frame config mapping=]
+  given a [=urn uuid=] |urn|, run these steps:
+
+  1. Let |pendingMapping| be the [=fenced frame config mapping/pending config mapping=] of the
+     associated [=fenced frame config mapping=].
+
+  1. Let |finalizedMapping| be the [=fenced frame config mapping/finalized config mapping=] of the
+     associated [=fenced frame config mapping=].
 
-  1. If the [=urn uuid=] is not present in the
-     [=fenced frame config mapping/pending config mapping=], return failure.
+  1. If |pendingMapping|[|urn|] does not [=map/exist=], return failure.
 
-  1. Remove the entry keyed by the [=urn uuid=] in the
-     [=fenced frame config mapping/pending config mapping=], and insert into the
-     [=fenced frame config mapping/finalized config mapping=] an entry with the key
-     [=urn uuid=] and the value [=fenced frame config=].
+  1. Let |finalizedConfig| be |pendingMapping|[|urn|].
+
+  1. [=map/Remove=] |pendingMapping|[|urn|].
+
+  1. [=map/Set=] |finalizedMapping|[|urn|] be |finalizedConfig|.
 </div>
 
 <div algorithm>
-  In order to <dfn export>store [=fenced frame config instance/nested configs=] into the
-  [=fenced frame config mapping/nested config mapping=]</dfn>, run these steps:
+  To <dfn export>store nested configs</dfn> into a particular [=fenced frame config mapping=] given
+  a [=fenced frame config/nested configs=] |nestedConfigs|, run these steps:
 
-  1. If [=fenced frame config instance/nested configs=] is null, return.
+  1. Let |nestedMapping| be the [=fenced frame config mapping/nested config mapping=] of the
+     associated [=fenced frame config mapping=].
 
-  1. For each [=urn uuid=] *urn* and [=fenced frame config=] *config* in the
-     [=fenced frame config instance/nested configs=]:
+  1. If |nestedConfigs| is null, return.
+
+  1. [=map/iterate|For each=] |urn| → |config| of |nestedConfigs|:
 
-     1. Insert an entry into the [=fenced frame config mapping/nested config mapping=] with key
-        *urn* and value *config*.
+     1. [=map/Set=] |nestedMapping|[|urn|] to |config|.
 </div>
 
 

From e9cd240bb41b3763b08880be6afb3745899d5070 Mon Sep 17 00:00:00 2001
From: Garrett Tanzer <gtanzer@chromium.org>
Date: Fri, 14 Apr 2023 17:03:05 +0000
Subject: [PATCH 31/42] remove unnecessary exports

---
 spec.bs | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/spec.bs b/spec.bs
index 8b6ef698..33e2c639 100644
--- a/spec.bs
+++ b/spec.bs
@@ -300,20 +300,23 @@ href=https://wicg.github.io/shared-storage/>Shared Storage</a> specifications.
 
 A <dfn>fenced frame config mapping</dfn> has three submappings:
 
-<dl export dfn-for="fenced frame config mapping">
+<dl dfn-for="fenced frame config mapping">
   : <dfn>pending config mapping</dfn>
-  :: a [=map=] whose [=map/keys=] are [=urn uuids=] and whose [=map/values=] are [=fenced frame configs=]
+  :: a [=map=] whose [=map/keys=] are [=urn uuids=] and whose [=map/values=] are [=fenced frame
+     configs=]
 
   : <dfn>finalized config mapping</dfn>
-  :: a [=map=] whose [=map/keys=] are [=urn uuids=] and whose [=map/values=] are [=fenced frame configs=]
+  :: a [=map=] whose [=map/keys=] are [=urn uuids=] and whose [=map/values=] are [=fenced frame
+     configs=]
 
   : <dfn>nested config mapping</dfn>
-  :: a [=map=] whose [=map/keys=] are [=urn uuids=] and whose [=map/values=] are [=fenced frame configs=]
+  :: a [=map=] whose [=map/keys=] are [=urn uuids=] and whose [=map/values=] are [=fenced frame
+     configs=]
 </dl>
 
-Each [=fenced frame config mapping=] has a <dfn for="fenced frame config mapping" export>maximum
-number of configs</dfn>, which is implementation-defined. The [=fenced frame config mapping/maximum
-number of configs=] may be a nonnegative number or infinity.
+Each [=fenced frame config mapping=] has a <dfn for="fenced frame config mapping">maximum number of
+configs</dfn>, which is implementation-defined. The [=fenced frame config mapping/maximum number of
+configs=] may be a nonnegative number or infinity.
 
 Note: It is important to specify the behavior of
 [=fenced frame config mapping/maximum number of configs=] because its semantics can interact with

From a69e4d0483a5f6e75fdf18576ce56a3e9ee8298d Mon Sep 17 00:00:00 2001
From: Garrett Tanzer <gtanzer@chromium.org>
Date: Fri, 14 Apr 2023 17:07:30 +0000
Subject: [PATCH 32/42] address more comments

---
 spec.bs | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/spec.bs b/spec.bs
index 33e2c639..21f8be1c 100644
--- a/spec.bs
+++ b/spec.bs
@@ -427,10 +427,11 @@ null. TODO: flesh out {{FencedFrameConfig}}
 
 A key feature of the <{fencedframe}> element is that web platform APIs can configure the behavior
 of the frame in a way that limits the ability of other execution contexts to modify or inspect this
-configuration, for security or privacy reasons. For example, the FLEDGE API (TODO:ref) performs
-on-device ad auctions over cross-site data, and it is important that the ad that wins the auction
-can be loaded into a frame, without the API caller knowing *which ad* won the auction or being able
-to manipulate the environment in which the ad loads.
+configuration, for security or privacy reasons. For example, the
+<a href=https://wicg.github.io/turtledove/>FLEDGE</a> API performs on-device ad auctions over
+cross-site data, and it is important that the ad that wins the auction can be loaded into a frame,
+without the API caller knowing *which ad* won the auction or being able to manipulate the
+environment in which the ad loads.
 
 We achieve this using the concept of a "fenced frame config". A fenced frame config is a collection
 of fields that can be loaded into <{fencedframe}> elements and that specifies the resulting

From ba85f305b25ec655261991f5833483fdeceb7750 Mon Sep 17 00:00:00 2001
From: Garrett Tanzer <gtanzer@chromium.org>
Date: Fri, 14 Apr 2023 17:14:45 +0000
Subject: [PATCH 33/42] change * to |

---
 spec.bs | 48 ++++++++++++++++++++++++------------------------
 1 file changed, 24 insertions(+), 24 deletions(-)

diff --git a/spec.bs b/spec.bs
index 21f8be1c..07df779b 100644
--- a/spec.bs
+++ b/spec.bs
@@ -681,67 +681,67 @@ Several APIs specific to fenced frames are defined on the {{Fence}} interface.
 <div algorithm>
   The <dfn method for=Fence>reportEvent(<var ignore>event</var>)</dfn> method steps are:
 
-  1. Let *instance* be this [=traversable navigable=]'s [=fenced frame config instance=].
+  1. Let |instance| be this [=traversable navigable=]'s [=fenced frame config instance=].
 
-  1. If *instance* is null, then return.
+  1. If |instance| is null, then return.
 
-  1. If *instance*'s [=fenced frame config instance/mapped url=] is null, then the behavior is
+  1. If |instance|'s [=fenced frame config instance/mapped url=] is null, then the behavior is
      unspecified.
 
-  1. If this [=document=]'s [=origin=] and *instance*'s
+  1. If this [=document=]'s [=origin=] and |instance|'s
      [=fenced frame config instance/mapped url=]'s origin are not [=same origin=], then return.
 
-  1. If *instance*'s [=fenced frame config instance/fenced frame reporter=] is null, then return.
+  1. If |instance|'s [=fenced frame config instance/fenced frame reporter=] is null, then return.
 
