Closed anssiko closed 8 months ago
anssiko
commented
9 months ago Please note we're updating 2.13 with more details, amendment under review in https://github.com/w3c/deviceorientation/pull/135
Edit: The PR was merged and the self-review 2.13 updated with the latest information.
anssiko
commented
8 months ago @pes10k we're looking to publish this spec soon, jointly with WebApps WG, and have indicated to horizontal groups our wish to complete the reviews by 2024-02-29. I know you're busy, so I'm happy to report @lknik already contributed to and reviewed Security and Privacy Self-Review Questionnaire https://github.com/w3c/deviceorientation/pull/126 for this spec, a contribution which I consider to be in part also a PING contribution. @lknik wearing many hats happens to be an Invited Expert in the DAS WG too, so we were lucky to capture his contributions early.
lknik
commented
8 months ago Yeah, accidentally I'm a member of DASWG for a while now :-) I consider that this spec is fine.
pes10k
commented
8 months ago Hello @anssiko , we'll be discussing the PING review at our next call on Thursday, March 7th, and so can hopefully close out the PING HR review issue then (depending on the discussion around that review)
plehegar
commented
8 months ago Speaking with my PING team contact hat, the PING will review the specification and, while having others reviewing the specification for privacy is certainly appreciated, it's not a substitute to the PING review.
pes10k
commented
8 months ago @rudametw and myself reviewed this spec, and discussed it with PING on our March 7th call. We did not identify any new issues in the spec, and we really appreciated the group's resolution to the SensorId issue (i.e., rounding all coordinates to the nearest tenth). So I'll close this issue out now.
I wanted to note that we think https://github.com/w3c/deviceorientation/issues/87 needs to be addressed though before the spec moves forward
anssiko
commented
8 months ago Thanks again @pes10k @rudametw and the PING crew for your review!
We're happy to hear the SensorId issue was appropriately handled. It was a lot of work and we couldn't have done that without help from your group.
We discussed https://github.com/w3c/deviceorientation/issues/87 in https://www.w3.org/2024/02/12-dap-minutes.html#t06 and have reached out to implementers to understand what frequency caps are in place currently (not so straight-forward because implementations poll backends).
The WG believes this issue won't block the imminent CR Snapshot refresh, but we'll make sure this issue is addressed satisfactorily prior to the transition to Proposed Rec. I made a note to future self to review this particular issue again with you when we have all the data from implementers and a solution proposal. We believe the CRS will help drive this to a resolution.
I added an inline issue for this, @pes10k PTAL https://github.com/w3c/deviceorientation/pull/144
pes10k
commented
8 months ago @anssiko that looks good, as long as the issue gets resolved before moving to proposed rec, then 👍
name of spec to be reviewed: DeviceOrientation Event Specification
URL of spec: https://www.w3.org/TR/orientation-event/
What and when is your next expected transition? A new CR Snapshot expected in March 2024
What has changed since any previous review? https://www.w3.org/TR/orientation-event/#changes
Does your document have an in-line Privacy Considerations section, ideally one separate from the Security Considerations? https://www.w3.org/TR/orientation-event/#security-and-privacy
Please point to the results of your own self-review https://github.com/w3c/deviceorientation/blob/main/security-privacy-self-assessment.md
Where and how to file issues arising? https://github.com/w3c/deviceorientation/issues
Pointer to any explainer for the spec? https://w3c.github.io/motion-sensors/
Other comments:
This spec initially reached CR in August 2016 (history) and was retired in 2017 due to the Geolocation WG closure. In 2019 DAS WG adopted this spec and during 2019-2024 made substantial interoperability, test automation, privacy and editorial improvements as outlined in the changes section.
These changes since the previous CR Snapshot from 2016 align the specification with widely available implementations, improve interoperability including testability, and add new features for enhanced privacy protections. For privacy, notably changes include the added requestPermission() method, added [SecureContext] gating to all API surfaces, making of security and privacy considerations normative and added Permissions Policy integration.
The Security and Privacy Self-Review Questionnaire self-assessment expands on a few areas that may benefit from your comment and review prior to our expected publication. Feedback on other aspects is also welcome.
Thank you for your privacy review!