Skip to content

Add security and privacy considerations for services. #101

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Oct 12, 2024
Merged

Add security and privacy considerations for services. #101

merged 2 commits into from
Oct 12, 2024

Conversation

msporny
Copy link
Member

@msporny msporny commented Oct 6, 2024
edited by pr-preview bot
Loading

This PR was supposed to go in as a part of #99; it fixes broken links to sections in Privacy and Security Considerations related to services that were missing in PR #99.

Preview | Diff

TallTed
TallTed requested changes Oct 7, 2024
View reviewed changes
David-Chadwick
David-Chadwick approved these changes Oct 8, 2024
View reviewed changes
Copy link
Contributor

@David-Chadwick David-Chadwick left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Subject to minor edits

index.html Outdated
If a [=controller document=] publishes a [=service=] intended for authentication
or authorization of the [=subject=] (see Section [[[#services]]]), it is the
responsibility of the [=service=] provider, [=subject=], and/or requesting party
to comply with the requirements of the authentication protocols supported at
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
to comply with the requirements of the authentication protocols supported at
to comply with the requirements of the authentication/authorization protocols supported at

Copy link
Member

@TallTed TallTed Oct 8, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My suggestion touches two lines.

index.html
<h2>Service Privacy</h2>
<p>
The ability for a [=controller=] to optionally express at least one [=service=] in the [=controller document=] increases their control and agency.
Each additional endpoint in the [=controller document=] adds privacy risk either
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Each additional endpoint in the [=controller document=] adds privacy risk either
Each additional endpoint in the [=controller document=] adds a privacy risk either

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Indeterminate privacy risk is added with each additional endpoint. It's not "one risk per endpoint". This a should not be inserted.

TallTed
TallTed reviewed Oct 8, 2024
View reviewed changes
@iherman
Copy link
Member

iherman commented Oct 10, 2024

The issue was discussed in a meeting on 2024-10-09

  • no resolutions were taken
View the transcript

3.5. Add security and privacy considerations for services. (pr controller-document#101)

See github pull request controller-document#101.

Manu Sporny: probably not valuable to look at open PRs, there is an open PR for adding new sections related to services to controller document that needs review. Effectively a copy paste from did core.

Brent Zundel: with that we are done for the day. Thank you folks for coming. Thank you Wes-smith for scribing. I will not be able to join the next call but decentralgabe will guest chair for us, we will discuss controller document PRs.
… thanks to the folks from Singapore for coming, we hope the use case discussions will prove fruitful.

@msporny @TallTed
Fix grammar in service considerations sections.
c3b1dab 
Co-authored-by: Ted Thibodeau Jr <tthibodeau@openlinksw.com>
@msporny
Copy link
Member Author

msporny commented Oct 12, 2024

Editorial, multiple reviews, changes requested and made, no objections, merging.

@msporny msporny merged commit 839b4c0 into main Oct 12, 2024
1 check passed
@msporny msporny deleted the msporny-spc-missing-service branch October 12, 2024 19:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@TallTed TallTed TallTed requested changes

@dlongley dlongley dlongley approved these changes

@iherman iherman iherman approved these changes

@PatStLouis PatStLouis PatStLouis approved these changes

@BigBlueHat BigBlueHat Awaiting requested review from BigBlueHat

@davidlehn davidlehn Awaiting requested review from davidlehn

@jandrieu jandrieu Awaiting requested review from jandrieu

@longpd longpd Awaiting requested review from longpd

@dmitrizagidulin dmitrizagidulin Awaiting requested review from dmitrizagidulin

@selfissued selfissued Awaiting requested review from selfissued selfissued is a code owner

@KDean-Dolphin KDean-Dolphin Awaiting requested review from KDean-Dolphin

@brentzundel brentzundel Awaiting requested review from brentzundel

+1 more reviewer

@David-Chadwick David-Chadwick David-Chadwick approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@msporny @iherman @dlongley @TallTed @David-Chadwick @PatStLouis