Re: Request Privacy Review of Resource Timing Level 2 from Jeffrey Yasskin on 2019-12-06 (public-privacy@w3.org from October to December 2019)

From: Jeffrey Yasskin <jyasskin@google.com>
Date: Fri, 6 Dec 2019 10:02:41 -0800
To: Pete Snyder <psnyder@brave.com>
Cc: Xiaoqian Wu <xiaoqian@w3.org>, public-privacy <public-privacy@w3.org>, Yoav Weiss <yoav@yoav.ws>
Message-ID: <CANh-dX=JnoF=A7ouoPoRnWeoZhN=Y1NjSY9kKoogV+QTWxkmQg@mail.gmail.com>

I believe the PING did a privacy review of https://www.w3.org/TR/hr-time-2/,
with comments that the Director ultimately decided not to act on.
This email appears to be requesting a review of
https://www.w3.org/TR/resource-timing-2/. (The
https://www.w3.org/TR/performance-timeline-2/ URL looks like a mistaken
holdover from
https://lists.w3.org/Archives/Public/public-privacy/2019OctDec/0056.html.)
Resource Timing could have its own privacy issues that are completely
independent of any issues in HR-Time-2, so it seems to deserve its own
privacy review, where we assume the rejected HR-Time issue is an acceptable
risk.

Does that make sense?
Jeffrey

On Wed, Dec 4, 2019 at 11:51 AM Pete Snyder <psnyder@brave.com> wrote:

> We did a privacy review and the results were not welcomed by the WG and
> the issue was decided by the director.
>
> Is this a request for _another_ full privacy review, or a new review for
> issues district from the previously discussed one?
>
> > On Dec 4, 2019, at 3:56 AM, Xiaoqian Wu <xiaoqian@w3.org> wrote:
> >
> > Hi PING,
> >
> > The WebPerf WG is preparing to move the Resource Timing Level 2 spec to
> CR,
> >   https://www.w3.org/TR/performance-timeline-2/
> >
> > This spec defines a PerformanceResourceTiming interface, which
> participates in the Performance Timeline and facilitates timing measurement
> of downloadable resources. The information exposed by this interface is
> defined by a set of attributes[1] in the PerformanceResourceTiming
> interface.
> >
> > For Cross-origin Resources, the spec defines a Timing-Allow-Origin
> Response Header[2] and a timing allow check algorithm to determine whether
> their information can be fully exposed. Please also look at the Privacy and
> Security section[3] for more detail.
> >
> > Please let us know if there is any privacy concern for Performance
> Timeline before the end of January, either by email <
> public-web-perf@w3.org> or use GitHub issues <
> https://github.com/w3c/resource-timing>.
> >
> > Thanks.
> >
> > -xiaoqian
> >
> > [1]
> https://www.w3.org/TR/resource-timing-2/#sec-performanceresourcetiming
> > [2] https://www.w3.org/TR/resource-timing-2/#dfn-timing-allow-check
> > [3] https://www.w3.org/TR/resource-timing-2/#sec-privacy-security
> >
> >
>
>
>

Received on Friday, 6 December 2019 18:02:56 UTC