Re: [w3ctag/design-reviews] Extending the PointerEvent with Unique DeviceId Attribute (Issue #880) from Sahir Vellani on 2023-07-28 (public-webapps-github@w3.org from July 2023)

From: Sahir Vellani <notifications@github.com>
Date: Fri, 28 Jul 2023 11:45:58 -0700
To: w3ctag/design-reviews <design-reviews@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3ctag/design-reviews/issues/880/1656176336@github.com>

> 01.  What information does this feature expose, and for what purposes?
It exposes a mapped device id of pen devices in a pointer event, for the purpose of identifying that hardware for the document session. A use case is multi-pen input on one device at the same time, and assigning a different color to each pen.
> 02.  Do features in your specification expose the minimum amount of information necessary to implement the intended functionality?
Yes
> 03.  Do the features in your specification expose personal information, personally-identifiable information (PII), or information derived from either?
No personal information or PII is exposed, only the fact that a user is using a pen device and how many pens they use.
> 04.  How do the features in your specification deal with sensitive information?
Sensitive information like the hardware id are not exposed.
> 05.  Do the features in your specification introduce state that persists across browsing sessions?
No.
> 06.  Do the features in your specification expose information about the underlying platform to origins?
No.
> 07.  Does this specification allow an origin to send data to the underlying platform?
No.
> 08.  Do features in this specification enable access to device sensors?
No.
> 09.  Do features in this specification enable new script execution/loading mechanisms?
No.
> 10.  Do features in this specification allow an origin to access other devices?
No.
> 11.  Do features in this specification allow an origin some measure of control over a user agent's native UI?
No.
> 12.  What temporary identifiers do the features in this specification create or expose to the web?
A device id.
> 13.  How does this specification distinguish between behavior in first-party and third-party contexts?
Same as pointer events.
> 14.  How do the features in this specification work in the context of a browser’s Private Browsing or Incognito mode?
No change.
> 15.  Does this specification have both "Security Considerations" and "Privacy Considerations" sections?
Yes.
> 16.  Do features in your specification enable origins to downgrade default security protections?
No.
> 17.  What happens when a document that uses your feature is kept alive in BFCache instead of getting destroyed) after navigation, and potentially gets reused on future navigations back to the document?
The device Id's would not be reset; in chromium they are assigned a value from 2 onwards, with the first device to interact getting 2.
> 18.  What happens when a document that uses your feature gets disconnected?
No change.
> 19.  What should this questionnaire have asked?

-- 
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/880#issuecomment-1656176336
You are receiving this because you are subscribed to this thread.

Message ID: <w3ctag/design-reviews/issues/880/1656176336@github.com>

Received on Friday, 28 July 2023 18:46:04 UTC