-  1. If *event* is a `DOMString`, run [=report a private aggregation event=] with *event* and
-     *instance*'s [=fenced frame config instance/fenced frame reporter=].
+  1. If |event| is a `DOMString`, run [=report a private aggregation event=] with |event| and
+     |instance|'s [=fenced frame config instance/fenced frame reporter=].
 
-  1. If *event* is a `FenceEvent`, run [=report an event=] with *event* and *instance*'s
+  1. If |event| is a `FenceEvent`, run [=report an event=] with |event| and |instance|'s
      [=fenced frame config instance/fenced frame reporter=].
 </div>
 
 <div algorithm>
   The <dfn method for=Fence>setReportEventDataForAutomaticBeacons(<var ignore>event</var>)</dfn> method steps are:
 
-  1. Let *instance* be this [=traversable navigable=]'s [=fenced frame config instance=].
+  1. Let |instance| be this [=traversable navigable=]'s [=fenced frame config instance=].
 
-  1. If *instance* is null, then return.
+  1. If |instance| is null, then return.
 
-  1. If *instance*'s [=fenced frame config instance/mapped url=] is null, then the behavior is
+  1. If |instance|'s [=fenced frame config instance/mapped url=] is null, then the behavior is
      unspecified.
 
-  1. If this [=document=]'s [=origin=] and *instance*'s
+  1. If this [=document=]'s [=origin=] and |instance|'s
      [=fenced frame config instance/mapped url=]'s origin are not [=same origin=], then return.
 
-  1. If *instance*'s [=fenced frame config instance/fenced frame reporter=] is null, then return.
+  1. If |instance|'s [=fenced frame config instance/fenced frame reporter=] is null, then return.
 
-  1. Run [=set automatic beacon data=] with *event* and *instance*'s
+  1. Run [=set automatic beacon data=] with |event| and |instance|'s
      [=fenced frame config instance/fenced frame reporter=].
 </div>
 
 <div algorithm>
   The <dfn method for=Fence>getNestedConfigs()</dfn> method steps are:
 
-  1. Let *instance* be this [=traversable navigable=]'s [=fenced frame config instance=].
+  1. Let |instance| be this [=traversable navigable=]'s [=fenced frame config instance=].
 
-  1. If *instance* is null, then return.
+  1. If |instance| is null, then return.
 
-  1. If *instance*'s [=fenced frame config instance/mapped url=] is null, then the behavior is
+  1. If |instance|'s [=fenced frame config instance/mapped url=] is null, then the behavior is
      unspecified.
 
-  1. If this [=document=]'s [=origin=] and *instance*'s
+  1. If this [=document=]'s [=origin=] and |instance|'s
      [=fenced frame config instance/mapped url=]'s origin are not [=same origin=], then return.
 
-  1. If *instance*'s [=fenced frame config instance/nested configs=] is null, then return.
+  1. If |instance|'s [=fenced frame config instance/nested configs=] is null, then return.
 
-  1. Let *results* be a sequence of {{FencedFrameConfig}}s.
+  1. Let |results| be a sequence of {{FencedFrameConfig}}s.
 
-  1. For each [=urn uuid=] *urn* and [=fenced frame config=] *config* in *instance*'s
+  1. For each [=urn uuid=] |urn| and [=fenced frame config=] |config| in |instance|'s
      [=fenced frame config instance/nested configs=]:
-     1. Redact *config* for the embedder (TODO:ref), into *redacted config*.
-     2. Lift *urn* and *redacted config* into a {{FencedFrameConfig}}, and append it to *results*.
+     1. Redact |config| for the embedder (TODO:ref), into |redacted config|.
+     2. Lift |urn| and |redacted config| into a {{FencedFrameConfig}}, and append it to |results|.
 
-  1. Return *results*.
+  1. Return |results|.
 </div>
 
 <h3 id=new-request-destination>New [=request=] [=request/destination=]</h3>

From 1118d60cfeeaffa30fd114825606cdd012ab085c Mon Sep 17 00:00:00 2001
From: Garrett Tanzer <gtanzer@chromium.org>
Date: Fri, 14 Apr 2023 17:40:48 +0000
Subject: [PATCH 34/42] update config mapping lookup algorithm

---
 spec.bs | 40 +++++++++++++++++++++++-----------------
 1 file changed, 23 insertions(+), 17 deletions(-)

diff --git a/spec.bs b/spec.bs
index 07df779b..fd3b8a3b 100644
--- a/spec.bs
+++ b/spec.bs
@@ -343,8 +343,8 @@ then turn the pending config into a finalized config. Those procedures are as fo
 </div>
 
 <div algorithm>
-  To <dfn export>finalize a pending config</dfn> in a particular [=fenced frame config mapping=]
-  given a [=urn uuid=] |urn|, run these steps:
+  To <dfn for="fenced frame config mapping" export>finalize a pending config</dfn> in a particular
+  [=fenced frame config mapping=] given a [=urn uuid=] |urn|, run these steps:
 
   1. Let |pendingMapping| be the [=fenced frame config mapping/pending config mapping=] of the
      associated [=fenced frame config mapping=].
@@ -362,8 +362,9 @@ then turn the pending config into a finalized config. Those procedures are as fo
 </div>
 
 <div algorithm>
-  To <dfn export>store nested configs</dfn> into a particular [=fenced frame config mapping=] given
-  a [=fenced frame config/nested configs=] |nestedConfigs|, run these steps:
+  To <dfn for="fenced frame config mapping" export>store nested configs</dfn> into a particular
+  [=fenced frame config mapping=] given a [=fenced frame config instance/nested configs=]
+  |nestedConfigs|, run these steps:
 
   1. Let |nestedMapping| be the [=fenced frame config mapping/nested config mapping=] of the
      associated [=fenced frame config mapping=].
@@ -372,23 +373,28 @@ then turn the pending config into a finalized config. Those procedures are as fo
 
   1. [=map/iterate|For each=] |urn| → |config| of |nestedConfigs|:
 
-     1. [=map/Set=] |nestedMapping|[|urn|] to |config|.
+  1. [=map/Set=] |nestedMapping|[|urn|] to |config|.
 </div>
 
-
 <div algorithm>
-  In order to <dfn export>look up a [=fenced frame config=] at a [=urn uuid=] in the
-  [=traversable navigable/fenced frame config mapping=] for navigation</dfn>, run these steps:
+  To <dfn for="fenced frame config mapping" export>find a config</dfn> in a particular [=fenced
+  frame config mapping=] given a [=urn uuid=] |urn|, run these steps:
+
+  1. Let |nestedMapping| be the [=fenced frame config mapping/nested config mapping=] of the
+     associated [=fenced frame config mapping=].
+
+  1. If |nestedMapping|[|urn|] does [=map/exist=], return its value.
+
+  1. Let |pendingMapping| be the [=fenced frame config mapping/pending config mapping=] of the
+     associated [=fenced frame config mapping=].
 
-  1. If the [=urn uuid=] is present in the
-     [=fenced frame config mapping/nested config mapping=], return its value.
+  1. If |pendingMapping|[|urn|] does [=map/exist=], wait until it does not [=map/exist=].
+     <span class="XXX">TODO: Formalize waiting?</span>
 
-  1. If the [=urn uuid=] is present in the
-     [=fenced frame config mapping/pending config mapping=], wait until it is no
-     longer present.
+  1. Let |finalizedMapping| be the [=fenced frame config mapping/finalized config mapping=] of
+     the associated [=fenced frame config mapping=].
 
-  1. If the [=urn uuid=] is present in the
-     [=fenced frame config mapping/finalized config mapping=], return its value.
+  1. If |finalizedMapping|[|urn|] does [=map/exist=], return its value.
 
