Re: Privacy review request for Accessible Rich Internet Applications (WAI-ARIA) 1.2 from James Nurthen on 2020-12-16 (public-privacy@w3.org from October to December 2020)

From: James Nurthen <nurthen@adobe.com>
Date: Wed, 16 Dec 2020 19:34:31 +0000
To: Shivan Kaul Sahib <shivankaulsahib@gmail.com>, Christine Runnegar <runnegar@isoc.org>
CC: "public-privacy@w3.org" <public-privacy@w3.org>
Message-ID: <BY5PR02MB6979103A4E73AFD6C7B39CCFA6C50@BY5PR02MB6979.namprd02.prod.outlook.com>

Thanks.
As this is not a new issue in ARIA 1.2 can we address this in the ARIA 1.3 timeframe which is currently under active development? The plan is currently for a first public working draft early in the new year and a wide review draft in the first half of next year.

Regards,
James

James Nurthen (he/him)  |  Accessibility Engineer  |  Adobe  |  T 415 832 2734  |  nurthen@adobe.com



From: Shivan Kaul Sahib <shivankaulsahib@gmail.com>
Date: Wednesday, December 16, 2020 at 9:53 AM
To: Christine Runnegar <runnegar@isoc.org>
Cc: James Nurthen <nurthen@adobe.com>, public-privacy@w3.org <public-privacy@w3.org>
Subject: Re: Privacy review request for Accessible Rich Internet Applications (WAI-ARIA) 1.2
Hi James, thanks for bringing this to PING! I looked at the spec and filed https://github.com/w3c/aria/issues/1371

On Mon, Nov 2, 2020 at 3:23 PM Christine Runnegar <runnegar@isoc.org<mailto:runnegar@isoc.org>> wrote:
Thanks for sending in this request James. We will assign the review at our next PING meeting on 5 November 2020.

Christine

> On Oct 27, 2020, at 3:08 PM, James Nurthen <nurthen@adobe.com<mailto:nurthen@adobe.com>> wrote:
>
> The ARIA WG requests formal review of the Accessible Rich Internet Applications (WAI-ARIA) 1.2 CR:
>    https://raw.githack.com/w3c/aria/2020-09_CR/index.html
>
>
> This specification provides a framework to improve the accessibility and interoperability of web content and applications.
> Changes since ARIA 1.1 can be found at https://raw.githack.com/w3c/aria/2020-09_CR/index.html#substantive-changes-since-the-last-public-working-draft and consist mostly of the addition of roles to get closer to parity with HTML in order to allow the creation of accessible web components.
>
>
> This specification is in the “almost CR” stage of development, so we expect it
> to transition, in more or less its current form, after completing horizontal
> review.
>
> We do not have a privacy and security section as there was no content to add.
>
> Please raise any issues in the ARIA GitHub repo:
>     https://github.com/w3c/aria/issues
> and let us know when you have completed your review.
>
>
> = Self-Review Questionnaire: Security and Privacy =
>
> 2.1 What information might this feature expose to Web sites or other parties,
> and for what purposes is that exposure necessary?
>
> None. The specification enables authors to create information to be exposed to the accessibility APIs.
>
> 2.2 Is this specification exposing the minimum amount of information necessary
> to power the feature?
>
> Yes
>
> 2.3 How does this specification deal with personal information or
> personally-identifiable information or information derived thereof?
>
> Not applicable
>
> 2.4 How does this specification deal with sensitive information?
>
> Not applicable
>
> 2.5 Does this specification introduce new state for an origin that persists
> across browsing sessions?
>
> No
>
> 2.6 What information from the underlying platform, e.g. configuration data, is
> exposed by this specification to an origin?
>
> None
>
> 2.7 Does this specification allow an origin access to sensors on a user’s device
>
> No
>
> 2.8 What data does this specification expose to an origin? Please also
> document what data is identical to data exposed by other features, in the same
> or different contexts.
>
> None
>
> 2.9 Does this specification enable new script execution/loading mechanisms?
>
> No
>
> 2.10 Does this specification allow an origin to access other devices?
>
> No
>
> 2.11 Does this specification allow an origin some measure of control over a
> user agent’s native UI?
>
> No
>
> 2.12 What temporary identifiers might this this specification create or expose
> to the web?
>
> None
>
> 2.13 How does this specification distinguish between behavior in first-party
> and third-party contexts?
>
> Not applicable
>
> 2.14 How does this specification work in the context of a user agent’s Private
> Browsing or "incognito" mode?
>
> No difference
>
> 2.15 Does this specification have a "Security Considerations" and "Privacy
> Considerations" section?
>
> No
>
> 2.16 Does this specification allow downgrading default security characteristics?
>
> No
>
> 2.17 What should this questionnaire have asked?
>
> Nothing springs to mind.
>
> Regards,
> James

Received on Wednesday, 16 December 2020 19:34:48 UTC