Merge pull request #781 from mmccool/define-trusted-environment

Define Trusted Environment
w3c · Jun 30, 2022 · 2c11dd0 · 2c11dd0
2 parents c34d7a5 + a27f9aa
commit 2c11dd0
Showing 1 changed file with 11 additions and 4 deletions.
diff --git a/index.html b/index.html
@@ -809,6 +809,13 @@ <h1>Terminology</h1>
         constraints on options or subprotocol mechanisms.
         Examples are HTTP, CoAP, or MQTT.
       </dd>
+      <dt>
+        <dfn>Trusted Environment</dfn>
+      </dt>
+      <dd>Set of devices that assume each other's claims of
+        identity are authentic without proof and allow relatively unrestricted
+        access to one another over a common protected network.
+      </dd>
       <dt>
         <dfn>Virtual Thing</dfn>
       </dt>
@@ -1253,7 +1260,7 @@ <h1>Common Deployment Patterns</h1>
       that are defined in later sections of this specification.
     </p>
     <p>
-    This section also makes use of the concept of a Trusted Environment,
+    This section also makes use of the concept of a <a>Trusted Environment</a>,
     which is a set of devices that allow relatively unrestricted
     access to one another.  This is a common approach but carries some
     risks, which are discussed in section
@@ -4269,16 +4276,16 @@ <h2>Trusted Environment Risks</h2>
       In section
       <a href="#sec-common-deployment-patterns"></a>
       several usage scenarios are presented
-      that include the concept of a trusted environment and a security 
-      boundary. Entities that are members of a trusted environment
+      that include the concept of a <a>Trusted Environment</a> and a security 
+      boundary. Entities that are members of a <a>Trusted Environment</a>
       all share access to a common set of resources (such as a local
       network) and are implictly granted certain access rights to
       each other.  A common example would be a WiFi LAN in the home
       where access to the WEP password allows devices to communicate
       with each other without any further access controls.
       Allowing implicit access rights like this and using a single
       shared secret for a large number of entities means that a single
-      malicious actor with access to the trusted environment can
+      malicious actor with access to the <a>Trusted Environment</a> can
       cause significant damage.
       </p>
       <p>