   1. Return failure.
 </div>
@@ -644,7 +650,7 @@ A <dfn export>fenced frame config instance</dfn> is a struct with the following
 </div>
 
 <div algorithm>
-  In order to <dfn export>redact a [=fenced frame config=]</dfn>, run these steps:
+  In order to <dfn export>redact a fenced frame config</dfn>, run these steps:
 
   1. <span class=XXX>TODO: Fill this in</span>
 </div>
@@ -715,7 +721,7 @@ Several APIs specific to fenced frames are defined on the {{Fence}} interface.
 
   1. If |instance|'s [=fenced frame config instance/fenced frame reporter=] is null, then return.
 
-  1. Run [=set automatic beacon data=] with |event| and |instance|'s
+  1. Run [=set automatic beacon data=] with <var ignore>event</var> and |instance|'s
      [=fenced frame config instance/fenced frame reporter=].
 </div>
 

From 900d9225b736bf106362ca59ecf46826b4cfeeea Mon Sep 17 00:00:00 2001
From: Garrett Tanzer <gtanzer@chromium.org>
Date: Fri, 14 Apr 2023 17:46:14 +0000
Subject: [PATCH 35/42] small fixes

---
 spec.bs | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/spec.bs b/spec.bs
index fd3b8a3b..42fbcdab 100644
--- a/spec.bs
+++ b/spec.bs
@@ -383,18 +383,18 @@ then turn the pending config into a finalized config. Those procedures are as fo
   1. Let |nestedMapping| be the [=fenced frame config mapping/nested config mapping=] of the
      associated [=fenced frame config mapping=].
 
-  1. If |nestedMapping|[|urn|] does [=map/exist=], return its value.
-
   1. Let |pendingMapping| be the [=fenced frame config mapping/pending config mapping=] of the
      associated [=fenced frame config mapping=].
 
-  1. If |pendingMapping|[|urn|] does [=map/exist=], wait until it does not [=map/exist=].
-     <span class="XXX">TODO: Formalize waiting?</span>
-
   1. Let |finalizedMapping| be the [=fenced frame config mapping/finalized config mapping=] of
      the associated [=fenced frame config mapping=].
 
-  1. If |finalizedMapping|[|urn|] does [=map/exist=], return its value.
+  1. If |nestedMapping|[|urn|] [=map/exists=], return its value.
+
+  1. If |pendingMapping|[|urn|] [=map/exists=], wait until it does not [=map/exist=].
+     <span class="XXX">TODO: Formalize waiting?</span>
+
+  1. If |finalizedMapping|[|urn|] [=map/exists=], return its value.
 
   1. Return failure.
 </div>

From 36f45dbb29c799eca84f4d2d67beaa7fb040d0ff Mon Sep 17 00:00:00 2001
From: Garrett Tanzer <gtanzer@chromium.org>
Date: Fri, 14 Apr 2023 17:49:29 +0000
Subject: [PATCH 36/42] update redact config signature

---
 spec.bs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/spec.bs b/spec.bs
index 42fbcdab..b26c4803 100644
--- a/spec.bs
+++ b/spec.bs
@@ -650,9 +650,9 @@ A <dfn export>fenced frame config instance</dfn> is a struct with the following
 </div>
 
 <div algorithm>
-  In order to <dfn export>redact a fenced frame config</dfn>, run these steps:
+  To <dfn for="fenced frame config" export>redact a config</dfn> given a [=fenced frame config=] |config|, run these steps:
 
-  1. <span class=XXX>TODO: Fill this in</span>
+  1. |config|<span class=XXX>TODO: Fill this in</span>
 </div>
 
 <h3 id=fence-interface>The {{Fence}} interface</h3>

From 6a0a43bfa109f3e6e55f941f60bc3b92048dc1ec Mon Sep 17 00:00:00 2001
From: Garrett Tanzer <gtanzer@chromium.org>
Date: Fri, 14 Apr 2023 20:46:18 +0000
Subject: [PATCH 37/42] address more comments

---
 spec.bs | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/spec.bs b/spec.bs
index b26c4803..371ab9ca 100644
--- a/spec.bs
+++ b/spec.bs
@@ -687,36 +687,38 @@ Several APIs specific to fenced frames are defined on the {{Fence}} interface.
 <div algorithm>
   The <dfn method for=Fence>reportEvent(<var ignore>event</var>)</dfn> method steps are:
 
-  1. Let |instance| be this [=traversable navigable=]'s [=fenced frame config instance=].
+  1. Let |instance| be [=this=]'s [=relevant global object=]'s [=associated Document=]'s [=node
+     navigable=]'s [=navigable/traversable navigable=]'s [=fenced frame config instance=].
 
   1. If |instance| is null, then return.
 
   1. If |instance|'s [=fenced frame config instance/mapped url=] is null, then the behavior is
      unspecified.
 
-  1. If this [=document=]'s [=origin=] and |instance|'s
+  1. If the [=relevant settings object=]'s [=origin=] and |instance|'s
      [=fenced frame config instance/mapped url=]'s origin are not [=same origin=], then return.
 
   1. If |instance|'s [=fenced frame config instance/fenced frame reporter=] is null, then return.
 
-  1. If |event| is a `DOMString`, run [=report a private aggregation event=] with |event| and
+  1. If |event| is a {{DOMString}}, run [=report a private aggregation event=] with |event| and
      |instance|'s [=fenced frame config instance/fenced frame reporter=].
 
-  1. If |event| is a `FenceEvent`, run [=report an event=] with |event| and |instance|'s
+  1. If |event| is a {{FenceEvent}}, run [=report an event=] with |event| and |instance|'s
      [=fenced frame config instance/fenced frame reporter=].
 </div>
 
 <div algorithm>
   The <dfn method for=Fence>setReportEventDataForAutomaticBeacons(<var ignore>event</var>)</dfn> method steps are:
 
-  1. Let |instance| be this [=traversable navigable=]'s [=fenced frame config instance=].
+  1. Let |instance| be [=this=]'s [=relevant global object=]'s [=associated Document=]'s [=node
+     navigable=]'s [=navigable/traversable navigable=]'s [=fenced frame config instance=].
 
   1. If |instance| is null, then return.
 
   1. If |instance|'s [=fenced frame config instance/mapped url=] is null, then the behavior is
      unspecified.
 
-  1. If this [=document=]'s [=origin=] and |instance|'s
+  1. If the [=relevant settings object=]'s [=origin=] and |instance|'s
      [=fenced frame config instance/mapped url=]'s origin are not [=same origin=], then return.
 
   1. If |instance|'s [=fenced frame config instance/fenced frame reporter=] is null, then return.
@@ -728,14 +730,15 @@ Several APIs specific to fenced frames are defined on the {{Fence}} interface.
 <div algorithm>
   The <dfn method for=Fence>getNestedConfigs()</dfn> method steps are:
 
-  1. Let |instance| be this [=traversable navigable=]'s [=fenced frame config instance=].
+  1. Let |instance| be [=this=]'s [=relevant global object=]'s [=associated Document=]'s [=node
+     navigable=]'s [=navigable/traversable navigable=]'s [=fenced frame config instance=].
 
   1. If |instance| is null, then return.
 
   1. If |instance|'s [=fenced frame config instance/mapped url=] is null, then the behavior is
      unspecified.
 
-  1. If this [=document=]'s [=origin=] and |instance|'s
+  1. If the [=relevant settings object=]'s [=origin=] and |instance|'s
      [=fenced frame config instance/mapped url=]'s origin are not [=same origin=], then return.
 
   1. If |instance|'s [=fenced frame config instance/nested configs=] is null, then return.

From 1fbcbd42c52502a6288c64e9b635f5dfe8cdc377 Mon Sep 17 00:00:00 2001
From: Garrett Tanzer <gtanzer@chromium.org>
Date: Mon, 17 Apr 2023 17:39:45 +0000
Subject: [PATCH 38/42] address comments

---
 spec.bs | 147 ++++++++++++++++++++++++++++++++------------------------
 1 file changed, 83 insertions(+), 64 deletions(-)

diff --git a/spec.bs b/spec.bs
index 371ab9ca..ea051666 100644
--- a/spec.bs
+++ b/spec.bs
@@ -334,8 +334,8 @@ then turn the pending config into a finalized config. Those procedures are as fo
      associated [=fenced frame config mapping=].
 
