Add security and privacy questionnaire#195
Conversation
victorhuangwq
force-pushed
the
security-and-privacy-questionnaire
branch
from
3b63206 to
4e84b15
Compare
|
|
||
| > 07. Do the features in your specification expose information about the underlying platform to origins? | ||
|
|
||
| No. |
There was a problem hiding this comment.
Well, it could, right? It exposes whatever you want to ask of the agent, if the agent considers it appropriate to expose this information.
So you could write a do_thing(os_name, os_version, cpu_model) tool and, say, a local command line agent could easily supply that information.
WebMCP is a "dumb pipe", in that sense.
There was a problem hiding this comment.
I guess I'd slightly push back and say in that case, it's not our "features" that are exposing any information about the underlying platform. It's the agent that's exposing it. Just like it might in a standard HTML form without WebMCP. Maybe we should clarify that here. How about:
No, WebMCP does not expose information about the underlying platform, but an agent with access to the platform could choose to expose such information through a tool call. However, this exposure is dependent on agent behavior, and is not specifically made possible by WebMCP.
There was a problem hiding this comment.
Something like that seems totally fine, yeah. It's still a machine to machine sort of interface, so it's important to call out any data can be transferred.
There was a problem hiding this comment.
It's the agent that's exposing it. Just like it might in a standard HTML form without WebMCP.
This comes up a lot. Having this written out once in a canonical location in the spec's security and privacy considerations seems like it could be helpful.
|
|
||
| > 09. Do features in this specification enable access to device sensors? | ||
|
|
||
| No. |
There was a problem hiding this comment.
Like the above, that depends on how it's used. I think it's fair to say "no" here, but we should note the general "pipe-to-powerful-agent" nature of the API.
There was a problem hiding this comment.
I think in the spirit of treating the agent like an extension of the user, it would be the equivalent of a pre-AI website asking the user to: "Input in this HTML form, the result of running the FOO operation on the Bluetooth device plugged into your laptop". We wouldn't really say that this site "enables access to device sensors" if the user follows these instructions. I think this question is more reserved for deterministic privilege access that wasn't possible via script before.
There was a problem hiding this comment.
Well the difference is that in this case it can be done semi-automatically without the human explicitly sharing the data, depending on the agent implementation. I generally agree with your sentiment here, but as per the above it should be pointed out that agents can do anything.
|
Sorry for the delay, a few comments but L (pretty) GTM already! :) |
domfarolino
left a comment
domfarolino
left a comment
There was a problem hiding this comment.
Overall it looks like we're pretty close, but there are a few open threads to resolve:
Co-authored-by: Dominic Farolino <domfarolino@gmail.com>
Co-authored-by: Dominic Farolino <domfarolino@gmail.com>
Co-authored-by: Dominic Farolino <domfarolino@gmail.com>
Co-authored-by: Dominic Farolino <domfarolino@gmail.com>
Co-authored-by: Dominic Farolino <domfarolino@gmail.com>
Co-authored-by: Dominic Farolino <domfarolino@gmail.com>
victorhuangwq
force-pushed
the
security-and-privacy-questionnaire
branch
from
d952c46 to
3bcc77e
Compare
5 participants
Addresses #193
cc: @bwalderman @johannhof @domfarolino