Re: Request Privacy Review of Resource Timing Level 2 from Xiaoqian Wu on 2019-12-11 (public-privacy@w3.org from October to December 2019)

From: Xiaoqian Wu <xiaoqian@w3.org>
Date: Wed, 11 Dec 2019 22:56:17 +0800
To: Jeffrey Yasskin <jyasskin@google.com>
Cc: Pete Snyder <psnyder@brave.com>, public-privacy <public-privacy@w3.org>, Yoav Weiss <yoav@yoav.ws>
Message-ID: <ac47a14518abeb99bbf705af9fc0b581@w3.org>

On 2019-12-07 02:02, Jeffrey Yasskin wrote:
> I believe the PING did a privacy review of
> https://www.w3.org/TR/hr-time-2/, with comments that the Director
> ultimately decided not to act on.
> This email appears to be requesting a review of
> https://www.w3.org/TR/resource-timing-2/. (The
> https://www.w3.org/TR/performance-timeline-2/ URL looks like a
> mistaken holdover from
> https://lists.w3.org/Archives/Public/public-privacy/2019OctDec/0056.html.)
> Resource Timing could have its own privacy issues that are completely
> independent of any issues in HR-Time-2, so it seems to deserve its own
> privacy review, where we assume the rejected HR-Time issue is an
> acceptable risk.
> 
> Does that make sense?

Exactly, thanks Jeffrey for the clarification! I apologise for the typo. 
Review from the PING is always highly appreciated by our working groups.

-xiaoqian

> Jeffrey
> 
> On Wed, Dec 4, 2019 at 11:51 AM Pete Snyder <psnyder@brave.com> wrote:
> 
>> We did a privacy review and the results were not welcomed by the WG
>> and the issue was decided by the director.
>> 
>> Is this a request for _another_ full privacy review, or a new review
>> for issues district from the previously discussed one?
>> 
>>> On Dec 4, 2019, at 3:56 AM, Xiaoqian Wu <xiaoqian@w3.org> wrote:
>>> 
>>> Hi PING,
>>> 
>>> The WebPerf WG is preparing to move the Resource Timing Level 2
>> spec to CR,
>>> https://www.w3.org/TR/performance-timeline-2/
>>> 
>>> This spec defines a PerformanceResourceTiming interface, which
>> participates in the Performance Timeline and facilitates timing
>> measurement of downloadable resources. The information exposed by
>> this interface is defined by a set of attributes[1] in the
>> PerformanceResourceTiming interface.
>>> 
>>> For Cross-origin Resources, the spec defines a Timing-Allow-Origin
>> Response Header[2] and a timing allow check algorithm to determine
>> whether their information can be fully exposed. Please also look at
>> the Privacy and Security section[3] for more detail.
>>> 
>>> Please let us know if there is any privacy concern for Performance
>> Timeline before the end of January, either by email
>> <public-web-perf@w3.org> or use GitHub issues
>> <https://github.com/w3c/resource-timing>.
>>> 
>>> Thanks.
>>> 
>>> -xiaoqian
>>> 
>>> [1]
>> 
> https://www.w3.org/TR/resource-timing-2/#sec-performanceresourcetiming
>>> [2]
>> https://www.w3.org/TR/resource-timing-2/#dfn-timing-allow-check
>>> [3] https://www.w3.org/TR/resource-timing-2/#sec-privacy-security
>>> 
>>>

Received on Wednesday, 11 December 2019 14:56:19 UTC