   1. If the [=map/size=] of the [=fenced frame config mapping/pending config mapping=] + the
-     size of the [=fenced frame config mapping/finalized config mapping=] meets or
-     exceeds the [=fenced frame config mapping/maximum number of configs=], return failure.
+     [=map/size=] of the [=fenced frame config mapping/finalized config mapping=] >= the [=fenced
+     frame config mapping/maximum number of configs=], return failure.
 
   1. Let |urn| be a randomly generated [=urn uuid=].
 
@@ -373,7 +373,7 @@ then turn the pending config into a finalized config. Those procedures are as fo
 
   1. [=map/iterate|For each=] |urn| → |config| of |nestedConfigs|:
 
-  1. [=map/Set=] |nestedMapping|[|urn|] to |config|.
+    1. [=map/Set=] |nestedMapping|[|urn|] to |config|.
 </div>
 
 <div algorithm>
@@ -399,37 +399,11 @@ then turn the pending config into a finalized config. Those procedures are as fo
   1. Return failure.
 </div>
 
-<h3 id=fenced-frame-config-interface>The {{FencedFrameConfig}} interface</h3>
+<h3 id=fenced-frame-config-section>Fenced frame configs</h3>
 
-One major input to the <{fencedframe}> element is the {{FencedFrameConfig}} interface, which
-maps to an internal [=fenced frame config=] [=struct=].
-
-<pre class=idl>
-  enum OpaqueProperty {"opaque"};
-
-  typedef (unsigned long or OpaqueProperty) FencedFrameConfigSize;
-  typedef (USVString or OpaqueProperty) FencedFrameConfigURL;
+<h4 id=fenced-frame-config-intro>Introduction</h4>
 
-  [Exposed=Window]
-  interface FencedFrameConfig {
-    constructor(USVString url);
-    readonly attribute FencedFrameConfigURL? url;
-    readonly attribute FencedFrameConfigSize? width;
-    readonly attribute FencedFrameConfigSize? height;
-  };
-</pre>
-
-Issue: Fix the "indistinguishable" IDL bug with the unions above.</span>
-
-<div algorithm>
-  In order to <dfn export>lift a [=urn uuid=] and [=fenced frame config=] into a
-  {{FencedFrameConfig}}</dfn>, run these steps:
-
-  1. <span class=XXX>TODO: Fill this in</span>
-</div>
-
-Each {{FencedFrameConfig}} has a <dfn for=fencedframeconfig>url</dfn>, which is a string, initially
-null. TODO: flesh out {{FencedFrameConfig}}
+*This section is non-normative.*
 
 A key feature of the <{fencedframe}> element is that web platform APIs can configure the behavior
 of the frame in a way that limits the ability of other execution contexts to modify or inspect this
@@ -439,13 +413,19 @@ cross-site data, and it is important that the ad that wins the auction can be lo
 without the API caller knowing *which ad* won the auction or being able to manipulate the
 environment in which the ad loads.
 
-We achieve this using the concept of a "fenced frame config". A fenced frame config is a collection
-of fields that can be loaded into <{fencedframe}> elements and that specifies the resulting
-environments. Fenced frame configs can only be constructed by web platform APIs, not initialized
-or modified arbitrarily. Their fields also contain "visibilities" for different entities, which
-dictate whether the field should be "redacted" when inspected by particular execution contexts.
+We achieve this using the concept of a "[=fenced frame config=]". A [=fenced frame config=] is a
+collection of fields that can be loaded into <{fencedframe}> elements and that specifies the
+resulting environments. [=Fenced frame configs=] can only be constructed by web platform APIs, not
+initialized or modified arbitrarily. Their fields also contain "visibilities" for different
+entities, which dictate whether the field should be "redacted" when inspected by particular
+execution contexts. Config-generating APIs must specify values for all fields of their fenced frame
+configs in order to ensure that they have considered the privacy implications of each field, though
+they may choose to set the values to null.
+
 Each time a fenced frame config is loaded into a <{fencedframe}> element, it is instantiated as a
-new "fenced frame config instance", which governs that particular context.
+new [=fenced frame config instance=], which governs that particular context.
+
+<h4 id=fenced-frame-config-struct>The [=fenced frame config=] [=struct=]</h4>
 
 We now establish some preliminary types:
 
@@ -472,19 +452,19 @@ An <dfn export for=fencedframetype>exhaustive set of permissions</dfn> is <span
 A <dfn export for=fencedframetype>fenced frame reporter</dfn> is <span class=XXX>TODO: Specify the type for this.</span>
 
 <div algorithm>
-  In order to <dfn export> report an event</dfn>, run these steps:
+  In order to <dfn export>report an event</dfn>, run these steps:
 
   1. <span class=XXX>TODO: fill this in</span>
 </div>
 
 <div algorithm>
-  In order to <dfn export> report a private aggregation event</dfn>, run these steps:
+  In order to <dfn export>report a private aggregation event</dfn>, run these steps:
 
   1. <span class=XXX>TODO: Fill this in</span>
 </div>
 
 <div algorithm>
-  In order to <dfn export> set automatic beacon data</dfn>, run these steps:
+  In order to <dfn export>set automatic beacon data</dfn>, run these steps:
 
   1. <span class=XXX>TODO: Fill this in</span>
 </div>
@@ -547,6 +527,8 @@ A <dfn export>fenced frame config</dfn> is a struct with the following [=struct/
   :: null, or an [=fencedframetype/embedder shared storage context=]
 </dl>
 
+<h4 id=fenced-frame-config-instance-struct>The [=fenced frame config instance=] [=struct=]</h4>
+
 A <dfn export>fenced frame config instance</dfn> is a struct with the following [=struct/items=]:
 
 <dl export dfn-for="fenced frame config instance">
@@ -593,66 +575,103 @@ A <dfn export>fenced frame config instance</dfn> is a struct with the following
   :: null, or an [=fencedframetype/embedder shared storage context=]
 </dl>
 
-<div algorithm="config instantiation">
-  A [=fenced frame config instance=] is initialized from a [=fenced frame config=] as follows:
+<div algorithm>
+  To <dfn export>instantiate a config</dfn> given a [=fenced frame config=] |config|, return a
+  [=fenced frame config instance=] with the following members:
 
     : [=fenced frame config instance/mapped url=]
-    :: the [=fenced frame config=]'s [=fenced frame config/mapped url=]
+    :: |config|'s [=fenced frame config/mapped url=]
 
     : [=fenced frame config instance/container size=]
-    :: the [=fenced frame config=]'s [=fenced frame config/container size=]
+    :: |config|'s [=fenced frame config/container size=]
 
     : [=fenced frame config instance/content size=]
-    :: the [=fenced frame config=]'s [=fenced frame config/content size=]
+    :: |config|'s [=fenced frame config/content size=]
 
     : [=fenced frame config instance/interest group descriptor=]
-    :: the [=fenced frame config=]'s [=fenced frame config/interest group descriptor=]
+    :: |config|'s [=fenced frame config/interest group descriptor=]
 
     : [=fenced frame config instance/effective sandbox flags=]
-    :: the [=fenced frame config=]'s [=fenced frame config/effective sandbox flags=]
+    :: |config|'s [=fenced frame config/effective sandbox flags=]
 
     : [=fenced frame config instance/effective permissions=]
-    :: the [=fenced frame config=]'s [=fenced frame config/effective permissions=]
+    :: |config|'s [=fenced frame config/effective permissions=]
 
