- From: Nicholas Car via GitHub <sysbot+gh@w3.org>
- Date: Sat, 15 Dec 2018 20:08:21 +0000
- To: public-dxwg-wg@w3.org
Questions from https://w3ctag.github.io/security-questionnaire/ with answers: **4.1 What information might this feature expose to Web sites or other parties, and for what purposes is that exposure necessary?** Guidance document - no code/system exposing anything directly. **4.2 Is this specification exposing the minimum amount of information necessary to power the feature?** N/A **4.3 How does this specification deal with personal information or personally-identifiable information or information derived thereof?** It does not. **4.4 How does this specification deal with sensitive information?** It does not. **4.5 Does this specification introduce new state for an origin that persists across browsing sessions?** No. **4.6 What information from the underlying platform, e.g. configuration data, is exposed by this specification to an origin?** N/A **4.7 Does this specification allow an origin access to sensors on a user’s device?** No. **4.8 What data does this specification expose to an origin? Please also document what data is identical to data exposed by other features, in the same or different contexts.** N/A **4.9 Does this specification enable new script execution/loading mechanisms?** No. **4.10 Does this specification allow an origin to access other devices?** No. **4.11 Does this specification allow an origin some measure of control over a user agent’s native UI?** No. **4.12 What temporary identifiers might this this specification create or expose to the web?** No temporary identifiers. Use of it will ultimately generate persistent identifiers (URIs) for documents (profiles). **4.13 How does this specification distinguish between behavior in first-party and third-party contexts?** It does not. **4.14 How does this specification work in the context of a user agent’s Private \ Browsing or "incognito" mode?** N/A **4.15 Does this specification have a "Security Considerations" and "Privacy Considerations" section?** Yes but a trivial one for now. To be updated. **4.16 Does this specification allow downgrading default security characteristics?** No or N/A. **4.17 What should this questionaire have asked?** I can't think of what it could ask to better probe potential privacy issues for this kind of Guidance document. -- GitHub Notification of comment by nicholascar Please view or discuss this issue at https://github.com/w3c/dxwg/issues/478#issuecomment-447594547 using your GitHub account
Received on Saturday, 15 December 2018 20:08:23 UTC