Web Neural Network API 2022-03-25 > 2022-06-30

[anssiko]

In the issue title above add the document name followed by the date of this request, then the date of your proposed deadline for comments.

• name of spec to be reviewed: Web Neural Network API

• URL of spec: https://www.w3.org/TR/webnn/

• Does your document have an in-line Security Considerations section, separate from Privacy Considerations?

  • yes, see Security Considerations

• What and when is your next expected transition?

  • We expect to transition to CR by the end of 2022

• What has changed since any previous review?

  • This is the first security review request in this repo. The specification has received Chrome security team review during 12/2021-03/2022 and this review feedback has been incorporated into Security Considerations

• Please point to the results of your own self-review:

  • questionnaire responses and discussion

• Where and how to file issues arising?

  • w3c/webnn issues

• Pointer to any explainer for the spec?

  • explainer

Other comments:

• The group is working to address the in-line issues noted in the Security Considerations and address the security-tracker issues well ahead the expected CR transition

[anssiko]

@samuelweiler FYI, if helpful to security reviewers, I'm happy to put this topic on the WebML WG's agenda and invite security reviewers to attend as guests. We meet bi-weekly 04:00-05:00 UTC. We're also totally fine with the usual file issues to GH approach. Just wanted to offer an alternative option if whoever will be reviewing this would prefer synchronous interaction over GH.

[anssiko]

@samuelweiler, given there has been adequate time for review and no further questions, I assume we can consider this review completed.

As said in the initial request, this specification received substantial review from Chrome Security team during 12/2021-03/2022 that resulted in improved Security Considerations section. The WG decided to prominently surface related open issues in this section and is working toward solutions to these remaining issues.

[samuelweiler]

That's fine, yes.

[anssiko]

@samuelweiler thank you for confirming the security review of the WebNN API has been completed. The WG's wide review tracker https://github.com/webmachinelearning/webnn/issues/239 has been updated accordingly. Should any further feedback arise out of this review cycle, we welcome feedback via the GH repo issues.

[anssiko]

NB: I'm piggypacking on this issue to retain context rather than opening a new issue.

We're looking to publish a new CR Snapshot of the Web Neural Network API in Q1'24 and wanted to give you a heads up with the following high-level summary of changes for your information and review:

Since the initial Candidate Recommendation Snapshot the Working Group has gathered further implementation experience and added new operations and data types needed for well-known transformers to support generative AI use cases. In addition, the group has removed select features informed by this implementation experience: higher-level operations that can be expressed in terms of lower-level primitives in a performant manner, and support for synchronous execution. The group has also updated the specification to use modern authoring conventions to improve interoperability and precision of normative definitions and is developing a new feature, a backend-agnostic storage type, to improve performance and interoperability between the WebNN, WebGPU APIs and purpose-built hardware for ML.

Relevant to this security review forum, I want to acknowledge the continued, major contributions by the Chrome Security team in reviewing the cross-platform and cross-backend implementation of this API. This has resulted in hardening of the normative spec language around operations to guide implementers. We welcome any feedback from people watching this repo and welcome you to join the Web Machine Learning WG if you're interested in contributing to this API concretely.