     : [=fenced frame config instance/fenced frame reporter=]
-    :: the [=fenced frame config=]'s <span class=XXX>TODO: Fill this in</span>
+    :: |config|'s <span class=XXX>TODO: Fill this in</span>
 
     : [=fenced frame config instance/exfiltration budget metadata reference=]
-    :: If the [=fenced frame config=]'s [=fenced frame config/exfiltration budget metadata=] is
+    :: If |config|'s [=fenced frame config/exfiltration budget metadata=] is
        null, set to null. Otherwise, set the [=fenced frame config instance/exfiltration budget
        metadata reference=] to an [=fencedframetype/exfiltration budget metadata reference=] where
-       the [=exfiltration budget metadata reference/origin=] is the [=fenced frame config=]'s
+       the [=exfiltration budget metadata reference/origin=] is |config|'s
        [=fenced frame config/exfiltration budget metadata=]'s [=exfiltration budget metadata/
        origin=], and the [=exfiltration budget metadata reference/amount to debit reference=] is
-       a reference to the [=fenced frame config=]'s [=fenced frame config/exfiltration budget
+       a reference to |config|'s [=fenced frame config/exfiltration budget
        metadata=]'s [=exfiltration budget metadata/amount to debit=]. Copy the
-       [=visibility/visibility to embedder=] from the [=fenced frame config=]'s
+       [=visibility/visibility to embedder=] from |config|'s
        [=fenced frame config/exfiltration budget metadata=]'s [=visibility/visibility to embedder=], and the
-       [=visibility/visibility to content=] from the [=fenced frame config=]'s
+       [=visibility/visibility to content=] from |config|'s
        [=fenced frame config/exfiltration budget metadata=]'s [=visibility/visibility to content=].
 
     : [=fenced frame config instance/nested configs=]
-    :: If the [=fenced frame config=]'s [=fenced frame config/nested configs=] is null, set to
+    :: If |config|'s [=fenced frame config/nested configs=] is null, set to
        null. Otherwise, set the [=fenced frame config instance/nested configs=] to an
        [=ordered map=], where for each [=fenced frame config=] in
        [=fenced frame config/nested configs=], there is an entry where the key is a randomly
        sampled [=urn uuid=] and the value is the [=fenced frame config=]. Copy the
-       [=visibility/visibility to embedder=] from the [=fenced frame config=]'s
+       [=visibility/visibility to embedder=] from |config|'s
        [=fenced frame config/nested configs=]'s [=visibility/visibility to embedder=], and the
-       [=visibility/visibility to content=] from the [=fenced frame config=]'s
+       [=visibility/visibility to content=] from |config|'s
        [=fenced frame config/nested configs=]'s [=visibility/visibility to content=].
 
     : [=fenced frame config instance/partition nonce=]
     :: a random [=partition nonce=] <span class=XXX>TODO: Specify what this means</span>
 
     : [=fenced frame config instance/embedder shared storage context=]
-    :: the [=fenced frame config=]'s [=fenced frame config/embedder shared storage context=]
+    :: |config|'s [=fenced frame config/embedder shared storage context=]
 </div>
 
-<div algorithm>
-  To <dfn for="fenced frame config" export>redact a config</dfn> given a [=fenced frame config=] |config|, run these steps:
+<h4 id=fenced-frame-config-interface>The {{FencedFrameConfig}} interface</h4>
+
+One major input to the <{fencedframe}> element is the {{FencedFrameConfig}} interface, which
+maps to an internal [=fenced frame config=] [=struct=].
+
+<pre class=idl>
+  enum OpaqueProperty {"opaque"};
+
+  typedef (unsigned long or OpaqueProperty) FencedFrameConfigSize;
+  typedef (USVString or OpaqueProperty) FencedFrameConfigURL;
 
-  1. |config|<span class=XXX>TODO: Fill this in</span>
+  [Exposed=Window]
+  interface FencedFrameConfig {
+    constructor(USVString url);
+    readonly attribute FencedFrameConfigURL? url;
+    readonly attribute FencedFrameConfigSize? width;
+    readonly attribute FencedFrameConfigSize? height;
+  };
+</pre>
+
+Issue: Fix the "indistinguishable" IDL bug with the unions above.</span>
+
+1. <span class=XXX>TODO: add more fields to {{FencedFrameConfig}}</span>
+
+<div algorithm="url getter">
+  The {{FencedFrameConfig/url}} IDL attribute getter steps are:
+
+  1. <span class=XXX>TODO</span>
+</div>
+
+<div algorithm="width getter">
+  The {{FencedFrameConfig/width}} IDL attribute getter steps are:
+
+  1. <span class=XXX>TODO</span>
+</div>
+
+<div algorithm="height getter">
+  The {{FencedFrameConfig/height}} IDL attribute getter steps are:
+
+  1. <span class=XXX>TODO</span>
 </div>
 
 <h3 id=fence-interface>The {{Fence}} interface</h3>
@@ -747,8 +766,8 @@ Several APIs specific to fenced frames are defined on the {{Fence}} interface.
 
   1. For each [=urn uuid=] |urn| and [=fenced frame config=] |config| in |instance|'s
      [=fenced frame config instance/nested configs=]:
-     1. Redact |config| for the embedder (TODO:ref), into |redacted config|.
-     2. Lift |urn| and |redacted config| into a {{FencedFrameConfig}}, and append it to |results|.
+
+     1. <span class="XXX"> construct a {{FencedFrameConfig}} from |config| and |urn|</span>.
 
   1. Return |results|.
 </div>

From 640b8410a8fcc95f6c034539892eafc843c5865d Mon Sep 17 00:00:00 2001
From: Garrett Tanzer <gtanzer@chromium.org>
Date: Mon, 17 Apr 2023 18:57:16 +0000
Subject: [PATCH 39/42] change visibilities

---
 spec.bs | 174 +++++++++++++++++++++++++++++++++-----------------------
 1 file changed, 103 insertions(+), 71 deletions(-)

diff --git a/spec.bs b/spec.bs
index ea051666..828cbe78 100644
--- a/spec.bs
+++ b/spec.bs
@@ -416,11 +416,11 @@ environment in which the ad loads.
 We achieve this using the concept of a "[=fenced frame config=]". A [=fenced frame config=] is a
 collection of fields that can be loaded into <{fencedframe}> elements and that specifies the
 resulting environments. [=Fenced frame configs=] can only be constructed by web platform APIs, not
-initialized or modified arbitrarily. Their fields also contain "visibilities" for different
-entities, which dictate whether the field should be "redacted" when inspected by particular
-execution contexts. Config-generating APIs must specify values for all fields of their fenced frame
-configs in order to ensure that they have considered the privacy implications of each field, though
-they may choose to set the values to null.
+initialized or modified arbitrarily. Their fields also contain "[=visibilities=]", which dictate
+whether the field should be "redacted" when inspected through the {{FencedFrameConfig}} interface.
+Config-generating APIs must specify values for all fields of their fenced frame configs in order to
+ensure that they have considered the privacy implications of each field, though they may choose to
+set the values to null.
 
 Each time a fenced frame config is loaded into a <{fencedframe}> element, it is instantiated as a
 new [=fenced frame config instance=], which governs that particular context.
@@ -430,9 +430,7 @@ new [=fenced frame config instance=], which governs that particular context.
 We now establish some preliminary types:
 
 A <dfn export for=fencedframeconfig>visibility</dfn> is either "<dfn export for=visibility>
-`opaque`</dfn>" or "<dfn export for=visibility>`transparent`</dfn>". There are two kinds of
-[=fencedframeconfig/visibility=]: <dfn export for=visibility>visibility to embedder</dfn> and
-<dfn export for=visibility>visibility to content</dfn>.
+`opaque`</dfn>" or "<dfn export for=visibility>`transparent`</dfn>".
 
