DeviceOrientation Event Specification 2024-01-29 > 2024-02-29

name of spec to be reviewed: DeviceOrientation Event Specification
URL of spec: https://www.w3.org/TR/orientation-event/
Does your document have an in-line Security Considerations section, ideally one separate from the Privacy Considerations? If not, corrrect that before proceeding further. https://www.w3.org/TR/orientation-event/#security-and-privacy
What and when is your next expected transition? A new CR Snapshot expected in March 2024
What has changed since any previous review? https://www.w3.org/TR/orientation-event/#changes
Please point to the results of your own self-review https://github.com/w3c/deviceorientation/blob/main/security-privacy-self-assessment.md
Where and how to file issues arising? https://github.com/w3c/deviceorientation/issues
Pointer to any explainer for the spec? https://w3c.github.io/motion-sensors/

Other comments:

This spec initially reached CR in August 2016 (history) and was retired in 2017 due to the Geolocation WG closure. In 2019 DAS WG adopted this spec and during 2019-2024 made substantial interoperability, test automation, privacy and editorial improvements as outlined in the changes section.

These changes since the previous CR Snapshot from 2016 align the specification with widely available implementations, improve interoperability including testability, and add new features for enhanced privacy protections.

For security, notably changes include the added requestPermission() method, added [SecureContext] gating to all API surfaces, making of security and privacy considerations normative and added Permissions Policy integration.

The Security and Privacy Self-Review Questionnaire self-assessment expands on a few areas that may benefit from your comment and review prior to our expected publication. Feedback on other aspects is also welcome.

Thank you for your security review!

w3c / security-request

DeviceOrientation Event Specification 2024-01-29 > 2024-02-29 #63