Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve security section to address TAG feedback #811

Closed
mlagally opened this issue Jul 21, 2022 · 3 comments
Closed

Improve security section to address TAG feedback #811

mlagally opened this issue Jul 21, 2022 · 3 comments
Assignees
@mmccool
Labels
by CR transition P1 tag-needs-resolution Issue the Technical Architecture Group has raised and looks for a response on.

Comments

@mlagally
Copy link
Contributor

See w3ctag/design-reviews#736
for details.
@mlagally mlagally changed the title Improce security section to address TAG feedback Improve security section to address TAG feedback Jul 21, 2022
@rhiaro
Copy link
Member

rhiaro commented Jul 25, 2022

Just so people don't need to keep clicking around, I'll paste my feedback on Security & Privacy here as well:

Overall we are happy with the direction, and really appreciate the extensive security and privacy work that has been done. Treating all Thing Descriptions as if they contain PII is a sensible precaution. Making the Security and Privacy considerations normative makes a strong statement, though we'd like to know how you have been testing these requirements for conformance purposes?

The spec refers normatively to the Security and Privacy Guidelines, but this is a NOTE, not a normative document and so can't be used as a normative reference. Are you planning to republish the Guidelines at some point (as it seems to have been updated since its last publication)? Also the Security Best Practices document appears to currently be unpublished - what status are you planning to give to this? How does it relate to the Guidelines?

@rhiaro rhiaro mentioned this issue Jul 25, 2022
Closed
@mlagally mlagally added tag-needs-resolution Issue the Technical Architecture Group has raised and looks for a response on. and removed address TAG feedback labels Aug 4, 2022
@w3cbot w3cbot mentioned this issue Aug 4, 2022
Open
@mlagally
Copy link
Contributor Author

mlagally commented Sep 1, 2022

Discussion in Arch call on 1. Sept:
It is planned to update the "Security and Privacy" document this fall as it is an informative document.
However some constraints are essential, e.g. using recent versions of TLS.
We define these as part of the normative S&P section of the architecture document.

We will change the references to the "Security and Privacy" document to "informative".

@mlagally
Copy link
Contributor Author

Arch call on Sept 22: S&P reference was changed to informative.

@ylafon ylafon removed the tag-needs-resolution Issue the Technical Architecture Group has raised and looks for a response on. label Nov 18, 2022
@w3cbot w3cbot added the tag-needs-resolution Issue the Technical Architecture Group has raised and looks for a response on. label Nov 19, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mmccool mmccool

Labels
by CR transition P1 tag-needs-resolution Issue the Technical Architecture Group has raised and looks for a response on.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@rhiaro @ylafon @mmccool @w3cbot @mlagally