PING Security / Privacy review from Charles LaPierre on 2020-01-02 (public-personalization-tf@w3.org from January 2020)

From: Charles LaPierre <charlesl@benetech.org>
Date: Thu, 2 Jan 2020 16:54:13 +0000
To: public-personalization-tf <public-personalization-tf@w3.org>
Message-ID: <DDB7A99E-1E1D-4254-B515-FD7E16D02683@benetech.org>

Hello everyone, and Happy new Year!

One of my tasks was to perform a Security / Privacy audit of our Personalization Semantics module 1 on adaptable content.

Here is a link to the GitHub issue<https://github.com/w3c/personalization-semantics/issues/131> [1] I created with the answers to the questionnaire from PING WG.
Please review this and see if you all agree or have any improvements we can make to this document before we send it to the PING WG.  I didn’t know the answer to 2.16 Does this specification allow downgrading default security characteristics? And they also asked in 2.15 Does this specification have a "Security Considerations" and "Privacy Considerations" section? Which we don’t have.  So I think we need tp add a new section to our spec for Privacy and Security Considerations and reiterate what I said in this questionnaire.

[1] https://github.com/w3c/personalization-semantics/issues/131


Thanks
EOM
Charles LaPierre
Technical Lead, DIAGRAM and Born Accessible
Twitter: @CLaPierreA11Y
Skype: charles_lapierre

Received on Thursday, 2 January 2020 16:54:18 UTC