Response to the Privacy & Security Self-Review Questionnaire for the RDF specifications

# Privacy & Security Self-Review Questionnaire

[https://www.w3.org/TR/security-privacy-questionnaire](https://www.w3.org/TR/security-privacy-questionnaire)

[2.1 What information does this feature expose, and for what purposes?](https://www.w3.org/TR/security-privacy-questionnaire/#purpose)

→As a generic data model, RDF in itself or its implementations do not expose any information. The information represented *in* RDF, and for what purpose, is application-dependent.

[2.2 Do features in your specification expose the minimum amount of information necessary to implement the intended functionality?](https://www.w3.org/TR/security-privacy-questionnaire/#minimum-data)

→Cf. 2.1.

[2.3 Do the features in your specification expose personal information, personally-identifiable information (PII), or information derived from either?](https://www.w3.org/TR/security-privacy-questionnaire/#personal-data)

→Cf. 2.1.

[2.4 How do the features in your specification deal with sensitive information?](https://www.w3.org/TR/security-privacy-questionnaire/#sensitive-data)

→Cf. 2.1.

[2.5 Does data exposed by your specification carry related but distinct information that may not be obvious to users?](https://www.w3.org/TR/security-privacy-questionnaire/#hidden-data)

→Cf. 2.1.

[2.6 Do the features in your specification introduce state that persists across browsing sessions?](https://www.w3.org/TR/security-privacy-questionnaire/#persistent-origin-specific-state)

→No

[2.7 Do the features in your specification expose information about the underlying platform to origins?](https://www.w3.org/TR/security-privacy-questionnaire/#underlying-platform-data)

→No

[2.8 Does this specification allow an origin to send data to the underlying platform?](https://www.w3.org/TR/security-privacy-questionnaire/#send-to-platform)

→No

[2.9 Do features in this specification enable access to device sensors?](https://www.w3.org/TR/security-privacy-questionnaire/#sensor-data)

→No

[2.10 Do features in this specification enable new script execution/loading mechanisms?](https://www.w3.org/TR/security-privacy-questionnaire/#string-to-script)

→No

[2.11 Do features in this specification allow an origin to access other devices?](https://www.w3.org/TR/security-privacy-questionnaire/#remote-device)

→No

[2.12 Do features in this specification allow an origin some measure of control over a user agent’s native UI?](https://www.w3.org/TR/security-privacy-questionnaire/#native-ui)

→No

[2.13 What temporary identifiers do the features in this specification create or expose to the web?](https://www.w3.org/TR/security-privacy-questionnaire/#temporary-id)

→No

[2.14 How does this specification distinguish between behavior in first-party and third-party contexts?](https://www.w3.org/TR/security-privacy-questionnaire/#first-third-party)

→The RDF family of specification is independent from browsers, and therefore the notions of first-party and third-party context do not apply.

[2.15 How do the features in this specification work in the context of a browser’s Private Browsing or Incognito mode?](https://www.w3.org/TR/security-privacy-questionnaire/#private-browsing)

→N/A, cf. 2.14.

[2.16 Does this specification have both "Security Considerations" and "Privacy Considerations" sections?](https://www.w3.org/TR/security-privacy-questionnaire/#considerations)

→Yes

[2.17 Do features in your specification enable origins to downgrade default security protections?](https://www.w3.org/TR/security-privacy-questionnaire/#relaxed-sop)

→No, cf. 2.14.

[2.18 What happens when a document that uses your feature is kept alive in BFCache (instead of getting destroyed) after navigation, and potentially gets reused on future navigations back to the document?](https://www.w3.org/TR/security-privacy-questionnaire/#bfcache)

→N/A, cf. 2.14.

[2.19 What happens when a document that uses your feature gets disconnected?](https://www.w3.org/TR/security-privacy-questionnaire/#non-fully-active)

→N/A, cf. 2.14.

[2.20 Does your spec define when and how new kinds of errors should be raised?](https://www.w3.org/TR/security-privacy-questionnaire/#error-handling)

→RDF specifications define error conditions when parsing documents in concrete syntaxes, but these error conditions depend exclusively on the data being parsed, not on the user’s context. Therefore, they should not represent a security or privacy issue.

[2.21 Does your feature allow sites to learn about the user’s use of assistive technology?](https://www.w3.org/TR/security-privacy-questionnaire/#accessibility-devices)

→No

[2.22 What should this questionnaire have asked?](https://www.w3.org/TR/security-privacy-questionnaire/#missing-questions)

→No suggestion.

## Scope

This self-assessment applies to the whole family of RDF 1.2 specifications:

* [RDF12-NEW](https://github.com/w3c/rdf-new)  
* [RDF12-CONCEPTS](https://github.com/w3c/rdf-concepts)  
* [RDF12-N-QUADS](https://github.com/w3c/rdf-n-quads)  
* [RDF12-N-TRIPLES](https://github.com/w3c/rdf-n-triples)  
* [RDF12-PRIMER](https://github.com/w3c/rdf-primer)  
* [RDF12-SCHEMA](https://github.com/w3c/rdf-schema)  
* [RDF12-SEMANTICS](https://github.com/w3c/rdf-semantics)  
* [RDF12-TRIG](https://github.com/w3c/rdf-trig)  
* [RDF12-TURTLE](https://github.com/w3c/rdf-turtle)  
* [RDF12-XML](https://github.com/w3c/rdf-xml)



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Response to the Privacy & Security Self-Review Questionnaire for the RDF specifications #180

Privacy & Security Self-Review Questionnaire

Scope

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Response to the Privacy & Security Self-Review Questionnaire for the RDF specifications #180

Description

Privacy & Security Self-Review Questionnaire

Scope

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions