security and privacy check list

[himorin]

• [ ] What information might this feature expose to Web sites or other parties, and for what purposes is that exposure necessary?
  • This module defines how Gamepad-style inputs, as defined by the Gamepad spec, should be surfaced in relation to Immersive hardware input, as defined by the WebXR spec. No new information is exposed, and some restrictions are placed on the data the Gamepad spec produces in this context.
• [ ] Do features in your specification expose the minimum amount of information necessary to enable their intended uses?
  • this module removed text ID of gamepad spec. this module adds some restriction to be picked as an input hardware for gamepads module, but the same judgement is possible through checking hardware via gamepad spec
• [ ] How do the features in your specification deal with personal information, personally-identifiable information (PII), or information derived from them?
  • rely on gamepad specification for exposing input device
• [ ] How do the features in your specification deal with sensitive information?
  • rely on gamepad specification for exposing input device
• [ ] Do the features in your specification introduce new state for an origin that persists across browsing sessions?
  • no across sessions
• [ ] Do the features in your specification expose information about the underlying platform to origins?
  • no information to origin
• [ ] Does this specification allow an origin to send data to the underlying platform?
  • No. It only reports device input.
• [ ] Do features in this specification enable access to device sensors?
  • Access to input device with thumbsticks, touchpads, and/or buttons. Restriction in gamepad specification applies
• [ ] Do features in this specification enable new script execution/loading mechanisms?
  • no
• [ ] Do features in this specification allow an origin to access other devices?
  • no
• [ ] Do features in this specification allow an origin some measure of control over a user agent’s native UI?
  • no, just an input device
• [ ] What temporary identifiers do the features in this specification create or expose to the web?
  • no. this module specifically restrict that text ID of gamepad specification to be '' (blank string)
• [ ] How does this specification distinguish between behavior in first-party and third-party contexts?
  • no third-party context
• [ ] How do the features in this specification work in the context of a browser’s Private Browsing or Incognito mode?
  • just act as an input device, restrictions on information exposure are the same
• [ ] Does this specification have both "Security Considerations" and "Privacy Considerations" sections?
  • yes
• [ ] Do features in your specification enable origins to downgrade default security protections?
  • no downgrading
• [ ] How does your feature handle non-"fully active" documents?
  • this module is an input device, no non-fully active

3 Threat Models

[himorin]

@toji, if possible, please cross check on this

[toji]

LGTM! Made a couple of edits for clarity.