- From: Léonie Watson <tink@tink.uk>
- Date: Wed, 22 Feb 2017 10:31:32 +0100
- To: Jochen Eisinger <eisinger@google.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
- Cc: Steven Faulkner <sfaulkner@paciellogroup.com>
Thanks for letting me know jochen. Looks like I received and/or misunderstood the advice I was given about pinging people for wide review. Please disregard any other requests I've sent through in recent months. Léonie -- @LeonieWatson tink.uk Carpe diem On 22/02/2017 08:15, Jochen Eisinger wrote: > Hey, > > thanks for answering the security questionnaire! > > The WebAppSec WG, however, is not conducting security reviews for other > WGs - please contact the Web Security IG > instead: https://www.w3.org/Security/wiki/IG > > best > -jochen > > On Mon, Feb 13, 2017 at 1:00 PM Léonie Watson <tink@tink.uk > <mailto:tink@tink.uk>> wrote: > > Hello WebAppSec, > > The WebPlat WG would welcome your review of the ARIA in HTML spec [1], > as we begin preparing for transition to CR. > > We've completed the security/privacy questionnaire (answers below). > > If possible we'd like your comments before 30th April. If this doesn't > look feasible though, let me know? > > We prefer comments to be filed as issues on Github [1], but feel free to > send a summary and/or email pointing to the Github issues to > public-html@w3.org <mailto:public-html@w3.org> (especially if you > have no comments at all). > > Thanks. > Léonie > [1] https://www.w3.org/TR/html-aria/ > [2] https://github.com/w3c/html-aria/issues/ > > Answers to questionnaire: > • 3.1 Does this specification deal with personally-identifiable > information? > ◦ no > > • 3.2 Does this specification deal with high-value data? > ◦ no > > • 3.3 Does this specification introduce new state for an origin that > persists across browsing sessions? > ◦ no > > • 3.4 Does this specification expose persistent, cross-origin state to > the web? > ◦ no > > • 3.5 Does this specification expose any other data to an origin that it > doesn’t currently have access to? > ◦ no > > • 3.6 Does this specification enable new script execution/loading > mechanisms? > ◦ no > > • 3.7 Does this specification allow an origin access to a user’s > location? > ◦ no > > • 3.8 Does this specification allow an origin access to sensors on a > user’s device? > ◦ no > > • 3.9 Does this specification allow an origin access to aspects of a > user’s local computing environment? > ◦ no > > • 3.10 Does this specification allow an origin access to other devices? > ◦ no > > • 3.11 Does this specification allow an origin some measure of control > over a user agent’s native UI? > ◦ no > > • 3.12 Does this specification expose temporary identifiers to the web? > ◦ no > > • 3.13 Does this specification distinguish between behavior in > first-party and third-party contexts? > ◦ no > > • 3.14 How should this specification work in the context of a user > agent’s "incognito" mode? > ◦ N/A > > • 3.15 Does this specification persist data to a user’s local device? > ◦ no > > • 3.16 Does this specification have a "Security Considerations" and > "Privacy Considerations" section? > ◦ no > > • 3.17 Does this specification allow downgrading default security > characteristics? > ◦ no > > -- > @LeonieWatson tink.uk <http://tink.uk> Carpe diem >
Received on Wednesday, 22 February 2017 09:32:08 UTC