Initial security and privacy considerations #38
Conversation
There was a problem hiding this comment.
This PR is a good first stab at this important section.
We should augment this section when we make further progress and check that we consider all applicable questions in https://www.w3.org/TR/security-privacy-questionnaire/ ... that we'll do in separate PRs.
index.bs
Outdated
|
|
||
| Personally identifiable information {#security-pii} | ||
| --------------------------------------------------- | ||
| The peer attributes, such as the nickname and device model, are provided to give minimal context to a connected peer. This information could be used in conjunction with other information for fingerprinting the user. However, this information is only available to an origin after it has been authenticated and a user has given explicit concent to make the connection to the remote peer. |
index.bs
Outdated
| User interface guidelines {#security-ui} | ||
| ---------------------------------------- | ||
|
|
||
| When the user is asked permission to connect to a peer, the user agent should make it clear what origin the request is coming from. |
index.bs
Outdated
|
|
||
| This document extends the Web platform with the ability to set up real-time, direct communication between browsers and other devices, including other browsers, within the local area network. | ||
|
|
||
| This means that data and media can be shared between applications running in different browsers, or between an application running in the same browser and something that is not a browser, something that is an extension to the usual barriers in the Web model against sending data between entities with different origins. |
There was a problem hiding this comment.
Maybe instead of "something", refer to "another user agent that is not a browser"? E.g. headless services are considered UAs per https://en.wikipedia.org/wiki/User_agent
Rewording proposal, feel free to adjust this to capture the intent:
This means that data and media can be shared between applications running in different browsers, or between an application running in the browser and another user agent that is not a browser such as a headless service. This extends the usual barriers in the Web's security model that prevents sending data between entities with different origins.
In this proposal. replace "a headless service" with a better example, or add more representative example of another user agent that is not a browser.
There was a problem hiding this comment.
I took this over from https://www.w3.org/TR/webrtc/#impact-on-same-origin-policy. I wonder if this is almost purposefully vague.
Do you feel "smart fridge" or "robot mower" qualify as a good example or would it conflate the point (since you have to realize that these devices would have to purposefully speak the protocol)?
There was a problem hiding this comment.
Maybe a "smart TV" would be an example more people could relate to? I concur a smart TV can have its own browser too, so maybe "a headless service provided by a smart TV or smart fridge" drives the message home? Feel free to propose what you see fit. I agree the webrtc text is vague so it is appropriate to patch it to make it fit this scenario better, be more concrete.
index.bs
Outdated
| Device Access {#security-device-access} | ||
| --------------------------------------- | ||
|
|
||
| The Local Peer to Peer API requires user permission for a page to access any peers. The API uses purpose-fit protocols for data communication. It cannot be used to connect to raw sockets or unknowing HTTP servers. In addition, a user must [=acquire a local peer grant=] by explicitly providing consenting for an origin to connect to a peer. In addition, a user must [=authenticate a local peer=] before use. |
There was a problem hiding this comment.
s/Local Peer to Peer API/Local Peer-to-Peer API
index.bs
Outdated
|
|
||
| Issue(WICG/local-peer-to-peer#15): Define filtering to provide additional context, related: | ||
|
|
||
| Impact on same origin policy {#security-same-origin} |
|
Thanks a ton for the reviews @anssiko 🙏 |
Preview | Diff