- From: Robert Sanderson <azaroth42@gmail.com>
- Date: Thu, 29 Aug 2019 12:37:37 -0700
- To: Pete Snyder <psnyder@brave.com>
- Cc: "public-privacy (W3C mailing list)" <public-privacy@w3.org>, W3C Chairs of JSON-LD WG <group-json-ld-wg-chairs@w3.org>
- Message-ID: <CABevsUGygdKZ6H4AUVUL+qAfFcmAxy0_NyZ+Z8niCVVxtW2mrg@mail.gmail.com>
Dear Pete, all, We have an issue in our tracker here: https://github.com/w3c/json-ld-wg/issues/88 for Privacy horizontal review. We've tried to capture the discussion in this thread there, I hope that's okay. Unless we hear back that there's a problem that needs to be addressed, we feel that as this is a strange edge case and we don't introduce any new state tracking or other features that might impinge on users' privacy, that we are okay to proceed to CR. If there is a need to continue discussion, would it be possible to meet at TPAC? Many thanks for your time in helping to understand the issues! Rob Sanderson & Benjamin Young (Co-chairs of JSON-LD WG) On Thu, Aug 15, 2019 at 10:37 AM Robert Sanderson <azaroth42@gmail.com> wrote: > > Dear Pete, all, > > Sincere apologies for the silence, I was on vacation and then had to catch > up with regular work fires. > > We discussed the questions in the WG and feel that you're right that the > situation is a clear edge case. We have been encouraged to use WebIDL for > consistency with other specifications, and even to the point of having to > put in slightly spurious fields (such as that the scope is a window, > because respec requires that field to be present or it raises errors!). > > In terms of the interactions, by browser or other client system, all of > the interactions fall through to the existing APIs such as XMLHttpRequest > and Fetch. We don't make any requirements there, and expect that the > cookies and other headers that the user has allowed to be sent will be > sent. For example, if the client needs to be authenticated in order to > retrieve a JSON-LD context file, then the authentication information should > be sent in the regular way. So we can't say MUST NOT send any state or > user tracking information, but we certainly neither require any in > particular, nor have any special considerations. > > Hope that answers the questions, and thank you for your patience and > engagement with the complexities here! > > Rob > > -- Rob Sanderson Semantic Architect The Getty Trust Los Angeles, CA 90049
Received on Thursday, 29 August 2019 19:38:15 UTC