- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Sun, 29 Mar 2026 09:36:47 -0400
- To: Simone Onofri <simone@w3.org>
- Cc: public-security@w3.org, public-privacy@w3.org
On Sun, Mar 29, 2026 at 6:06 AM Simone Onofri <simone@w3.org> wrote: > For now, a common approach for review (I was reading the Privacy documentation, too) is precisely to understand the use cases (which are in the first sections of a specification), and then to use as a drive the security consideration sections to understand what the threats are and how they are managed, according to where the data pass (which is why one or more diagrams are useful). Thanks for the information, Simone. Unfortunately, it doesn't answer my question concretely. I'm not looking for a "you can do this, or you can do that" sort of response. I want to know what the review criteria are for new specifications going through the W3C Process. Is there an option to drop the Privacy and Security Considerations sections in lieu of a Threat Model? -- manu -- Manu Sporny - https://www.linkedin.com/in/manusporny/ Founder/CEO - Digital Bazaar, Inc. https://www.digitalbazaar.com/
Received on Sunday, 29 March 2026 13:37:28 UTC