Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Document privacy and security mitigations #675

Closed
5 tasks done
marcoscaceres opened this issue Jan 24, 2018 · 4 comments
Closed
5 tasks done

Document privacy and security mitigations #675

marcoscaceres opened this issue Jan 24, 2018 · 4 comments
Assignees
@ianbjacobs
Labels
CR-Exit Editorial

Comments

@marcoscaceres
Copy link
Member

marcoscaceres commented Jan 24, 2018
edited

As part of the CR process and through implementation/deployment, we've learned quite a bit about abuse cases. We should make sure we properly document all mitigations we've put in place without being hand-wavy - in the Privacy and Security section.

And so on... please add more to the above... those are just the ones off the top of my head.

cc @lknik.
@marcoscaceres marcoscaceres mentioned this issue Jan 24, 2018
Merged
@ianbjacobs
Copy link
Collaborator

Hi @marcoscaceres,

Want any help drafting text?

Ian

@marcoscaceres
Copy link
Member Author

Help is always welcomed, @ianbjacobs.

ianbjacobs added a commit that referenced this issue Feb 12, 2018
@ianbjacobs
https://github.com/w3c/payment-request/issues/675
7f3d280 
* Create single section for sec enhancements
* Move one of them from above and link to it
* Combine with existing bits about handler matching
@ianbjacobs ianbjacobs mentioned this issue Feb 12, 2018
Closed
1 task
@stpeter
Copy link

stpeter commented Mar 29, 2018

Both https://www.w3.org/TR/credential-management-1/ and https://www.w3.org/TR/encrypted-media/ have text we could emulate about secure contexts. The latter document especially has thorough sections on privacy and security.

ianbjacobs added a commit that referenced this issue Jun 26, 2018
@ianbjacobs
Added canMakePayment() section to privacy considerations, part of 675
e53988e 
#675
ianbjacobs added a commit that referenced this issue Jun 26, 2018
@ianbjacobs
Added information about redactList to privacy consideration about not…
8ee251d 
… exposing user information, part of

#675
ianbjacobs added a commit that referenced this issue Jun 26, 2018
@ianbjacobs
iframe usage security subsection based on
dd0fa84 
issue 675
#675
ianbjacobs added a commit that referenced this issue Jun 26, 2018
@ianbjacobs
To address
6f35221 
#675
ianbjacobs added a commit that referenced this issue Jun 26, 2018
@ianbjacobs
document show() protections under security considerations, part of
902845a 
#675
This was referenced Jun 26, 2018
Merged
Merged
Merged
Merged
Merged
marcoscaceres pushed a commit that referenced this issue Jul 3, 2018
@ianbjacobs @marcoscaceres
Added information about redactList to privacy consideration (#738)
ebd8310 
* Added information about redactList to privacy consideration about not exposing user information, part of
#675
marcoscaceres pushed a commit that referenced this issue Jul 6, 2018
@ianbjacobs @marcoscaceres
Added canMakePayment() section to privacy considerations, part of 675
bc0fd8b 
#675
@marcoscaceres
Copy link
Member Author

Merged the ones listed, so closing.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ianbjacobs ianbjacobs

Labels
CR-Exit Editorial
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@stpeter @marcoscaceres @ianbjacobs