 A <dfn export for=fencedframetype>mapped url</dfn> is a [=url=]. <span class=XXX>TODO: Stipulate a
 url with particular schemes?</span>
@@ -488,40 +486,71 @@ A <dfn export>fenced frame config</dfn> is a struct with the following [=struct/
 
 <dl export dfn-for="fenced frame config">
   : <dfn>mapped url</dfn>
-  :: null, or a struct containing a [=fencedframetype/mapped url=] and a
-     [=visibility/visibility to embedder=]
+  :: null, or a struct with the following fields:
+    : <dfn for="mapped url">value</dfn>
+    :: a [=fencedframetype/mapped url=]
+
+    : <dfn for="mapped url">visibility</dfn>
+    :: a [=visibility=]
 
   : <dfn>container size</dfn>
-  :: null, or a struct containing a [=fencedframetype/size=] and a
-     [=visibility/visibility to content=]
+  :: null, or a [=fencedframetype/size=]
 
   : <dfn>content size</dfn>
-  :: null, or a struct containing a [=fencedframetype/size=] and a
-     [=visibility/visibility to embedder=]
+  :: null, or a struct with the following fields:
+    : <dfn for="content size">value</dfn>
+    :: a [=fencedframetype/size=]
+
+    : <dfn for="content size">visibility</dfn>
+    :: a [=visibility=]
 
   : <dfn>interest group descriptor</dfn>
-  :: null, or a struct containing an [=fencedframetype/interest group descriptor=], a
-     [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
+  :: null, or a struct with the following fields:
+    : <dfn for="interest group descriptor">value</dfn>
+    :: an [=fencedframetype/interest group descriptor=]
+
+    : <dfn for="interest group descriptor">visibility</dfn>
+    :: a [=visibility=]
 
   : <dfn>effective sandbox flags</dfn>
-  :: null, or a struct containing an [=fencedframetype/exhaustive set of sandbox flags=] and a
-     [=visibility/visibility to embedder=]
+  :: null, or a struct with the following fields:
+    : <dfn for="effective sandbox flags">value</dfn>
+    :: an [=fencedframetype/exhaustive set of sandbox flags=]
+
+    : <dfn for="effective sandbox flags">visibility</dfn>
+    :: a [=visibility=]
 
   : <dfn>effective permissions</dfn>
-  :: null, or a struct containing an [=fencedframetype/exhaustive set of permissions=], a
-     [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
+  :: null, or a struct with the following fields:
+    : <dfn for="effective permissions">value</dfn>
+    :: an [=fencedframetype/exhaustive set of permissions=]
+
+    : <dfn for="effective permissions">visibility</dfn>
+    :: a [=visibility=]
 
   : <dfn>fenced frame reporter</dfn>
-  :: null, or a struct containing a [=fencedframetype/fenced frame reporter=], a
-     [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
+  :: null, or a struct with the following fields:
+    : <dfn for="fenced frame reporter">value</dfn>
+    :: a [=fencedframetype/fenced frame reporter=]
+
+    : <dfn for="fenced frame reporter">visibility</dfn>
+    :: a [=visibility=]
 
   : <dfn>exfiltration budget metadata</dfn>
-  :: null, or a struct containing an [=fencedframetype/exfiltration budget metadata=], a
-     [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
+  :: null, or a struct with the following fields:
+    : <dfn for="exfiltration budget metadata">value</dfn>
+    :: an [=fencedframetype/exfiltration budget metadata=]
+
+    : <dfn for="exfiltration budget metadata">visibility</dfn>
+    :: a [=visibility=]
 
   : <dfn>nested configs</dfn>
-  :: null, or a struct containing a sequence of [=fenced frame configs=] and a
-     [=visibility/visibility to embedder=]
+  :: null, or a struct with the following fields:
+    : <dfn for="nested configs">value</dfn>
+    :: a sequence of [=fenced frame configs=]
+
+    : <dfn for="nested configs">visibility</dfn>
+    :: a [=visibility=]
 
   : <dfn>embedder shared storage context</dfn>
   :: null, or an [=fencedframetype/embedder shared storage context=]
@@ -533,40 +562,31 @@ A <dfn export>fenced frame config instance</dfn> is a struct with the following
 
 <dl export dfn-for="fenced frame config instance">
   : <dfn>mapped url</dfn>
-  :: null, or a struct containing a [=fencedframetype/mapped url=] and a
-     [=visibility/visibility to embedder=]
+  :: null, or a [=fencedframetype/mapped url=]
 
   : <dfn>container size</dfn>
-  :: null, or a struct containing a [=fencedframetype/size=] and a
-     [=visibility/visibility to content=]
+  :: null, or a [=fencedframetype/size=]
 
   : <dfn>content size</dfn>
-  :: null, or a struct containing a [=fencedframetype/size=] and a
-     [=visibility/visibility to embedder=]
+  :: null, or a [=fencedframetype/size=]
 
   : <dfn>interest group descriptor</dfn>
-  :: null, or a struct containing an [=fencedframetype/interest group descriptor=], a
-     [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
+  :: null, or an [=fencedframetype/interest group descriptor=]
 
   : <dfn>effective sandbox flags</dfn>
-  :: null, or a struct containing an [=fencedframetype/exhaustive set of sandbox flags=] and a
-     [=visibility/visibility to embedder=]
+  :: null, or an [=fencedframetype/exhaustive set of sandbox flags=]
 
   : <dfn>effective permissions</dfn>
-  :: null, or a struct containing an [=fencedframetype/exhaustive set of permissions=] and a
-     [=visibility/visibility to embedder=]
+  :: null, or an [=fencedframetype/exhaustive set of permissions=]
 
   : <dfn>fenced frame reporter</dfn> TODO: including automatic beacon info
-  :: null, or a struct containing a [=fencedframetype/fenced frame reporter=], a
-     [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
+  :: null, or a [=fencedframetype/fenced frame reporter=]
 
   : <dfn>exfiltration budget metadata reference</dfn>
-  :: null, or a struct containing an [=fencedframetype/exfiltration budget metadata reference=], a
-     [=visibility/visibility to embedder=], and a [=visibility/visibility to content=]
+  :: null, or an [=fencedframetype/exfiltration budget metadata reference=]
 
   : <dfn>nested configs</dfn>
-  :: null, or a struct containing a sequence of pairs of [=urn uuids=] and [=fenced frame configs=]
-     and a [=visibility/visibility to embedder=]
+  :: null, or a sequence of pairs of [=urn uuids=] and [=fenced frame configs=]
 
   : <dfn>partition nonce</dfn>
   :: a [=partition nonce=]
@@ -580,50 +600,53 @@ A <dfn export>fenced frame config instance</dfn> is a struct with the following
   [=fenced frame config instance=] with the following members:
 
     : [=fenced frame config instance/mapped url=]
-    :: |config|'s [=fenced frame config/mapped url=]
+    :: |config|'s [=fenced frame config/mapped url=] if null, otherwise |config|'s [=fenced frame
+       config/mapped url=]'s [=mapped url/value=]
 
     : [=fenced frame config instance/container size=]
-    :: |config|'s [=fenced frame config/container size=]
+    :: |config|'s [=fenced frame config/container size=] if null
 
     : [=fenced frame config instance/content size=]
-    :: |config|'s [=fenced frame config/content size=]
+    :: |config|'s [=fenced frame config/content size=] if null, otherwise |config|'s [=fenced frame
+       config/content size=]'s [=content size/value=]
 
     : [=fenced frame config instance/interest group descriptor=]
-    :: |config|'s [=fenced frame config/interest group descriptor=]
+    :: |config|'s [=fenced frame config/interest group descriptor=] if null, otherwise |config|'s
+       [=fenced frame config/interest group descriptor=]'s [=interest group descriptor/value=]
 
     : [=fenced frame config instance/effective sandbox flags=]
-    :: |config|'s [=fenced frame config/effective sandbox flags=]
+    :: |config|'s [=fenced frame config/effective sandbox flags=] if null, otherwise |config|'s
+       [=fenced frame config/effective sandbox flags=]'s [=effective sandbox flags/value=]
 
