-
Notifications
You must be signed in to change notification settings - Fork 59
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[meta] Wide review tracker #299
Comments
@dontcallmedom and @xfq, below I drafted a proposal for the wide review announcement to be sent to [email protected] using the RfC Template, please take a look:
In addition, my plan is to tailor separate wide review request mails or GitHub issues based on the above to the following (horizontal) groups indicating the focus areas of the wide review for each (inspired by the das-review proposal and previous wide review request): Overall design and integration in the platform, draft review request at #319
Some specific questions:
|
re reaching out to other potential groups, I suggest sending a mail to [email protected] as well - this serves as a catch-all for any group we might not have identified as relevant. +1 on using the TR draft URL for these review requests re subject line, I would say "s/Generic Sensor API/Sensor APIs", but otherwise LGTM +1 on keeping the mail short (i.e. no need to include background) - that said, we had mentioned including a reference to the motion sensor explainer as well to help reviewers |
Thanks @dontcallmedom, I will Bcc [email protected] in the mail sent to [email protected]. I updated the proposal per your feedback, added Motion Sensor Explainer and Sensor Use Cases document as "Informative background material (not in scope of the wide review)". |
I think "2014 Process" should be "2017 Process". |
@xfq, thanks! Fixed. The "2014 Process" part was inherited from the RfC template. Someone from W3C Staff should update it accordingly. I observe that neither the 2014 nor 2017 W3C Process document defines the term "pre-CR", also inherited from the RfC Template. It is defined only in https://www.w3.org/wiki/DocumentReview#Terminology_and_Abbreviations AFAICT. And that's what we reference in the wide review request proposal. |
All wide review requests have now been sent. I suggest we leave this meta issue open to track feedback received. |
The wide review period has ended. The group received feedback from the TAG, Security IG and Privacy IG, see #299 (comment) On the 11 Jan 2018 teleconference @alexshalamov and @pozdnyakov volunteered to start address the feedback. |
This is a summary of the proposed changes made to the specs in scope of this wide review based on TAG feedback at w3ctag/design-reviews#207. Here's how to read this response:
Official TAG review[Responses to the official TAG review feedback below.]
The objects are not singular. Different The default sensor concept https://w3c.github.io/sensors/#default-sensor allows this future extensibility:
See above. Already as of today, e.g. WebVR/XR [Device] API could use https://w3c.github.io/orientation-sensor/#orientationsensor-interface as a drop in placement and hook into the https://w3c.github.io/orientation-sensor/#construct-an-orientation-sensor-object The same applies to the Gamepad API. Research papers published on the topic indicate that by throttling the frequency, risks of successful attacks are not fully eliminated, while throttling may greatly affect usefulness of a web application with legitimate reasons to use the sensors. This is noted in https://w3c.github.io/accelerometer/#security-and-privacy
The spec already provides an extension point for implementations to do that by hooking into the Permissions API, see https://w3c.github.io/sensors/#request-sensor-access Other comments in the TAG review issue[Responses to the other comments made in the TAG review issue.]
These threats are Ambient Light Sensor specific per privacy expert review, and the concerns are noted in https://w3c.github.io/ambient-light/#security-and-privacy
Proposed changes: #347
Checks prior to
Generic Sensor API reuses
Generic Sensor API identifies a generic threat user identification which this is a special case of, see https://w3c.github.io/sensors/#user-identifying. Proposed changes: w3c/ambient-light#49 If there's a reference to a related paper or proof of concept that discusses this attack we'd like to reference it from the spec.
Generic Sensor API identifies device fingerprinting attack vector: Proposed changes: w3c/ambient-light#49
Proposed changes:
Keystroke monitoring attack vector is identified in the Generic Sensor API: https://w3c.github.io/sensors/#keystroke-monitoring Proposed changes: w3c/magnetometer#41
Proposed changes: #353 Security questionnaire comments[Responses to the questions regarding security questionnaire responses, specifically 3.5, 3.12 and 3.13.]
All sensor specifications conform to the same-origin policy.
The security questionnaire is concerned of explicit identifiers such as “TLS features like Channel ID, session identifiers/tickets” and as such it seems sensor readings would not be considered such identifiers.
According to the security questionnaire this question is applicable to the IETF Internet-Draft 6265 https://tools.ietf.org/html/draft-west-first-party-cookies-07 handled on the HTTP level. Proposed changes: #349
The group thinks this is a quality of implementation issue. Implementers are made aware of all known security and privacy issues in https://w3c.github.io/sensors/#security-and-privacy and for sensor-specific issues in respective concrete sensor specs to be able to make an informed decision in terms of maximum allowed frequency to satisfy their product requirements while ensuring their users’ security and privacy protection.
This is a generic concern that applies to any feature on the platform that has variance across implementations. The concern has been noted in https://w3c.github.io/sensors/#device-fingerprinting |
Per F2F resolution, the group will start the process to re-publish Generic Sensor API, Accelerometer, Gyroscope, and Orientation Sensor as Candidate Recommendations. As a prerequisite for re-publishing CRs, we must ask for wide review for the substantial delta since previous wide review. The proposal is to seek review from the following groups (in separate mails i.e. no crossposting):
Proposed Request for Comments mail:
Cc @xfq @reillyeon |
Wide review request mails have now been sent and the respective TAG issue has been notified. Deadline for comments was set as 2019-11-14. |
Wide review ended with no concerns. A paper trail at #299 (comment) Other feedback received from PING #396 #397 is being addressed by #400. Although this feedback goes beyond the requested wide review scope, I suggest we incorporate these proposed changes into the Generic Sensor API spec before we publish a revised CR. I'm working with @xfq and @reillyeon to get the revised CRs published at the earliest opportunity. |
All wide review feedback has been addressed and CR transition request w3c/transitions#189 submitted. |
As a requirement for publishing a specification as a Candidate Recommendation, the group:
To satisfy this requirement, we use this tracker issue as an evidence that wide review from horizontal groups has been received.
Scope
Use RfC Template.
Horizontal groups
Work through the Privacy Checklist (optional)Internationalization(not applicable)Work through the i18n ChecklistOpen a review request at https://github.com/w3c/i18n-activity/issues/Accessibility(not applicable)Work through the a11y Questionnaire and a11y ChecklistSend a review request to [email protected]Other groups
Other W3C Groups that have interactions with this work:
References:
The text was updated successfully, but these errors were encountered: