Re: Privacy and security

Hi Igarashi-san,

Le 15/12/2015 07:34, Igarashi, Tatsuya a écrit :
>
> Hi,
>
> How about this paragraph about Privacy & Security requirements ?
>
> The API layer will meet the usual requirements of the Web runtime, 
> including privacy and security requirements. Specifically, the user 
> must always be in control of privacy-sensitive information that may be 
> conveyed through the APIs, such as the rendering of tuner output, or 
> channel configurations. In addition, the user must be able to browse 
> the web in secure way, including any functionality of tuners related 
> to TV services from third parties.
>

Thanks for the clarification. Now I understand the specific point that 
you wanted to make. Given the specific context, it seems a good idea to 
be explicit. I included the suggested text in the latest draft charter. 
I took the liberty to re-order words, hopefully so that the sentence 
reads even better.

I also followed your suggestion to drop the possibility to define a 
second level of conformance from the draft charter (and dropped the 
liaison with the Auto WG which I had added in the meantime and which was 
motivated by the need to discuss a different runtime):
  https://github.com/w3c/charter-drafts/commit/059563afd15a7587988f01b72e2bdd11dbd6c27c

Dropping this second level altogether may entail more work to address 
security/privacy issues for some of the features exposed by the API. I 
would say it is a good thing otherwise, be it only because it would 
avoid having to agree on what the second runtime could look like, 
something that has proven hard to achieve in the SysApps WG for instance.

I invite interested parties to evaluate this possibility and provide 
feedback on this specific update, as needed:
https://w3c.github.io/web-nfc/charter/

Francois.

Received on Tuesday, 15 December 2015 15:29:31 UTC