Re: Privacy HR requested for JSON-LD 1.1 Syntax, API and Framing from Robert Sanderson on 2019-08-30 (public-privacy@w3.org from July to September 2019)

From: Robert Sanderson <azaroth42@gmail.com>
Date: Fri, 30 Aug 2019 11:50:08 -0700
To: Pete Snyder <psnyder@brave.com>
Cc: "public-privacy (W3C mailing list)" <public-privacy@w3.org>, W3C Chairs of JSON-LD WG <group-json-ld-wg-chairs@w3.org>
Message-ID: <CABevsUGq0GnGnK6MVcmmgMFz=oUQQToy6qGL60LkP5aOs3HAjA@mail.gmail.com>

Thanks so much, Pete!

Rob

On Fri, Aug 30, 2019 at 11:46 AM Pete Snyder <psnyder@brave.com> wrote:

> Hi Robert,
>
> Thank you for this, and for clarifying further.  I dont have any further
> privacy concerns, thanks for explaining further.  I dont know if you will
> get concerns about the WebIDL being kinda/sorta not correct since its not
> really hanging off the Window interface, but thats not my department, and
> seems you’ve already thought through that anyway :)
>
> Thanks!
>
> Pete Snyder
> {pes,psnyder}@brave.com
> Brave Software
> Privacy Researcher
>
> > On Aug 29, 2019, at 12:37 PM, Robert Sanderson <azaroth42@gmail.com>
> wrote:
> >
> >
> > Dear Pete, all,
> >
> > We have an issue in our tracker here:
> https://github.com/w3c/json-ld-wg/issues/88 for Privacy horizontal
> review.  We've tried to capture the discussion in this thread there, I hope
> that's okay.
> > Unless we hear back that there's a problem that needs to be addressed,
> we feel that as this is a strange edge case and we don't introduce any new
> state tracking or other features that might impinge on users' privacy, that
> we are okay to proceed to CR.
> >
> > If there is a need to continue discussion, would it be possible to meet
> at TPAC?
> >
> > Many thanks for your time in helping to understand the issues!
> >
> > Rob Sanderson & Benjamin Young (Co-chairs of JSON-LD WG)
> >
> >
> > On Thu, Aug 15, 2019 at 10:37 AM Robert Sanderson <azaroth42@gmail.com>
> wrote:
> >
> > Dear Pete, all,
> >
> > Sincere apologies for the silence, I was on vacation and then had to
> catch up with regular work fires.
> >
> > We discussed the questions in the WG and feel that you're right that the
> situation is a clear edge case. We have been encouraged to use WebIDL for
> consistency with other specifications, and even to the point of having to
> put in slightly spurious fields (such as that the scope is a window,
> because respec requires that field to be present or it raises errors!).
> >
> > In terms of the interactions, by browser or other client system, all of
> the interactions fall through to the existing APIs such as XMLHttpRequest
> and Fetch. We don't make any requirements there, and expect that the
> cookies and other headers that the user has allowed to be sent will be
> sent. For example, if the client needs to be authenticated in order to
> retrieve a JSON-LD context file, then the authentication information should
> be sent in the regular way.  So we can't say MUST NOT send any state or
> user tracking information, but we certainly neither require any in
> particular, nor have any special considerations.
> >
> > Hope that answers the questions, and thank you for your patience and
> engagement with the complexities here!
> >
> > Rob
> >
> >
> >
> > --
> > Rob Sanderson
> > Semantic Architect
> > The Getty Trust
> > Los Angeles, CA 90049
>
>

-- 
Rob Sanderson
Semantic Architect
The Getty Trust
Los Angeles, CA 90049

Received on Friday, 30 August 2019 18:50:43 UTC