Port Security & Privacy considerations from docs/#181
Open
johannhof wants to merge 1 commit into
Open
Conversation
Contributor
Author
|
@victorhuangwq heads up - I discussed with @domfarolino that it would make sense to move this over, given that we've received feedback in various places that it isn't straightforward to find the S&P considerations. |
Contributor
|
I think just moving over the port for now and then land other major changes in separate PRs make sense. Thanks! |
This is a relatively straightforward and direct port of the existing privacy and security considerations doc (docs/security-privacy-considerations.md) to the spec, in the hopes of making it easy to review and avoid repeating lengthy discussions on this text. I have removed various sections that feel out of place in a spec, such as "Next Steps" and "Open Questions" (both were not very substantive so I think it's fine to leave them removed). I've also made minor modifications based on a quick review of the content to make sure it makes sense in the context of the spec. Finally, I've added a section for cross-origin boundaries considerations that we should use to describe risks in exposing tools across different origins and how developers can utilize features such as the permissions policy to keep their users safe.
johannhof
force-pushed
the
spec-security-privacy-considerations
branch
from
cb27898 to
aa654b6
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This is a relatively straightforward and direct port of the existing privacy and security considerations doc (docs/security-privacy-considerations.md) to the spec, in the hopes of making it easy to review and avoid repeating lengthy discussions on this text.
I have removed various sections that feel out of place in a spec, such as "Next Steps" and "Open Questions" (both were not very substantive so I think it's fine to leave them removed).
I've also made minor modifications based on a quick review of the content to make sure it makes sense in the context of the spec.
Finally, I've added a section for cross-origin boundaries considerations that we should use to describe risks in exposing tools across different origins and how developers can utilize features such as the permissions policy to keep their users safe.
Preview | Diff