diff --git a/WritingSuggestions/tag-security-privacy-writingsuggestions.md b/WritingSuggestions/tag-security-privacy-writingsuggestions.md new file mode 100644 index 00000000..46aa0bed --- /dev/null +++ b/WritingSuggestions/tag-security-privacy-writingsuggestions.md @@ -0,0 +1,97 @@ +### Questions from https://www.w3.org/TR/security-privacy-questionnaire/ + +## 2. Questions to Consider + +### 2.1. What information might this feature expose to Web sites or other parties, and for what purposes is that exposure necessary? + +None. + +### 2.2. Do features in your specification expose the minimum amount of information necessary to enable their intended uses? + +Yes. + +### 2.3. How do the features in your specification deal with personal information, personally-identifiable information (PII), or information derived from them? + +No PII or any information derived from them is exposed via this API. + +### 2.4. How do the features in your specification deal with sensitive information? + +This feature doesn't deal with any sensitive information. + +### 2.5. Do the features in your specification introduce new state for an origin that persists across browsing sessions? + +No. + +### 2.6. Do the features in your specification expose information about the underlying platform to origins? + +No. + +### 2.7. Does this specification allow an origin to send data to the underlying platform? + +No. + +### 2.8. Do features in this specification enable access to device sensors? + +No. + +### 2.9. Do features in this specification enable new script execution/loading mechanisms? + +No. + +### 2.10. Do features in this specification allow an origin to access other devices? + +No. + +### 2.11. Do features in this specification allow an origin some measure of control over a user agent’s native UI? + +No. + +### 2.12. What temporary identifiers do the features in this specification create or expose to the web? + +None. + +### 2.13. How does this specification distinguish between behavior in first-party and third-party contexts? + +This feature does not have behavioral differences between first and third party contexts. + +### 2.14. How do the features in this specification work in the context of a browser’s Private Browsing or Incognito mode? + +No differences in private browsing or incognito mode. + +### 2.15. Does this specification have both "Security Considerations" and "Privacy Considerations" sections? + +N/A + +### 2.16. Do features in your specification enable origins to downgrade default security protections? + +No. + +### 2.17. How does your feature handle non-"fully active" documents? + +No differences in behavior between active and non-active documents. + +### 2.18. What should this questionnaire have asked? + +N/A + +## 3. Threat Models + +### 3.1. Passive Network Attackers + +No threat. + +### 3.2. Active Network Attackers + +No threat. + +### 3.3. Same-Origin Policy Violations + +No threat. + +### 3.4. Third-Party Tracking + +No threat. + +### 3.5. Legitimate Misuse + +No threat.