     : [=fenced frame config instance/effective permissions=]
-    :: |config|'s [=fenced frame config/effective permissions=]
+    :: |config|'s [=fenced frame config/effective permissions=] if null, otherwise |config|'s
+       [=fenced frame config/effective permissions=]'s [=effective permissions/value=]
 
     : [=fenced frame config instance/fenced frame reporter=]
     :: |config|'s <span class=XXX>TODO: Fill this in</span>
 
     : [=fenced frame config instance/exfiltration budget metadata reference=]
-    :: If |config|'s [=fenced frame config/exfiltration budget metadata=] is
-       null, set to null. Otherwise, set the [=fenced frame config instance/exfiltration budget
-       metadata reference=] to an [=fencedframetype/exfiltration budget metadata reference=] where
-       the [=exfiltration budget metadata reference/origin=] is |config|'s
-       [=fenced frame config/exfiltration budget metadata=]'s [=exfiltration budget metadata/
-       origin=], and the [=exfiltration budget metadata reference/amount to debit reference=] is
-       a reference to |config|'s [=fenced frame config/exfiltration budget
-       metadata=]'s [=exfiltration budget metadata/amount to debit=]. Copy the
-       [=visibility/visibility to embedder=] from |config|'s
-       [=fenced frame config/exfiltration budget metadata=]'s [=visibility/visibility to embedder=], and the
-       [=visibility/visibility to content=] from |config|'s
-       [=fenced frame config/exfiltration budget metadata=]'s [=visibility/visibility to content=].
+    ::
+        1. If |config|'s [=fenced frame config/exfiltration budget metadata=] is null, set to null.
+
+        1. Otherwise, set to a [=fencedframetype/exfiltration budget metadata reference=]:
+            : [=exfiltration budget metadata reference/origin=]
+            :: |config|'s [=fenced frame config/exfiltration budget metadata=]'s [=exfiltration
+               budget metadata/value=]'s [=exfiltration budget metadata/origin=]
+
+            : [=exfiltration budget metadata reference/amount to debit reference=]
+            :: a reference to |config|'s [=fenced frame config/exfiltration budget metadata=]'s
+               [=exfiltration budget metadata/value=]'s [=exfiltration budget metadata/amount to
+               debit=]
 
     : [=fenced frame config instance/nested configs=]
-    :: If |config|'s [=fenced frame config/nested configs=] is null, set to
-       null. Otherwise, set the [=fenced frame config instance/nested configs=] to an
-       [=ordered map=], where for each [=fenced frame config=] in
-       [=fenced frame config/nested configs=], there is an entry where the key is a randomly
-       sampled [=urn uuid=] and the value is the [=fenced frame config=]. Copy the
-       [=visibility/visibility to embedder=] from |config|'s
-       [=fenced frame config/nested configs=]'s [=visibility/visibility to embedder=], and the
-       [=visibility/visibility to content=] from |config|'s
-       [=fenced frame config/nested configs=]'s [=visibility/visibility to content=].
+    ::
+        1. If |config|'s [=fenced frame config/nested configs=] is null, set to null.
+
+        1. Otherwise, set to an [=ordered map=], where for each [=fenced frame config=] in
+           |config|'s [=fenced frame config/nested configs=]'s [=nested configs/value=], there is
+           an entry where the key is a randomly sampled [=urn uuid=] and the value is the [=fenced
+           frame config=]. <span class=XXX>TODO: Write this in the proper syntax</span>
 
     : [=fenced frame config instance/partition nonce=]
     :: a random [=partition nonce=] <span class=XXX>TODO: Specify what this means</span>
@@ -646,9 +669,12 @@ maps to an internal [=fenced frame config=] [=struct=].
   [Exposed=Window]
   interface FencedFrameConfig {
     constructor(USVString url);
+
     readonly attribute FencedFrameConfigURL? url;
     readonly attribute FencedFrameConfigSize? width;
     readonly attribute FencedFrameConfigSize? height;
+
+    undefined setSharedStorageContext(DOMString contextString);
   };
 </pre>
 
@@ -674,6 +700,12 @@ Issue: Fix the "indistinguishable" IDL bug with the unions above.</span>
   1. <span class=XXX>TODO</span>
 </div>
 
+<div algorithm>
+  The <dfn method for=FencedFrameConfig>setSharedStorageContext(contextString)</dfn> method steps are:
+
+  1. <span class=XXX>TODO</span>
+</div>
+
 <h3 id=fence-interface>The {{Fence}} interface</h3>
 
 Several APIs specific to fenced frames are defined on the {{Fence}} interface.

From 208b0044d669b3e0de3e1976c8a2ca8a4f01013e Mon Sep 17 00:00:00 2001
From: Garrett Tanzer <gtanzer@chromium.org>
Date: Mon, 17 Apr 2023 19:16:46 +0000
Subject: [PATCH 40/42] use map/key and map/value

---
 spec.bs | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/spec.bs b/spec.bs
index 828cbe78..0cb11190 100644
--- a/spec.bs
+++ b/spec.bs
@@ -586,7 +586,8 @@ A <dfn export>fenced frame config instance</dfn> is a struct with the following
   :: null, or an [=fencedframetype/exfiltration budget metadata reference=]
 
   : <dfn>nested configs</dfn>
-  :: null, or a sequence of pairs of [=urn uuids=] and [=fenced frame configs=]
+  :: null, or an [=ordered map=] whose [=map/keys=] are [=urn uuids=] and whose [=map/values=] are
+     [=fenced frame configs=]
 
   : <dfn>partition nonce</dfn>
   :: a [=partition nonce=]

From 975531373d48de6565c8545d0b7b8b6ccfa4d164 Mon Sep 17 00:00:00 2001
From: Dominic Farolino <domfarolino@gmail.com>
Date: Tue, 18 Apr 2023 01:32:57 +0200
Subject: [PATCH 41/42] Small type adjustments, TODOs, and style

---
 spec.bs | 44 +++++++++++++++++++++++++++++---------------
 1 file changed, 29 insertions(+), 15 deletions(-)

diff --git a/spec.bs b/spec.bs
index 0cb11190..221d42b1 100644
--- a/spec.bs
+++ b/spec.bs
@@ -418,12 +418,14 @@ collection of fields that can be loaded into <{fencedframe}> elements and that s
 resulting environments. [=Fenced frame configs=] can only be constructed by web platform APIs, not
 initialized or modified arbitrarily. Their fields also contain "[=visibilities=]", which dictate
 whether the field should be "redacted" when inspected through the {{FencedFrameConfig}} interface.
-Config-generating APIs must specify values for all fields of their fenced frame configs in order to
-ensure that they have considered the privacy implications of each field, though they may choose to
-set the values to null.
+Config-generating APIs (like <a href=https://wicg.github.io/turtledove/>FLEDGE</a> and <a
+href=https://wicg.github.io/shared-storage/>Shared Storage</a>) must specify values for all fields
+of their fenced frame configs in order to ensure that they have considered the privacy implications
+of each field, though they may choose to set the values to null.
 
-Each time a fenced frame config is loaded into a <{fencedframe}> element, it is instantiated as a
-new [=fenced frame config instance=], which governs that particular context.
+Each time a <{fencedframe}> navigates to a [=fenced frame config=], it is instantiated as a new
+[=fenced frame config instance=], which governs that particular context inside the [=fenced
+navigable container/fenced navigable=].
 
 <h4 id=fenced-frame-config-struct>The [=fenced frame config=] [=struct=]</h4>
 
@@ -443,9 +445,11 @@ An <dfn export for=fencedframetype>interest group descriptor</dfn> is a struct w
 for="interest group descriptor">owner</dfn>, which is a string, and <dfn export for="interest group
 descriptor">name</dfn>, which is a string.
 
