W3C home > Mailing lists > Public > public-tt@w3.org > July 2017

FW: [DRAFT] horizontal review request to the TAG with Self-Review Questionnaire.

From: Nigel Megitt <nigel.megitt@bbc.co.uk>
Date: Thu, 27 Jul 2017 14:46:41 +0000
To: Timed Text Working Group <public-tt@w3.org>
Message-ID: <D59FBB33.45443%nigel.megitt@bbc.co.uk>
Thanks Thierry for putting this together, it looks good to me:

On 24/07/2017, 09:15, "Thierry MICHEL" <tmichel@w3.org> wrote:

>Nigel, Glenn,
>
>This is a DRAFT of the horizontal review request to the TAG including
>the Self-Review Questionnaire: Security and Privacy [6]
>
>Please review this message.
>
>The TAG document [5] does not really say where to send the self
>questionnaire answers. Therefore I plan to  send it to <www-tag@w3.org>.
>
>Horizontal Groups like WAI, I18N,  TAG etc, should track new FPWD and
>review those specs, without further notice.
>
>Thierry
>
>_______________________________
>
>
>Dear Technical Architecture Group,
>
>The W3C Timed Text Working Group has recently published a new working
>draft of the Timed Text Markup Language 2 (TTML2).
>
>https://www.w3.org/TR/2017/WD-ttml2-20170630/

>
>TTML2, provides a standardized representation of a particular subset of
>textual information with which stylistic, layout, and timing semantics
>are associated by an author or an authoring system for the purpose of
>interchange and processing.
>In addition to being used for interchange among legacy distribution
>content formats, TTML Content may be used directly as a distribution
>format, providing, for example, a standard content format to reference
>from a <track> element in an HTML5 document, or a <text> or <textstream>
>media element in a [SMIL 3.0] document.
>
>The TTML2 specification updates the TTML1 specification by adding
>vocabulary and semantics to address more of its core requirements,
>including the addition of support for:
>
>     raster images (both foreground and background)
>     author supplied fonts
>     audio descriptions and text to speech
>     ruby text annotations
>     improved vertical line layout
>     text emphasis, kerning, letter spacing, shadows, and variants
>     inline block layout
>     stereoscopic presentation (for 3-D viewing)
>     high definition resolution (HDR) presentation
>     continuous animation
>     hyperlinks
>     conditional element semantics
>     improved metadata extensibility
>     formalized intermediate document syntax
>     various other improvements and bug fixes
>
>The TTWG invites you to review this draft, and requests comments to be
>received by 30 Sept 2017. These comments will be used to fulfill the
>W3C Process [3] requirement for Wide Review of drafts, and  Horizontal
>Review [4]  prior to publication as Candidate Recommendation.
>
>If you wish to make comments regarding this document, please send them
>to public-tt@w3.org <mailto:public-tt@w3.org?subject=%5Bttml%5B> with
>[ttml2] at the start of your email's subject. All comments are welcome,
>however the scope of review will be mainly focused on the new features
>introduced in TTML2.
>
>A cumulative summary of all changes applied to this version since the
>current (TTML1, 2nd Edition) Recommendation was published is available
>for your convenience [5].
>
>
>
>
>The TTWG has also answered the Self-Review Questionnaire: Security and
>Privacy [6]. The TTWG answer are as follows:
>
>Questions to Consider:
>3.1 Does this specification deal with personally-identifiable
>information?
>--> NO it doesn't.
>
>3.2 Does this specification deal with high-value data?
>--> NO it doesn't.
>
>3.3 Does this specification introduce new state for an origin that
>persists across browsing sessions?
>--> NO it doesn't.
>
>3.4 Does this specification expose persistent, cross-origin state to the
>web?
>--> NO it doesn't.
>
>3.5 Does this specification expose any other data to an origin that it
>doesnt currently have access to?
>--> NO it doesn't.
>
>3.6 Does this specification enable new script execution/loading
>mechanisms?
>--> This question as worded is ambiguous to us; is it only about script
>loading and script execution ?
>In our case, a TTML2  document in which a change in the value of an
>externally passed in parameter or a media query (for example) may cause
>a modification of behavior, and this may lead to the loading of external
>resources including audio, images etc, though excluding scripts. We do
>not consider "condition" mechanism to be a scripting language.
>TTML2 allows loading of resources, just not scripts, and has fetch
>semantics by the introduction of external resource loading. It also
>allows the addition of links on spans that can have hyperlinks.
>It does not include or make reference to the processing of any script
>language, executable code or
>  of any external style sheet or style specification.
>
>
>3.7 Does this specification allow an origin access to a user's location?
>--> NO it doesn't.
>
>3.8 Does this specification allow an origin access to sensors on a
>users device?
>--> NO it doesn't.
>
>3.9 Does this specification allow an origin access to aspects of a
>user©ös local computing environment?
>--> NO it doesn't.
>
>3.10 Does this specification allow an origin access to other devices?
>--> NO it doesn't.
>
>3.11 Does this specification allow an origin some measure of control
>over a user agent©ös native UI?
>--> NO it doesn't.
>
>3.12 Does this specification expose temporary identifiers to the web?
>--> NO it doesn't.
>
>3.13 Does this specification distinguish between behavior in first-party
>and third-party contexts?
>--> NO it doesn't.
>
>3.14 How should this specification work in the context of a user agent's
>"incognito" mode?
>--> This specification has no impact on any incognito mode since the
>answer to all the questions about exposing details to origins are "No".
>
>3.15 Does this specification persist data to a user's local device?
>--> User agents may choose to cache referenced external resources; this
>implementation detail is not covered by this specification and the
>specification makes no explicit requirement for caching or non-caching
>of any external resource.
>
>3.16 Does this specification have a "Security Considerations" and
>"Privacy Considerations" section?
>--> YES it does, see
>
>https://www.w3.org/TR/ttml2/#security-and-privacy

>
>3.17 Does this specification allow downgrading default security
>characteristics?
>--> NO it doesn't.
>
>
>
>[1] TTML2 latest version https://www.w3.org/TR/ttml2/

>[2] TTML1 Recommendation https://www.w3.org/TR/ttml1/

>[3] W3C Process https://www.w3.org/2017/Process-20170301/

>[4] Horizontal Review
>https://www.w3.org/Guide/Charter.html#horizontal-review

>[5] https://www.w3.org/TR/security-privacy-questionnaire

>[6] https://www.w3.org/TR/2017/WD-ttml2-20170630/ttml2-changes.html

>
>
>On behalf of Nigel Megitt, co-Chair, W3C Timed Text Working Group
>Thierry Michel, Staff Contact for TTWG.



-----------------------------
http://www.bbc.co.uk

This e-mail (and any attachments) is confidential and
may contain personal views which are not the views of the BBC unless specifically stated.
If you have received it in
error, please delete it from your system.
Do not use, copy or disclose the
information in any way nor act in reliance on it and notify the sender
immediately.
Please note that the BBC monitors e-mails
sent or received.
Further communication will signify your consent to
this.
-----------------------------
Received on Thursday, 27 July 2017 14:47:20 UTC

This archive was generated by hypermail 2.3.1 : Thursday, 5 October 2017 18:24:41 UTC