New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Complete Security and Privacy section #257
Changes from 3 commits
fad91a1
d3bdd76
223c622
014cebc
20d5590
f772d29
0632789
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -2360,7 +2360,6 @@ <h3> | |
<h2> | ||
Security and privacy considerations | ||
</h2> | ||
<div class="issue" data-number="45"></div> | ||
<h3> | ||
Personally identifiable information | ||
</h3> | ||
|
@@ -2373,6 +2372,15 @@ <h3> | |
However, this information is also dependent on the user's local network | ||
context, so the risk is minimized. | ||
</p> | ||
<p> | ||
The API enables <a href= | ||
"#monitoring-the-list-of-available-presentation-displays">monitoring | ||
the list of available presentation displays</a>. How the user agent | ||
determines the compatibility and availability of a presentation display | ||
with a given URL is an implementation detail. This feature can be used | ||
to probe information about DIAL applications the user has installed on | ||
the presentation display without user interaction. | ||
</p> | ||
<h3> | ||
Cross-origin access | ||
</h3> | ||
|
@@ -2497,10 +2505,12 @@ <h3> | |
The set of presentations known to the user agent should be cleared when | ||
the user requests to "clear browsing data." | ||
</p> | ||
<div class="issue"> | ||
The spec should clarify what is to happen to the set of known | ||
presentations in "incognito" (private browsing context) mode. | ||
</div> | ||
<p> | ||
When in private browsing mode ("incognito"), the set of presentations | ||
known to the user agent must be initially empty, and all state | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I think this needs to be more specific - are we making a requirement of the controlling or receiving user agent? What if I start a presentation from a non-incognito context - would I be allowed to connect to it from an incognito context (similar to connecting to it from another device)? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I recalled the receiving UA to be de facto in incognito, but notice that is not specified. Thus I was thinking controlling UA here initially. Now I realize this needs to be clarified. Feel free to amend the PR. Re session started from non-incognito, then connected to from incognito. Wouldn't it be bad UX to deny this? How about asking the UA to explain to the user incognito in such a case may not work as expected? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Updated the PR to clarify that this applies to the controlling user agent. I think stating that there are no presentation connections inherited from the existing (non-incognito) session is the right assertion. If the user explicitly creates a connection via Updated the wording to try to capture this. |
||
associated with the browsing session must be made unavailable after the | ||
session terminates. | ||
</p> | ||
<h3> | ||
Messaging between presentation connections | ||
</h3> | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe,
Also, add a reference for DIAL?
http://www.dial-multiscreen.org/
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good suggestion. Please feel free to update the PR.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.