BCC: www-tag@, public-webapps@, public-privacy@, public-geolocation@ in the hopes of spurring "wide" review.
I've done a bit of polishing on https://w3c.github.io/webappsec/specs/powerfulfeatures/ over the last few days, and I think it's worth folks' time to take another look at the document. In particular, I've addressed some of Boris' concerns from way back in June/July (sorry it took so long!), and clarified the algorithms with what I hope are helpful examples. Outstanding issues are noted at https://github.com/w3c/webappsec/labels/SECURE. w3c/webappsec#406 <https://github.com/w3c/webappsec/issues/406> is probably the most interesting of these. I'd appreciate feedback on the document, either on public-webapp...@w3.org, or via GitHub at https://github.com/w3c/webappsec/issues/new?title=SECURE:%20 -- Mike West <mk...@google.com>, @mikewest Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth Flores (Sorry; I'm legally required to add this exciting detail to emails. Bleh.)