Re: Request for security and privacy review of the Geolocation API Specification

Magnus Nyström did this review and filed several issues at 
https://github.com/w3c/geolocation-api/issues.  Thank you, Magnus.

Others are welcome to chime in also.  While I'm recruiting individuals 
to look at specs in some depth, more eyes are most welcome.

-- Sam


On 6/23/20 11:26 PM, Fuqiao Xue wrote:
> Hi,
> 
> The Devices and Sensors WG plans to publish a new REC of the Geolocation 
> API Specification and requests a security and privacy review. Here's the 
> current ED:
> 
>     https://w3c.github.io/geolocation-api/
> 
> This specification defines an API that provides scripted access to 
> geographical location information associated with the hosting device. It 
> is now maintained by the Devices and Sensors WG, and contains the 
> following substantive changes since the last REC:
> 
>     - Now Controlled by feature policy
>     - Fixed confusion around callback interfaces not being an EventHandler
>     - Only expose the API in SecureContexts
>     - Renamed the interfaces and dictionaries + removal of 
> [NoInterfaceObject] + [SameObject] annotation on geolocation attribute
> 
> (Note that the DAS WG is also working on a new API based on the Generic 
> Sensor API: https://w3c.github.io/geolocation-sensor/ )
> 
> Here's a link to the Security and privacy considerations section: 
> https://w3c.github.io/geolocation-api/#security
> 
> Please file issues at
> https://github.com/w3c/geolocation-api/issues
> 
> Thanks,
> 
> Fuqiao
> 

Received on Tuesday, 11 August 2020 23:15:06 UTC