W3C home > Mailing lists > Public > public-webappsec@w3.org > May 2016

[review] Performance API's, Security and Privacy

From: Ilya Grigorik <igrigorik@gmail.com>
Date: Wed, 25 May 2016 10:36:22 -0700
Message-ID: <CAKRe7JGgMfqxSZR2BTwSprmoz-6Qa9gbR0dbgCEhWAgDc=4xbQ@mail.gmail.com>
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Cc: Todd Reifsteck <toddreif@microsoft.com>, Philippe Le H├ęgaret <plh@w3.org>
Hey all.

Would love to hear any thoughts or comments on a note we've been working on
over at webperf (for motivation, see [1]):

"The fact that something is possible to measure, and may even be highly
desirable and useful to expose to developers, does not meant that it can be
exposed as runtime JavaScript API in the browser, due to various privacy
and security constraints. The goal of this document is to explain why that
is the case, and to provide guidance for what needs to be considered when
making or evaluating a proposal for such APIs."

https://w3c.github.io/perf-security-privacy/

ig

[1] https://lists.w3.org/Archives/Public/public-web-perf/2016Apr/0010.html
Received on Wednesday, 25 May 2016 17:44:36 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:20 UTC