msporny
commented
1 month ago I'm going to be participating in SING (once it is chartered), which I expect to take over these security request reviews, and will volunteer to review the W3C Vision document once that group is operational. Since that group doesn't exist yet, and I can't do the review in that capacity, I've performed a review in my capacity as an AC Rep.
Overall, the document is excellent. Thank you for those that have put the time and care into the creation of the document. The language is aligned with what I expect most of the W3C Members (that have been around for a while) believe the W3C is and does.
The document only mentions the word security once, in the context of thorough review, which is probably fine. It also only mentions safety once, and leans more on privacy than security in that reference. If there is no security on the Web, there is no safety and no trust. I'm struggling to think of what more we could say on the matter that wouldn't dive into the details, but the language seems a bit light on the security and safety front at the moment.
I found two other issues that were more concrete that I've already raised on the specification, here:
https://github.com/w3c/AB-public/issues/211 https://github.com/w3c/AB-public/issues/212
name of spec to be reviewed: Vision for W3C
URL of spec: https://www.w3.org/TR/2024/NOTE-w3c-vision-20241018/
Current Rec/Note phase? Note
What and when is your next expected transition? Statement, upon completion of wide and horizontal reviews, and AC vote.
What has changed since any previous review? No previous review.
Please point to the results of your [self-review] No technical security features.
Where and how to file issues arising? https://github.com/w3c/AB-public/issues/ and label "needed for Note" if an issue MUST be resolved before publishing an updated Note, or "needed for Statement" if an issue MUST be resolved before publishing a Statement draft for the AC to vote on.
Pointer to any explainer for the spec? https://www.w3.org/wiki/AB/2025_Priorities#Vision
Other comments:
The minimum horizontal review period of 28 days has been requested. Please feel free to request more time for horizontal review in a comment on this issue.