- From: Annette Greiner <amgreiner@lbl.gov>
- Date: Mon, 17 Dec 2018 09:58:45 -0800
- To: public-dxwg-wg@w3.org
oops, sorry, my comments were for the prof conneg doc, not the guidance! -Annette On 12/15/18 12:08 PM, Nicholas Car via GitHub wrote: > Questions from https://w3ctag.github.io/security-questionnaire/ with > answers: > **4.1 What information might this feature expose to Web sites or other > parties, and for what purposes is that exposure necessary?** Guidance > document - no code/system exposing anything directly. > **4.2 Is this specification exposing the minimum amount of information > necessary to power the feature?** N/A > **4.3 How does this specification deal with personal information or > personally-identifiable information or information derived thereof?** > It does not. > **4.4 How does this specification deal with sensitive information?** > It does not. > **4.5 Does this specification introduce new state for an origin that > persists across browsing sessions?** No. > **4.6 What information from the underlying platform, e.g. > configuration data, is exposed by this specification to an origin?** N/A > **4.7 Does this specification allow an origin access to sensors on a > user’s device?** No. > **4.8 What data does this specification expose to an origin? Please > also document what data is identical to data exposed by other > features, in the same or different contexts.** N/A > **4.9 Does this specification enable new script execution/loading > mechanisms?** No. > **4.10 Does this specification allow an origin to access other > devices?** No. > **4.11 Does this specification allow an origin some measure of control > over a user agent’s native UI?** No. > **4.12 What temporary identifiers might this this specification create > or expose to the web?** No temporary identifiers. Use of it will > ultimately generate persistent identifiers (URIs) for documents > (profiles). > **4.13 How does this specification distinguish between behavior in > first-party and third-party contexts?** It does not. > **4.14 How does this specification work in the context of a user > agent’s Private \ Browsing or "incognito" mode?** N/A > **4.15 Does this specification have a "Security Considerations" and > "Privacy Considerations" section?** Yes but a trivial one for now. To > be updated. > **4.16 Does this specification allow downgrading default security > characteristics?** No or N/A. > **4.17 What should this questionaire have asked?** I can't think of > what it could ask to better probe potential privacy issues for this > kind of Guidance document. > > -- Annette Greiner NERSC Data and Analytics Services Lawrence Berkeley National Laboratory
Received on Monday, 17 December 2018 17:59:00 UTC