Re: [review] Performance API's, Security and Privacy from Ilya Grigorik on 2016-06-01 (public-webappsec@w3.org from June 2016)

From: Ilya Grigorik <igrigorik@gmail.com>
Date: Wed, 1 Jun 2016 13:56:47 -0700
To: Brad Hill <hillbrad@gmail.com>
Cc: Wendy Seltzer <wseltzer@w3.org>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Todd Reifsteck <toddreif@microsoft.com>, Philippe Le Hégaret <plh@w3.org>
Message-ID: <CAKRe7JGGN7cLBBPiV9ic-bZSGCTc5PcWRyYDa4eJH=w3bGbAcA@mail.gmail.com>

Wendy: thanks! Followed up on GitHub.

Brad: yep, thanks, will do.

On Tue, May 31, 2016 at 3:50 PM, Brad Hill <hillbrad@gmail.com> wrote:

> Ilya,
>
> I suggest you also send this request to public-privacy@w3.org for review
> of the privacy aspects by the Privacy Interest Group and additionally
> solicit the Web Security Interest Group at public-web-security@w3.org for
> security review.
>
> thanks,
>
> Brad
>
> On Tue, May 31, 2016 at 2:42 PM Wendy Seltzer <wseltzer@w3.org> wrote:
>
>> Thanks for the ping. I opened a couple issues and an editorial PR.
>>
>> --Wendy
>>
>> On 05/31/2016 04:14 PM, Ilya Grigorik wrote:
>> > Forgot to mention. If you have any feedback, or spot any issues, please
>> > open an issue on GitHub:
>> > https://github.com/w3c/perf-security-privacy/issues
>> >
>> > thanks!
>> >
>> > *p.s. fixed a bunch of grammar and spelling issues -- thanks for
>> catching
>> > those!*
>> >
>> > On Wed, May 25, 2016 at 10:36 AM, Ilya Grigorik <igrigorik@gmail.com>
>> wrote:
>> >
>> >> Hey all.
>> >>
>> >> Would love to hear any thoughts or comments on a note we've been
>> working
>> >> on over at webperf (for motivation, see [1]):
>> >>
>> >> "The fact that something is possible to measure, and may even be highly
>> >> desirable and useful to expose to developers, does not meant that it
>> can be
>> >> exposed as runtime JavaScript API in the browser, due to various
>> privacy
>> >> and security constraints. The goal of this document is to explain why
>> that
>> >> is the case, and to provide guidance for what needs to be considered
>> when
>> >> making or evaluating a proposal for such APIs."
>> >>
>> >> https://w3c.github.io/perf-security-privacy/
>> >>
>> >> ig
>> >>
>> >> [1]
>> https://lists.w3.org/Archives/Public/public-web-perf/2016Apr/0010.html
>> >>
>> >
>>
>>
>> --
>> Wendy Seltzer -- wseltzer@w3.org +1.617.715.4883 (office)
>> Policy Counsel and Domain Lead, World Wide Web Consortium (W3C)
>> https://wendy.seltzer.org/        +1.617.863.0613 (mobile)
>>
>>
>>

Received on Wednesday, 1 June 2016 20:58:01 UTC