RfC: wide review of Sensor APIs Pre-CR WDs

# Kostiainen, Anssi (4 days ago)

WG,

The Device and Sensors Working Group requests review of the following specification before 2017-12-31:

Generic Sensor API www.w3.org/TR/generic-sensor

Including the following concrete sensor specifications that extend the Generic Sensor API:

Ambient Light Sensor www.w3.org/TR/ambient-light

Accelerometer www.w3.org/TR/accelerometer

Gyroscope www.w3.org/TR/gyroscope

Magnetometer www.w3.org/TR/magnetometer

Orientation Sensor www.w3.org/TR/orientation-sensor

Informative background material (not in scope of the wide review):

Motion Sensors Explainer w3c.github.io/motion-sensors

Sensor Use Cases w3c.github.io/sensors/usecases

In particular the group requests review of the use of Permissions, Feature Policy, and Secure Contexts specifications.

The group requests feedback via the respective specifications' GitHub repositories, or via email to public-device-apis@w3.org.

These publications are Pre-Candidate Recommendation Drafts under the 2017 Process [1]. Therefore, the group is looking for confirmation that it has satisfied its relevant technical requirements and dependencies with other groups.

Thanks,

-Anssi (Device and Sensors WG Chair)

[1] www.w3.org/wiki/DocumentReview

Contact us to advertise here
# Jochen Eisinger (3 days ago)

The WebAppSec WG doesn't review other WGs specs. Please reach out to the www.w3.org/Security/wiki/IG and work with the browser vendors involved in your WG to have their respective security teams support you.

Best Jochen

Kostiainen, Anssi anssi.kostiainen@intel.com schrieb am Fr., 20. Okt.

2017, 10:28:

# Kostiainen, Anssi (a day ago)

[+W3C Team contacts Dom & Wendy to clarify wide review expectations.]

Hi Jochen,

On 21 Oct 2017, at 10.11, Jochen Eisinger eisinger@google.com wrote:

Hi!

The WebAppSec WG doesn't review other WGs specs.

Is that the WebAppSec WG's official position?

I'm asking, since that's in conflict with the Document Review best practices (and advise I got from W3C Staff):

[[

Which group(s) should be asked to review a document?

All group charters should include information about the groups and external liaisons that are interested in particular documents. At a minimum, those groups should be included in all review request for their related document(s).

www.w3.org/wiki/DocumentReview#Who_to_ask_for_review.3F

]]

The Device and Sensors WG has WebAppSec WG as a dependency in its charter, since practically all of its specs depend on WebAppSec specs:

www.w3.org/2016/03/device-sensors-wg-charter.html#coordination

Device and Sensors WG's expectation was WebAppSec WG would be interested in reviewing the use of these dependencies as noted in the wide review request to WebAppSec WG:

[[

In particular the group requests review of the use of Permissions, Feature Policy, and Secure Contexts specifications.

]]

(Granted, the Feature Policy spec is still in WICG, but should still be of interest to this group. We reach out to WICG separately on that one.)

Please reach out to the www.w3.org/Security/wiki/IG

We reached out to the Security IG too as part of the wide review:

lists.w3.org/Archives/Public/public-web-security/2017Oct/0001.html

... and asked them to focus their review on security considerations in general.

(That said, we have observed the IG has not been very responsive recently and wide review requests have fallen through the cracks -- but that's an issue of its own.)

and work with the browser vendors involved in your WG to have their respective security teams support you.

The Chrome Security team has been closely involved throughout the implementation of these specs, and the APIs in scope for this wide review have passed their scrutiny and are now shipping as an Origin Trial starting in Chrome 63 Beta.

Hopefully this clears up some confusion around expectations for wide review.

All that said, the Device and Sensors WG is welcoming any feedback from WebAppSec WG.

We're not asking you to do a full-blown review unless you really want to, all we want is get feedback on the use of Permissions and Secure Contexts (and as a bonus Feature Policy). My apologies, if the expected scope of the review was not clear enough in the wide review request.

Thanks,

-Anssi (Device and Sensors WG Chair)

# Jochen Eisinger (a day ago)

On Mon, Oct 23, 2017 at 1:50 PM Kostiainen, Anssi anssi.kostiainen@intel.com wrote:

[+W3C Team contacts Dom & Wendy to clarify wide review expectations.]

Hi Jochen,

On 21 Oct 2017, at 10.11, Jochen Eisinger eisinger@google.com wrote:

Hi!

The WebAppSec WG doesn't review other WGs specs.

Is that the WebAppSec WG's official position?

I'm asking, since that's in conflict with the Document Review best practices (and advise I got from W3C Staff):

[[

Which group(s) should be asked to review a document?

All group charters should include information about the groups and external liaisons that are interested in particular documents. At a minimum, those groups should be included in all review request for their related document(s).

www.w3.org/wiki/DocumentReview#Who_to_ask_for_review.3F

]]

The Device and Sensors WG has WebAppSec WG as a dependency in its charter, since practically all of its specs depend on WebAppSec specs:

www.w3.org/2016/03/device-sensors-wg-charter.html#coordination

Device and Sensors WG's expectation was WebAppSec WG would be interested in reviewing the use of these dependencies as noted in the wide review request to WebAppSec WG:

[[

In particular the group requests review of the use of Permissions, Feature Policy, and Secure Contexts specifications.

]]

(Granted, the Feature Policy spec is still in WICG, but should still be of interest to this group. We reach out to WICG separately on that one.)

Please reach out to the www.w3.org/Security/wiki/IG

We reached out to the Security IG too as part of the wide review:

lists.w3.org/Archives/Public/public-web-security/2017Oct/0001.html

... and asked them to focus their review on security considerations in general.

(That said, we have observed the IG has not been very responsive recently and wide review requests have fallen through the cracks -- but that's an issue of its own.)

and work with the browser vendors involved in your WG to have their respective security teams support you.

The Chrome Security team has been closely involved throughout the implementation of these specs, and the APIs in scope for this wide review have passed their scrutiny and are now shipping as an Origin Trial starting in Chrome 63 Beta.

Hopefully this clears up some confusion around expectations for wide review.

All that said, the Device and Sensors WG is welcoming any feedback from WebAppSec WG.

We're not asking you to do a full-blown review unless you really want to, all we want is get feedback on the use of Permissions and Secure Contexts (and as a bonus Feature Policy). My apologies, if the expected scope of the review was not clear enough in the wide review request.

Thanks for the clarification!

I read your initial email as a general review requests as part of ticking off checkboxes to move to CR.

From the charter, it reads more like the intended interaction would have

been way earlier? Giving substantial input on the specs at a point where they're already in origin trial in Chrome, and about to move to CR sounds difficult :/

Maybe that's a question for Wendy et al. Is a sign-off as a last step before CR the kind of interaction you intended?

best

Want more features?

Request early access to our private beta of readable email premium.