-An <dfn export for=fencedframetype>exhaustive set of sandbox flags</dfn> is <span class=XXX>TODO: Specify the type for this.</span>
+An <dfn export for=fencedframetype>exhaustive set of sandbox flags</dfn> is a [=sandboxing flag
+set=].
 
-An <dfn export for=fencedframetype>exhaustive set of permissions</dfn> is <span class=XXX>TODO: Specify the type for this.</span>
+An <dfn export for=fencedframetype>exhaustive set of permissions</dfn> is a [=list=] of
+[=policy-controlled features=].
 
 A <dfn export for=fencedframetype>fenced frame reporter</dfn> is <span class=XXX>TODO: Specify the type for this.</span>
 
@@ -470,7 +474,7 @@ A <dfn export for=fencedframetype>fenced frame reporter</dfn> is <span class=XXX
 An <dfn export for=fencedframetype>exfiltration budget metadata</dfn> is a struct containing an
 <dfn export for="exfiltration budget metadata">origin</dfn>, which is an [=origin=]; and an <dfn
 export for="exfiltration budget metadata">amount to debit</dfn>, which is a non-negative valid
-floating point number <span class=XXX>TODO: ref to float</span>.
+floating point number.
 
 An <dfn export for=fencedframetype>exfiltration budget metadata reference</dfn> is a struct
 containing an <dfn export for="exfiltration budget metadata reference">origin</dfn>, which is an
@@ -480,7 +484,10 @@ reference</dfn>, which is a mutable reference to a non-negative valid floating p
 
 An <dfn export for=fencedframetype>embedder shared storage context</dfn> is a string.
 
-A <dfn export>partition nonce</dfn> is <span class=XXX>TODO: Specify the type for this.</span>
+A <dfn export>partition nonce</dfn> is an [=implementation-defined=] value.
+
+Note: This is similar to the <a href=https://fetch.spec.whatwg.org/#network-partition-key>network
+partition key</a> used by <a href=https://fetch.spec.whatwg.org/>Fetch</a>.
 
 A <dfn export>fenced frame config</dfn> is a struct with the following [=struct/items=]:
 
@@ -650,7 +657,7 @@ A <dfn export>fenced frame config instance</dfn> is a struct with the following
            frame config=]. <span class=XXX>TODO: Write this in the proper syntax</span>
 
     : [=fenced frame config instance/partition nonce=]
-    :: a random [=partition nonce=] <span class=XXX>TODO: Specify what this means</span>
+    :: a random, unique [=partition nonce=]
 
     : [=fenced frame config instance/embedder shared storage context=]
     :: |config|'s [=fenced frame config/embedder shared storage context=]
@@ -681,6 +688,9 @@ maps to an internal [=fenced frame config=] [=struct=].
 
 Issue: Fix the "indistinguishable" IDL bug with the unions above.</span>
 
+Each {{FencedFrameConfig}} has a <dfn for=fencedframeconfig>url</dfn>, which is a [=URL=] or null,
+initially null.
+
 1. <span class=XXX>TODO: add more fields to {{FencedFrameConfig}}</span>
 
 <div algorithm="url getter">
@@ -742,6 +752,9 @@ Several APIs specific to fenced frames are defined on the {{Fence}} interface.
   1. Let |instance| be [=this=]'s [=relevant global object=]'s [=associated Document=]'s [=node
      navigable=]'s [=navigable/traversable navigable=]'s [=fenced frame config instance=].
 
+     <span class=XXX>This and the below references should point to an actual member on [=traversable
+     navigable=], not just the type.</span>
+
   1. If |instance| is null, then return.
 
   1. If |instance|'s [=fenced frame config instance/mapped url=] is null, then the behavior is
@@ -760,7 +773,8 @@ Several APIs specific to fenced frames are defined on the {{Fence}} interface.
 </div>
 
 <div algorithm>
-  The <dfn method for=Fence>setReportEventDataForAutomaticBeacons(<var ignore>event</var>)</dfn> method steps are:
+  The <dfn method for=Fence>setReportEventDataForAutomaticBeacons(<var ignore>event</var>)</dfn>
+  method steps are:
 
   1. Let |instance| be [=this=]'s [=relevant global object=]'s [=associated Document=]'s [=node
      navigable=]'s [=navigable/traversable navigable=]'s [=fenced frame config instance=].
@@ -795,12 +809,12 @@ Several APIs specific to fenced frames are defined on the {{Fence}} interface.
 
   1. If |instance|'s [=fenced frame config instance/nested configs=] is null, then return.
 
-  1. Let |results| be a sequence of {{FencedFrameConfig}}s.
+  1. Let |results| be an empty [=list=] of {{FencedFrameConfig}}s.
 
-  1. For each [=urn uuid=] |urn| and [=fenced frame config=] |config| in |instance|'s
-     [=fenced frame config instance/nested configs=]:
+  1. [=map/For each=] |urn| → |config| of |instance|'s [=fenced frame config instance/nested
+     configs=]:
 
-     1. <span class="XXX"> construct a {{FencedFrameConfig}} from |config| and |urn|</span>.
+     1. <span class="XXX">TODO: construct a {{FencedFrameConfig}} from |config| and |urn|</span>.
 
   1. Return |results|.
 </div>

From 656609f729361a518636f91f3c6af7fe17691a2a Mon Sep 17 00:00:00 2001
From: Dominic Farolino <domfarolino@gmail.com>
Date: Tue, 18 Apr 2023 09:47:12 +0200
Subject: [PATCH 42/42] Assert mapped_url is non-null

---
 spec.bs | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

diff --git a/spec.bs b/spec.bs
index 221d42b1..41f38f75 100644
--- a/spec.bs
+++ b/spec.bs
@@ -688,8 +688,7 @@ maps to an internal [=fenced frame config=] [=struct=].
 
 Issue: Fix the "indistinguishable" IDL bug with the unions above.</span>
 
-Each {{FencedFrameConfig}} has a <dfn for=fencedframeconfig>url</dfn>, which is a [=URL=] or null,
-initially null.
+Each {{FencedFrameConfig}} has a <dfn for=fencedframeconfig>url</dfn>, which is a [=URL=].
 
 1. <span class=XXX>TODO: add more fields to {{FencedFrameConfig}}</span>
 
@@ -757,8 +756,7 @@ Several APIs specific to fenced frames are defined on the {{Fence}} interface.
 
   1. If |instance| is null, then return.
 
-  1. If |instance|'s [=fenced frame config instance/mapped url=] is null, then the behavior is
-     unspecified.
+  1. [=Assert=] |instance|'s [=fenced frame config instance/mapped url=] is not null.
 
   1. If the [=relevant settings object=]'s [=origin=] and |instance|'s
      [=fenced frame config instance/mapped url=]'s origin are not [=same origin=], then return.
@@ -781,8 +779,7 @@ Several APIs specific to fenced frames are defined on the {{Fence}} interface.
 
   1. If |instance| is null, then return.
 
-  1. If |instance|'s [=fenced frame config instance/mapped url=] is null, then the behavior is
-     unspecified.
+  1. [=Assert=] |instance|'s [=fenced frame config instance/mapped url=] is not null.
 
   1. If the [=relevant settings object=]'s [=origin=] and |instance|'s
      [=fenced frame config instance/mapped url=]'s origin are not [=same origin=], then return.
@@ -801,8 +798,7 @@ Several APIs specific to fenced frames are defined on the {{Fence}} interface.
 
   1. If |instance| is null, then return.
 
-  1. If |instance|'s [=fenced frame config instance/mapped url=] is null, then the behavior is
-     unspecified.
+  1. [=Assert=] |instance|'s [=fenced frame config instance/mapped url=] is not null.
 
   1. If the [=relevant settings object=]'s [=origin=] and |instance|'s
      [=fenced frame config instance/mapped url=]'s origin are not [=same origin=], then return.