- From: Jason A. Novak <jnovak@apple.com>
- Date: Thu, 13 Sep 2018 10:58:05 -0500
- To: "public-privacy@w3.org" <public-privacy@w3.org>
- Cc: Christine Runnegar <runnegar@isoc.org>, Tara Whalen <tjwhalen@google.com>, Samuel Weiler <weiler@w3.org>
- Message-id: <2D34BDE6-EB24-4B8C-8B75-51FF466D6AF9@apple.com>
Following up on our last PING call, Sam, Christine, Tara and I talked about next-steps on PING submitting possible edits to the TAG’s Security & Privacy Questionnaire. To avoid inundating the TAG with issues/pull requests (PR) they would have to review and resolve any diffs between, we would like to submit to GitHub a consolidated set of issues/pull requests from PING that we have consensus behind. We initially had a goal of trying to get a finalized document by TPAC but, given timing it seems more likely at this point that we’ll have a pre-final draft to review at TPAC. A couple of goals of this process are to: - Submit PRs we have consensus on; - Have the PRs be a reasonable size so that the editors can handle conflicts/merging sanely; and - Obsoleting old privacy documents that are out there. Below is a proposal for us to discuss on the call today to try and get a consolidated set of PING issues and PRs in GitHub, we propose the following process and schedule: a subset of this group would review a subset of the existing Security & Privacy Questionnaire and come to consensus on what a set of desired edits would be for a given section over the course of a given week. On the Friday of that week, the desired edits would be submitted as a PR to GitHub for PING to review and comment on while the subgroup continues to move forward informed by the ongoing discussion. If you want to be part of the subgroup, please contact me and the folks on CC. The red bold dates below will be replaced with real dates following today’s call. The schedule would be: Before Week 1 - Review the following documents and determine what information should be brought into the main questionnaire (if any). If there are any documents we establish consensus on as having no information to bring into the questionnaire, we’ll obsolete them immediately. - https://github.com/w3c/ping/blob/master/privacy-questions.html <https://github.com/w3c/ping/blob/master/privacy-questions.html> - https://github.com/gnorcie/ping-privacy-questions <https://github.com/gnorcie/ping-privacy-questions> - These two are the same document substantively; expect that one can be obsoleted immediately. - https://www.w3.org/wiki/Privacy_and_security_questionnaire <https://www.w3.org/wiki/Privacy_and_security_questionnaire> - https://www.w3.org/wiki/Privacy/Privacy_Considerations <https://www.w3.org/wiki/Privacy/Privacy_Considerations> - Expect that this can be obsoleted immediately - https://w3c.github.io/privacy-considerations/ <https://w3c.github.io/privacy-considerations/> - https://www.w3.org/TR/fingerprinting-guidance/ <https://www.w3.org/TR/fingerprinting-guidance/> - Probably will reference it in the questionnaire understanding that Nick is working on finalizing it. Week 1 - Discussion regarding PING’s goals for the questionnaire — how does it feed into the review process writ large, what the format of privacy and security consideration sections should be, etc. Friday of Week 1 - Output of discussion circulated to group for review. Week 2 - Review of Introduction and Threat Models. Friday of Week 2 - Desired edits circulate to PING for discussion as PRs in GitHub. Week 3 - Review of Questions to Consider. Friday of Week 3 - Desired edits circulated to PING for discussion as PRs in GitHub. Week 4 - Review of Mitigation Strategies. Friday of Week 4 - Desired edits circulated to PING for discussion as PRs in GitHub. Week 5 - Ensure that all discussions points on previous weeks’ outputs have been incorporated into the issues / PRs. Friday of Week 5 - Circulate finalized issues to PING for review/discussion as PRs in GitHub. Welcome any and all thoughts on the process or timeline. J > On Sep 11, 2018, at 5:59 PM, Christine Runnegar <runnegar@isoc.org> wrote: > > Colleagues, > > A friendly reminder that the next PING call is on Thursday 13 September 2018 at UTC 16. > > We will be discussing potential updates, additions and improvements to the TAG self-review security and privacy questionnaire that Working Groups use to assess privacy and security considerations as they develop specifications. > > You can find the latest version of the document here: https://w3ctag.github.io/security-questionnaire/ > > If there is anything else you would like to add to the agenda, please let us know. > > To obtain the Webex login details, please go to: https://www.w3.org/2018/08/ping-webex.html > > (Note that W3C login credentials will be needed. If you are not able to access this information please contact me off list.) > > Please also join us on IRC on the #privacy channel: > > Server: irc.w3.org > Username: <your name> > Port: 6667 or 6665 > Channel: #privacy > > Christine > > > >
Received on Thursday, 13 September 2018 15:58:58 UTC