Update security and privacy self assesment documents

Signed-off-by: Arnaud Mandy <arnaud.mandy@intel.com>

security-privacy-self-assessment.html

@@ -185,7 +185,8 @@ <h3 id="2-4-how-does-this-specification-deal-with-sensitive-information-">
       first-party and third-party contexts?
     </h3>
     <p>
-      The specified API will not be available in third-party contexts.
+      The specified API will be available in third-part contexts via iframe
+      guarded by permission policy and focus requirements.
     </p>
     <h3 id=
     "2-14-how-does-this-specification-work-in-the-context-of-a-user-agent-s-private-browsing-or-incognito-mode-">
@@ -202,6 +203,9 @@ <h3 id="2-4-how-does-this-specification-deal-with-sensitive-information-">
       2.15. Does this specification have a "Security Considerations" and
       "Privacy Considerations" section?
     </h3>
+    <p>
+      Yes.
+    </p>
     <h3 id=
     "2-16-does-this-specification-allow-downgrading-default-security-characteristics-">
       2.16. Does this specification allow downgrading default security

security-privacy-self-assessment.md

@@ -107,7 +107,8 @@ however, we think our mitigations would prevent this risk.
 
 ### 2.13. How does this specification distinguish between behavior in first-party and third-party contexts?
 
-The specified API will not be available in third-party contexts.
+The specified API will be available in third-part contexts via iframe
+guarded by permission policy and focus requirements.
 
 ### 2.14. How does this specification work in the context of a user agent’s Private Browsing or "incognito" mode?
 
@@ -117,6 +118,8 @@ normal and Private Browsing modes.
 
 ### 2.15. Does this specification have a "Security Considerations" and "Privacy Considerations" section?
 
+Yes.
+
 ### 2.16. Does this specification allow downgrading default security characteristics?
 
 No.