anssiko
commented
4 months ago @darktears please check that the iframe-related bits reflect the latest in https://github.com/w3c/device-posture/issues/111 and propose changes as appropriate. I added an inline issue link for that in https://github.com/w3c/device-posture/pull/145/commits/9548e1e3b6deb3047a32444c282c14da7eea8f16 to bring this to the attention of privacy reviewers. Note I proposed to rename the section from "iframes" to "cross-origin iframes", while this applies to same-origin iframes equally. This was to highlight the cross-origin-ness that is of particular interest to privacy reviewers.
More generally, my expectation here is the specification as of now matches the ongoing Origin Trial feature scope. With the trial experience and feedback we're in a better position to make an informed decisions wrt iframe exposure and any other design aspects. I'm looking to initiate a PING review soon, so want to incorporate all information relevant to the reviewers in this privacy considerations section. I will also provide the self-assessment as an additional input. Please also check that resource is up to date.
Preview | Diff