Re: Does our specification allow downgrading default security characteristics?

Here was the full question from PING for 2.16

2.16 Does this specification allow downgrading default security characteristics?

Does this feature allow for a site to opt-out of security settings to accomplish some piece of functionality? If so, in what situations does your specification allow such security setting downgrading and what mitigations are in place to make sure optional downgrading doesn’t dramatically increase risks?


Thanks
EOM
Charles LaPierre
Technical Lead, DIAGRAM and Born Accessible
Twitter: @CLaPierreA11Y
Skype: charles_lapierre


On Feb 10, 2020, at 8:06 AM, lisa.seeman <lisa.seeman@zoho.com<mailto:lisa.seeman@zoho.com>> wrote:

Do we feel our specification allow downgrading default security characteristics?

Note that we need to answer this as part of our PING ​review..

See issues/131<https://github.com/w3c/personalization-semantics/issues/131>

All the best



Lisa Seeman

LinkedIn<http://il.linkedin.com/in/lisaseeman/>, Twitter<https://twitter.com/SeemanLisa>