Re: Privacy review request for Accessible Rich Internet Applications (WAI-ARIA) 1.2

Hi James, thanks for bringing this to PING! I looked at the spec and filed
https://github.com/w3c/aria/issues/1371

On Mon, Nov 2, 2020 at 3:23 PM Christine Runnegar <runnegar@isoc.org> wrote:

> Thanks for sending in this request James. We will assign the review at our
> next PING meeting on 5 November 2020.
>
> Christine
>
> > On Oct 27, 2020, at 3:08 PM, James Nurthen <nurthen@adobe.com> wrote:
> >
> > The ARIA WG requests formal review of the Accessible Rich Internet
> Applications (WAI-ARIA) 1.2 CR:
> >    https://raw.githack.com/w3c/aria/2020-09_CR/index.html
> >
> >
> > This specification provides a framework to improve the accessibility and
> interoperability of web content and applications.
> > Changes since ARIA 1.1 can be found at
> https://raw.githack.com/w3c/aria/2020-09_CR/index.html#substantive-changes-since-the-last-public-working-draft
> and consist mostly of the addition of roles to get closer to parity with
> HTML in order to allow the creation of accessible web components.
> >
> >
> > This specification is in the “almost CR” stage of development, so we
> expect it
> > to transition, in more or less its current form, after completing
> horizontal
> > review.
> >
> > We do not have a privacy and security section as there was no content to
> add.
> >
> > Please raise any issues in the ARIA GitHub repo:
> >     https://github.com/w3c/aria/issues
> > and let us know when you have completed your review.
> >
> >
> > = Self-Review Questionnaire: Security and Privacy =
> >
> > 2.1 What information might this feature expose to Web sites or other
> parties,
> > and for what purposes is that exposure necessary?
> >
> > None. The specification enables authors to create information to be
> exposed to the accessibility APIs.
> >
> > 2.2 Is this specification exposing the minimum amount of information
> necessary
> > to power the feature?
> >
> > Yes
> >
> > 2.3 How does this specification deal with personal information or
> > personally-identifiable information or information derived thereof?
> >
> > Not applicable
> >
> > 2.4 How does this specification deal with sensitive information?
> >
> > Not applicable
> >
> > 2.5 Does this specification introduce new state for an origin that
> persists
> > across browsing sessions?
> >
> > No
> >
> > 2.6 What information from the underlying platform, e.g. configuration
> data, is
> > exposed by this specification to an origin?
> >
> > None
> >
> > 2.7 Does this specification allow an origin access to sensors on a
> user’s device
> >
> > No
> >
> > 2.8 What data does this specification expose to an origin? Please also
> > document what data is identical to data exposed by other features, in
> the same
> > or different contexts.
> >
> > None
> >
> > 2.9 Does this specification enable new script execution/loading
> mechanisms?
> >
> > No
> >
> > 2.10 Does this specification allow an origin to access other devices?
> >
> > No
> >
> > 2.11 Does this specification allow an origin some measure of control
> over a
> > user agent’s native UI?
> >
> > No
> >
> > 2.12 What temporary identifiers might this this specification create or
> expose
> > to the web?
> >
> > None
> >
> > 2.13 How does this specification distinguish between behavior in
> first-party
> > and third-party contexts?
> >
> > Not applicable
> >
> > 2.14 How does this specification work in the context of a user agent’s
> Private
> > Browsing or "incognito" mode?
> >
> > No difference
> >
> > 2.15 Does this specification have a "Security Considerations" and
> "Privacy
> > Considerations" section?
> >
> > No
> >
> > 2.16 Does this specification allow downgrading default security
> characteristics?
> >
> > No
> >
> > 2.17 What should this questionnaire have asked?
> >
> > Nothing springs to mind.
> >
> > Regards,
> > James
>
>