[review] Performance API's, Security and Privacy from Ilya Grigorik on 2016-05-25 (public-webappsec@w3.org from May 2016)

From: Ilya Grigorik <igrigorik@gmail.com>
Date: Wed, 25 May 2016 10:36:22 -0700
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Cc: Todd Reifsteck <toddreif@microsoft.com>, Philippe Le Hégaret <plh@w3.org>
Message-ID: <CAKRe7JGgMfqxSZR2BTwSprmoz-6Qa9gbR0dbgCEhWAgDc=4xbQ@mail.gmail.com>

Hey all.

Would love to hear any thoughts or comments on a note we've been working on
over at webperf (for motivation, see [1]):

"The fact that something is possible to measure, and may even be highly
desirable and useful to expose to developers, does not meant that it can be
exposed as runtime JavaScript API in the browser, due to various privacy
and security constraints. The goal of this document is to explain why that
is the case, and to provide guidance for what needs to be considered when
making or evaluating a proposal for such APIs."

https://w3c.github.io/perf-security-privacy/

ig

[1] https://lists.w3.org/Archives/Public/public-web-perf/2016Apr/0010.html

Received on Wednesday, 25 May 2016 17:44:36 UTC