Fwd: Consolidating PING Privacy Guidance from Samuel Weiler on 2018-07-10 (www-tag@w3.org from July 2018)

From: Samuel Weiler <weiler@w3.org>
Date: Tue, 10 Jul 2018 13:56:16 -0400
To: www-tag@w3.org
Cc: Christine Runnegar <runnegar@isoc.org>
Message-ID: <20f75286-7fa6-3ecb-54b8-3e97415f99d2@w3.org>

Colleagues of the TAG,

What progress have you made in consolidating our security and privacy 
guidance and questionaires?  What would be most helpful to you in moving 
that project along?

The ever-helpful Jason Novak (Apple) and Nick Doty (Berkeley) dug up a 
list of _nine_ such documents.  Christine Runnegar (Privacy IG co-chair) 
and I have allocated some cycles for this topic this coming Saturday, 
and I want to make sure that what we do supports (and doesn't duplicate 
or hinder!) work you already have in process.

-- Sam




---------- Forwarded message ----------
From: *Jason A. Novak* <jnovak@apple.com <mailto:jnovak@apple.com>>
Date: Mon, Jul 2, 2018 at 12:46 PM
Subject: Consolidating PING Privacy Guidance
To: Tara Whalen <tjwhalen@gmail.com <mailto:tjwhalen@gmail.com>>, 
Christine Runnegar <runnegar@isoc.org <mailto:runnegar@isoc.org>>
Cc: Nick Doty <npdoty@ischool.berkeley.edu 
<mailto:npdoty@ischool.berkeley.edu>>


Hi Tara and Christine -

Nick and I were working through the Gamepad API action items from the 
last call, and, in doing so, realized that we had 9 different documents 
that we could folks to as they develop their specifications:

     https://www.w3.org/wiki/Privacy/Privacy_Considerations
     <https://www.w3.org/wiki/Privacy/Privacy_Considerations>
     https://www.w3.org/TR/security-privacy-questionnaire/
     <https://www.w3.org/TR/security-privacy-questionnaire/>
     https://www.w3.org/TR/fingerprinting-guidance/
     <https://www.w3.org/TR/fingerprinting-guidance/>
     https://w3c.github.io/privacy-considerations/
     <https://w3c.github.io/privacy-considerations/>
     http://yrlesru.github.io/SPA/
     https://cdn.rawgit.com/w3c/ping/master/privacy-questions.html
     <https://cdn.rawgit.com/w3c/ping/master/privacy-questions.html>
     https://www.w3.org/wiki/Privacy_and_security_questionnaire
     <https://www.w3.org/wiki/Privacy_and_security_questionnaire>
     https://gnorcie.github.io/ping-privacy-questions/
     <https://gnorcie.github.io/ping-privacy-questions/>
     https://w3ctag.github.io/security-questionnaire/
     <https://w3ctag.github.io/security-questionnaire/>


There appears to be a lot of overlap between them and there’s not a 
clear “this document is the one to follow” — while the TAG one certainly 
is the most “definitive”, it also hasn’t been updated since 2015.

I think that at TPAC last fall, we had a discussion about consolidating 
these documents and issuing an update.  Can we put that on the agenda 
for the next PING call?

Thanks!
Jason

Received on Tuesday, 10 July 2018 17:56:21 UTC