Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Links from sec/priv sections back to normative mitigations? #53

Closed
samuelweiler opened this issue Jan 14, 2021 · 2 comments · Fixed by #138
Closed

Links from sec/priv sections back to normative mitigations? #53

samuelweiler opened this issue Jan 14, 2021 · 2 comments · Fixed by #138
Labels
privacy-tracker Group bringing to attention of Privacy, or tracked by the Privacy Group but not needing response. security-needs-resolution Issue the security Group has raised and looks for a response on.

Comments

@samuelweiler
Copy link
Member

Section 8.2 is marked as non-normative summary of "some of the mitigation strategies specified in the normative sections of this specification." Would you add links back to the normative text for each mitigation?

Ideally, please also split security and privacy concerns into separate sections, as requested in the current questionnaire.
@samuelweiler samuelweiler added privacy-tracker Group bringing to attention of Privacy, or tracked by the Privacy Group but not needing response. security-needs-resolution Issue the security Group has raised and looks for a response on. labels Jan 14, 2021
This was referenced Jan 14, 2021
Closed
Closed
@anssiko
Copy link
Member

anssiko commented Feb 5, 2021

I believe this is the informative-to-normative text mapping:

If we want to go more specific than that with these links, would need to add dfns to the algorithm steps.

@samuelweiler does PING have a convention for annotating such informative-to-normative mapping in web specs? Need to be careful to not mix informative and normative text, maybe wrap in a note?

darktears added a commit to darktears/device-posture that referenced this issue Mar 15, 2024
@darktears
More work on the privacy section.
93a00fd 
- Remove the focus part of the spec, it's not implemented anyway.
- Link the IDL section when covering the secure context.
- Link the posture change steps for the visibility part.

Closes w3c#53
@darktears darktears mentioned this issue Mar 15, 2024
Merged
darktears added a commit to darktears/device-posture that referenced this issue Mar 15, 2024
@darktears
More work on the privacy section.
86ffea6 
- Remove the focus part of the spec, it's not implemented anyway.
- Link the IDL section when covering the secure context.
- Link the posture change steps for the visibility part.

Closes w3c#53
darktears added a commit to darktears/device-posture that referenced this issue Mar 15, 2024
@darktears
More work on the privacy section.
315d86e 
- Remove the focus part of the spec, it's not implemented anyway.
- Link the IDL section when covering the secure context.
- Link the posture change steps for the visibility part.

Closes w3c#53
darktears added a commit that referenced this issue Mar 15, 2024
@darktears
More work on the privacy section. (#138)
c9fa5db 
- Remove the focus part of the spec, it's not implemented anyway.
- Link the IDL section when covering the secure context.
- Link the posture change steps for the visibility part.

Closes #53
@darktears
Copy link
Contributor

darktears commented Mar 15, 2024
edited
Loading

With #138 and #132 we did

  • Split the security and privacy sections
  • Make the mitigations strategies normative
  • Linked each of the mitigations to the respective part in the spec that define them.
  • Removed the focused area mitigation. It doesn't seem relevant at the moment provided that the API is less sensible that where it was borrowed from.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
privacy-tracker Group bringing to attention of Privacy, or tracked by the Privacy Group but not needing response. security-needs-resolution Issue the security Group has raised and looks for a response on.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

More work on the privacy section. darktears/device-posture
3 participants
@darktears @anssiko @samuelweiler