- From: Andrey Logvinov via GitHub <sysbot+gh@w3.org>
- Date: Wed, 15 Feb 2017 10:37:40 +0000
- To: public-device-apis-log@w3.org
I re-ran the self-review questionnaire: https://www.w3.org/TR/security-privacy-questionnaire/#questions > 3.1. Does this specification deal with personally-identifiable information? No. > 3.2. Does this specification deal with high-value data? No. > 3.3. Does this specification introduce new state for an origin that persists across browsing sessions? No. > 3.4. Does this specification expose persistent, cross-origin state to the web? No. The specification does expose cross-origin state (current wake lock status), but it is not persistent. > 3.5. Does this specification expose any other data to an origin that it doesn’t currently have access to? Yes. Origin A can listen to the global wake lock state, and origin B could request the wake lock, thereby modifying the global wake lock state. This way, origin A can observe actions of origin B. > 3.6. Does this specification enable new script execution/loading mechanisms? No. > 3.7. Does this specification allow an origin access to a user’s location? No. > 3.8. Does this specification allow an origin access to sensors on a user’s device? No. > 3.9. Does this specification allow an origin access to aspects of a user’s local computing environment? Yes, indirectly. The specification allows to check if a particular wake lock type is supported, thus providing some information about device capabilities. > 3.10. Does this specification allow an origin access to other devices? No. > 3.11. Does this specification allow an origin some measure of control over a user agent’s native UI? Yes, as it prevents the entire screen from going blank, including the native UI elements. > 3.12. Does this specification expose temporary identifiers to the web? No. > 3.13. Does this specification distinguish between behavior in first-party and third-party contexts? Yes, as it contains a provision that only same-origin frames can request wake locks. > 3.14. How should this specification work in the context of a user agent’s "incognito" mode? Exactly the same way as in non-incognito mode (matching the "ideally" option). > 3.15. Does this specification persist data to a user’s local device? No. > 3.16. Does this specification have a "Security Considerations" and "Privacy Considerations" section? Yes. > 3.17. Does this specification allow downgrading default security characteristics? No. -- GitHub Notification of comment by andrey-logvinov Please view or discuss this issue at https://github.com/w3c/wake-lock/issues/89#issuecomment-279975936 using your GitHub account
Received on Wednesday, 15 February 2017 10:37:47 UTC