ProfPrivacyAndSecurityQuestionnaire

From Dataset Exchange Working Group
Jump to: navigation, search

Contents

Introduction

Answers to the Self-Review Questionnaire: Security and Privacy for the Profiles Vocabulary specification.

Answers to the questionnaire

4.1. How does the specification deal with personal information allowing to single out the user?

This specification does not directly handle any personal information. This is a vocabulary of terms for describing relations between information objects.

Authors of information conforming to this vocabulary may choose to identify them selves as authors/creators of published information.


4.2. How does this specification deal with high-value data?

This specification does not deal with high-value data, only perhaps modelling of it. The metadata created according to PROF itself is not considered high-value data.


4.3. Might this specification introduce new state for an origin that persists across browsing sessions?

No. This specification is for metadata descriptions only, not live sessions.


4.4. Does this specification expose persistent, cross-origin state to the web?

No. As above.


4.5. Does this specification expose any other data to an origin that it doesn’t currently have access to?

Not. Decisions about persisting or otherwise exposing information created according to PROF are not addressed in this specification.


4.6. Does this specification enable new script execution/loading mechanisms?

No. This specification is not a functional specification.


4.7. Does this specification allow an origin access to a user’s location?

No. This specification is not a functional specification.


4.8. Does this specification allow an origin access to sensors on a user’s device?

No. This specification is not a functional specification.


4.9. Does this specification allow an origin access to aspects of a user’s local computing environment?

No. This specification is not a functional specification.


4.10. Does this specification allow an origin access to other devices?

No. This specification is not a functional specification.


4.11. Does this specification allow an origin some measure of control over a user agent’s native UI?

No. This specification is not a functional specification.


4.12. Does this specification expose temporary identifiers to the web?

No. Information objects modelled using this specification should use persistent URIs. Blank Nodes may also be used (locally-scoped URIs) however these are also persistent in relation to their parten data container (a document).


4.13. Does this specification distinguish between behavior in first-party and third-party contexts?

No. This specification does not address bhaviour of any form.


4.14. How does this specification work in the context of a user agent’s Private Browsing Modes mode?

This specification is unrelated to Private Browsing Modes mode or user sessions.


4.15. Does this specification persist data to a user’s local device?

No. Data persistence (information objects modelled according to PROF) are serverside information resources.


4.16. Does this specification have a "Security Considerations" and "Privacy Considerations" section?

Yes. Cf. https://www.w3.org/TR/dx-prof/#security_and_privacy


4.17. Does this specification allow downgrading default security characteristics?

No. No part of this specification accesses security characteristics.


4.18. Does this specification allow the persistent monitoring of user behavior?

No. This specification does not model behaviour of any sort or allow it to be modelled within its scope.