FYI: Update documents from the W3C TAG on security, privacy, and API design from Ian Jacobs on 2020-05-12 (public-payments-wg@w3.org from May 2020)

From: Ian Jacobs <ij@w3.org>
Date: Tue, 12 May 2020 17:31:46 -0500
To: Web Payments Working Group <public-payments-wg@w3.org>
Message-Id: <CF67C635-51DD-41E8-A066-9EF9FCA87402@w3.org>

Dear WPWG,

W3C’s Technical Architecture Group (TAG [1]) has updated two documents that should be of interest to 
all groups, and is relevant to our discussion about payment app privacy considerations:

    Self-Review Questionnaire: Security and Privacy
    https://www.w3.org/TR/2020/NOTE-security-privacy-questionnaire-1-20200508/ 

   Client-Side API Design Principles
    https://w3ctag.github.io/design-principles/

I’ve included a short description of each below.

Ian

[1] https://tag.w3.org/

=====

The Security & Privacy Questionnaire is a guide for specification developers as a ”help in considering the privacy impact of a new feature or specification as well as common mitigation strategies for common privacy impacts.”  The TAG requests that any specification reviews submitted to our design review repo [2] should include a response to this questionnaire to ensure that key privacy & security issues have been taken into account, ideally at the design stage. The updates to this document are minor[1], however it's notable that this document, originally developed by Mike West, adopted by the TAG and subsequently updated as a joint piece of work  between the TAG and PING (with contributions by Lukasz Olejnik and Jason Novak) has now been renewed as a joint TAG/PING document with Theresa O’Connor (as TAG member) and Pete Snyder (as PING member) as joint editors. We would like to thank PING for their continued engagement on this important document.

The Client-Side API Design Principles document (Sangwhan Moon, editor) started off as a repository for some of the design principles that emerged from our discussions in reviewing developing specifications. We encourage specification developers to read this document and use it as a resource when making design decisions. The document recently been updated with a number of new contributions and sections, including bringing over clauses from the HTML Design Principles document[3]. We have also added new principles related to private browsing mode and assistive technologies, a set of CSS principles, and call-outs to our TAG Ethical Web Principles[4] where applicable to illustrate where these principles have ethical underpinning.  

1. https://github.com/w3ctag/security-questionnaire/pull/72/commits/ce34f29ed40f1cafed98a0bf3530f3d4040b07e5
2. https://github.com/w3ctag/design-reviews/issues
3. https://github.com/w3ctag/design-principles/projects/1
4. https://www.w3.org/2001/tag/doc/ethical-web-principles/
--
Ian Jacobs <ij@w3.org>
https://www.w3.org/People/Jacobs/
Tel: +1 718 260 9447

Received on Tuesday, 12 May 2020 22:31:50 UTC