Self-Review Questionnaire: Interoperability, Choice, Accessibility and Accountability creative reuse of Security & Privacy questionnaire

[lknik]

Greetings,

Some time ago I wrote considerable chunks of the Self-Review Questionnaire: Security and Privacy, so imagine my confusion when I encountered (by quite an accident!) the WAB's Self-Review Questionnaire: Interoperability, Choice, Accessibility and Accountability. Specifically I note that it is quite creatively reusing the Security and Privacy Questionnaire. To better understand the issue, let's start at the introduction of the Self-Review Questionnaire: Interoperability, Choice, Accessibility and Accountability document:

New features make the web a stronger and livelier platform. Throughout the feature development process there are both foreseeable and unexpected impacts to multiple stakeholders. These risks may arise from the nature of the feature, some of its part(s), or unforeseen interactions with other features. Such risks and impacts may be mitigated through careful design and application of the principles and design patterns described below.

Standardizing web features presents unique challenges. Descriptions, protocols and algorithms need to be considered strictly before they are broadly adopted by vendors with large user bases. If features are found to have undesirable impacts on important stakeholder interests after they are standardized, then, it is better to transparently list these ahead of browser vendors implementations, to give opportunity for broader feedback.

Now let's have a look at the Security & Privacy document, also introduction section:

New features make the web a stronger and livelier platform. Throughout the feature development process there are both foreseeable and unexpected security and privacy risks. These risks may arise from the nature of the feature, some of its part(s), or unforeseen interactions with other features. Such risks and may be mitigated through careful design and application of security and privacy design patterns.

Standardizing web features presents unique challenges. Descriptions, protocols and algorithms need to be considered strictly before they are broadly adopted by vendors with large user bases. If features are found to have undesirable privacy properties after they are standardized, then, browser vendors may break compatibility in their implementations to protect users' privacy as the user agent is the user’s agent.

I guess you get the idea. Let's say it's quite creatively reused. While I understand the considerations of the Creative Commons 0 license, it still makes me wonder if this is simply OK from the 'good form' point of view. What do you think?
That said, I'm not sure how to fix such an issue other than citing in verbatim and providing a reference, which, I admit, would look quite awkward, unless anyone else has a better idea?

[wseltzer]

Thanks @lknik. Even under a CC0 license, it's appropriate to give attribution and to indicate by quotation when segments are taken directly from a source.

@jwrosewell could you take a look and add appropriate references to the Security and Privacy Self-Review in your Interoperability, Choice, Accessibility and Accountability document?

[jwrosewell]

@wseltzer I've created a pull request. Would you mind reviewing to ensure I've reflected the W3C licence correctly?

@lknik Thank you for reading and your work on the original document. I'd not appreciated material in this repository was not owned and licenced by the W3C and needed acknowldegement.

The next step with this document and it's companion is to move them into the Decentralized Web Interest Group should that be chartered at which point I believe it'll then become a W3C owned and licenced document. It is for this reason little work has been done on the document recently within the IWA BG.