- From: Christine Runnegar <runnegar@isoc.org>
- Date: Wed, 13 Jul 2016 05:45:49 +0000
- To: Nick Doty <npdoty@ischool.berkeley.edu>
- CC: "public-privacy (W3C mailing list)" <public-privacy@w3.org>
As Nick says, it would be great to have a volunteer. Also, some members of the Device & Sensors WG have kindly agreed to join our PING call on Thursday 28 July UTC 16 to discuss the specification and its privacy considerations. Christine > On 12 Jul 2016, at 10:36 PM, Nick Doty <npdoty@ischool.berkeley.edu> wrote: > > Anyone on public-privacy interested in taking the lead on a privacy review of Wake Lock over the next 6 weeks? > > This is highlighted for WebAppSec folks, but it might also be relevant to this and other specs on privacy: >> proposed approach to manage permissions to use the Wake Lock API, whereby an embedded cross-origin browsing context is never allowed, as described in the first note in section 5. > > How permissions are handled for embedded contexts seems to be a frequently-arising issue. > —Nick > >> Begin forwarded message: >> >> From: Frederick Hirsch <w3c@fjhirsch.com> >> Subject: RfC: Wide review of Wake Lock API; deadline August 31st >> Date: July 11, 2016 at 5:41:07 PM PT >> Cc: public-review-announce@w3.org, Chairs Chairs <chairs@w3.org>, Dominique Hazael-Massieux <dom@w3.org> >> Resent-From: public-review-announce@w3.org >> Archived-At: <http://www.w3.org/mid/93AD5CF1-197D-43EF-B201-9633DFF718F0@fjhirsch.com> >> >> Dear Chairs of APA WG, PING, WebAppSec WG, Web Platform WG, TAG, CSS WG, Web Perf WG: >> >> The Device & Sensors Working Group is soliciting the review of your groups on the Wake Lock API on our way to Candidate Recommendation status: >> https://www.w3.org/TR/wake-lock/ >> >> From APA, PING and WebAppSec, we hope to get a review from an accessibility, privacy and security perspective of the specification. >> >> We particularly call upon the attention of the WebAppSec WG on the proposed approach to manage permissions to use the Wake Lock API, whereby an embedded cross-origin browsing context is never allowed, as described in the first note in section 5. >> >> For both WebAppSec and PING, we note that the group used the self-review questionnaire in the development of this specification: >> https://lists.w3.org/Archives/Public/public-device-apis/2016Mar/att-0038/00-part >> >> From WebPlatform and TAG, we hope to get a review of the overall API and its insertion in the rest of the platform. >> >> Since the API extends the Screen interface defined by the CSS WG in the CSSOM View module, the CSS WG might wish to confirm this extension is in-line with the design of the interface. >> >> Likewise, since the API relies on the Page Visibility state defined by the WebPerf WG, that group might wish to comment on the proper usage of that signal. >> >> Reviews from other groups are also naturally welcome. >> >> We would appreciate to receive your feedback before the end of August; the preferred method for feedback is to file issues in our github repository: https://github.com/w3c/wake-lock/issues ; >> >> alternatively, send a mail to our public mailing list public-device-apis@w3.org with a subject prefixed with [wake-lock]. >> >> Thank you >> >> regards, Frederick >> >> Frederick Hirsch >> Device & Sensors Working Group Chair >> >> @fjhirsch
Received on Wednesday, 13 July 2016 05:46:21 UTC