An array of tools to ensure security and privacy of the Open Web Platform
As noted in "Better specifications for the sake of the Web" last month, W3C conducts wide reviews for an ever-increasing number of specifications; and Virginie and Richard provided some tips to make those reviews more effective. We’re pleased to add more tools, focused on privacy and security on the Web.
Today, the Technical Architecture Group (TAG) published a Self-Review Questionnaire: Security and Privacy, a high-level tool to help editors and Working Groups spot security and privacy issues of a new feature or specification early on. This document will evolve based on feedback received by those who use it.
As one simple nudge for specification authors, we can also update the software commonly used for spec writing to remind editors to include a privacy and security considerations section, as has been done in Bikeshed and discussed for Respec.
The Privacy Interest Group (PING) has recently published a draft of Fingerprinting Guidance for Web Specification Authors, which aims to provide advice for mitigating browser fingerprintability in the development of new Web features. In addition, PING, working with the TAG, is developing a more detailed questionnaire for experts in privacy and security who are reviewing documents from W3C Working Groups, to supplement editors’ self-review.
Interest Groups, including the Privacy Interest Group and Web Security Interest Group, look at these privacy and security topics in particular, and welcome comments from all. Indeed, comments, issues or even GitHub pull requests are invited for all of the documents mentioned above; you can help all the W3C groups who will refer to these documents with your reviews now.
Experience shows that people, process and tools combined can make the Web more private and secure; see, for example, research presented earlier this year. Tips for spotting issues to review, tools for conducting in-depth reviews and a vibrant community of interested reviewers fit together to provide stronger security and privacy for the Open Web Platform.