Create security-privacy-questionnaire.md

security-privacy-questionnaire.md

@@ -0,0 +1,71 @@
+1. What information might this feature expose to Web sites or other parties, and for what purposes is that exposure necessary?
+
+TBD
+
+2. Do features in your specification expose the minimum amount of information necessary to enable their intended uses?
+
+TBD
+
+3. How do the features in your specification deal with personal information, personally-identifiable information (PII), or information derived from them?
+
+TBD
+
+4. How do the features in your specification deal with sensitive information?
+
+TBD
+
+5. Do the features in your specification introduce new state for an origin that persists across browsing sessions?
+
+TBD
+
+6. Do the features in your specification expose information about the underlying platform to origins?
+
+TBD
+
+7. Does this specification allow an origin to send data to the underlying platform?
+
+TBD
+
+8. Do features in this specification enable access to device sensors?
+
+TBD
+
+9. Do features in this specification enable new script execution/loading mechanisms?
+
+TBD
+
+10. Do features in this specification allow an origin to access other devices?
+
+TBD
+
+11. Do features in this specification allow an origin some measure of control over a user agent’s native UI?
+
+TBD
+
+12. What temporary identifiers do the features in this specification create or expose to the web?
+
+TBD
+
+13. How does this specification distinguish between behavior in first-party and third-party contexts?
+
+TBD
+
+14. How do the features in this specification work in the context of a browser’s Private Browsing or Incognito mode?
+
+TBD
+
+15. Does this specification have both "Security Considerations" and "Privacy Considerations" sections?
+
+TBD
+
+16. Do features in your specification enable origins to downgrade default security protections?
+
+TBD
+
+17. How does your feature handle non-"fully active" documents?
+
+TBD
+
+18. What should this questionnaire have asked?
+
+TBD