From ae7840d0923a63703e8a45810b4ea09d856f3ed5 Mon Sep 17 00:00:00 2001 From: Peter Thatcher Date: Fri, 18 Oct 2019 11:27:59 -0700 Subject: [PATCH 1/2] Add security and privacy questionaire --- security-privacy-questionaire.md | 97 ++++++++++++++++++++++++++++++++ 1 file changed, 97 insertions(+) create mode 100644 security-privacy-questionaire.md diff --git a/security-privacy-questionaire.md b/security-privacy-questionaire.md new file mode 100644 index 00000000..de673975 --- /dev/null +++ b/security-privacy-questionaire.md @@ -0,0 +1,97 @@ +# WebCodecs - Security and Privacy Questionnaire + +This document answers the [W3C Security and Privacy +Questionnaire](https://www.w3.org/TR/security-privacy-questionnaire/) for the +WebCodecs specification. + +Last Update: 2019-10-18 + +**2.1. What information might this feature expose to Web sites or other parties, and for what purposes is that exposure necessary?** + +This feature may expose additional information about what media a user agent is +capable of encoding or decoding. Such information is largely already available +through other media APIs such as MediaRecorder, Media Source Extensions, WebRTC, +and Media Capabilities, but lower-level media APIs, such as this one may subtly +expose more information or make it easier to obtain the same information. For +example, this feature may expose timing information about how long media takes +to encode and/or decode. + +This is a necessary part of exposing a lower-level API that provides more direct +control. + + +**2.2. Is this specification exposing the minimum amount of information necessary to power the feature?** + +Yes. It will only expose information when it is necessary to expose controls. +For example, if a necessary control is added, then it would be easy to derive +whether the user agent is capable of supporting that control by attempting to +use it and seeing if it fails. + +**2.3. How does this specification deal with personal information or personally-identifiable information or information derived thereof?** + +There is no PII involved. + +**2.4. How does this specification deal with sensitive information?** + +It will avoid exposing information about the user's hardware, operating system, +etc, such as model names of hardware decoders or versions of software encoder +implementations. + +**2.5. Does this specification introduce new state for an origin that persists across browsing sessions?** + +No. + +**2.6. What information from the underlying platform, e.g. configuration data, is exposed by this specification to an origin? If so, is the information exposed from the underlying platform consistent across origins? This includes but is not limited to information relating to the user configuration, system information including sensors, and communication methods.** + +As noted above, it may indirectly expose what the underlying platform is capable +of (which is largely possible already), but such information would be consistent +across origins and owuld not be related to user configuration. + +**2.7. Does this specification allow an origin access to sensors on a user's device?** + +No. + +**2.8. What data does this specification expose to an origin? Please also document what data is identical to data exposed by other features, in the same or different contexts.** + +As noted above, it exposes information about what a platform is capable of in +terms of encoding and decoding, which is already possible via other media APIs +such as MediaRecorder, Media Source Extensions, WebRTC, and MediaCapabilities, +but may subtly expose more information such as more specific timing information. + +**2.9. Does this specification enable new script execution/loading mechanisms?** + +No. + +**2.10. Does this specification allow an origin to access other devices?** + +No. + +**2.11. Does this specification allow an origin some measure of control over a user agent's native UI?** + +No. + +**2.12. What temporary identifiers might this this specification create or expose to the web?** + +None. + +**2.13. How does this specification distinguish between behavior in first-party and third-party contexts?** + +The specificiation does not distinguish between 1st and 3rd party. + +**2.14. How does this specification work in the context of a user agent's Private Browsing or "incognito" mode?** + +The specification behaves in the same way. + +**2.15. Does this specification have a "Security Considerations" and "Privacy Considerations" section?** + +Not yet, as the specification hasn't been formally written. When it is written, +it should careful consider what new information is available that was not +already available with existing media APIs. + +**2.16. Does this specification allow downgrading default security characteristics?** + +No. + +**2.17. What should this questionnaire have asked?** + +No comment. From 3e6bac0d4841b7552c619d6559c7df2eb08a972c Mon Sep 17 00:00:00 2001 From: Peter Thatcher Date: Fri, 18 Oct 2019 11:38:19 -0700 Subject: [PATCH 2/2] Spell questionnaire correctly. --- ...y-privacy-questionaire.md => security-privacy-questionnaire.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename security-privacy-questionaire.md => security-privacy-questionnaire.md (100%) diff --git a/security-privacy-questionaire.md b/security-privacy-questionnaire.md similarity index 100% rename from security-privacy-questionaire.md rename to security-privacy-questionnaire.md