W3C home > Mailing lists > Public > public-device-apis-log@w3.org > November 2019

Re: [sensors] Spec should include mandatory mitigations for privacy harms / risks (#397)

From: Anssi Kostiainen via GitHub <sysbot+gh@w3.org>
Date: Wed, 27 Nov 2019 12:46:00 +0000
To: public-device-apis-log@w3.org
Message-ID: <issue_comment.created-559073025-1574858759-sysbot+gh@w3.org>
Having read the [normative references considerations](https://www.w3.org/2013/09/normative-references), my assessment is we're able to normatively reference pre-CR documents in a CR given good rationale considering stability, schedule, and licensing dimensions. @plehegar to clarify.

Since stability of `permissions.request()` extension [PERMISSIONS-REQUEST] seemed to be the key concern out of these dimensions, I summarize related considerations below:

- [Generic Sensor API CR published 20 March 2018](https://www.w3.org/TR/2018/CR-generic-sensor-20180320/) contained a [normative reference to the Permissions API](https://www.w3.org/TR/2018/CR-generic-sensor-20180320/#references).
- The Permissions API spec [has not changed substantially](https://github.com/w3c/permissions/commits/master) since 20 March 2018.
- The `permissions.request()` extension [PERMISSIONS-REQUEST] has remained stable since 28 September 2017. Chrome has [indicated interest to implement](https://github.com/w3c/sensors/issues/388#issuecomment-471941760) this extension.
- Permissions API [PERMISSIONS] has a [normative dependency](https://w3c.github.io/permissions/#normative) on [PERMISSIONS-REQUEST].
- The `permissions.request()` defines reusable infrastructure. This suggests it is better defined as a Permissions API extension for reusability reasons, rather than in a domain-specific Generic Sensor API.


- Given [PERMISSIONS] and [PERMISSIONS-REQUEST] have remained stable for ~21 months and there has been implementer interest, we can publish a revised CR with pre-CR [PERMISSIONS] as a normative reference.

Assuming the Director is satisfied with the rationale, I think the following proposal made earlier addresses this issue satisfactorily, reproduced here for clarity:

>https://html.spec.whatwg.org/multipage/interaction.html#triggered-by-user-activation is added to https://wicg.github.io/permissions-request/#dom-permissions-request as a condition for success. This generalizes the already shipping pattern defined in https://w3c.github.io/deviceorientation/#dom-deviceorientationevent-requestpermission

@snyderp @reillyeon please confirm that you are satisfied with the proposal so that we can advance with the publication. Thank you!

GitHub Notification of comment by anssiko
Please view or discuss this issue at https://github.com/w3c/sensors/issues/397#issuecomment-559073025 using your GitHub account
Received on Wednesday, 27 November 2019 12:46:02 UTC

This archive was generated by hypermail 2.4.0 : Monday, 4 July 2022 12:47:57 UTC