New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Limitations on TDs Utilising nosec #1490
Comments
I am working on a PR to address this and related matters, but I am putting it into WoT Architecture since it also relates to WoT Discovery. See w3c/wot-architecture#747 |
Some updated S&P considerations have been merged into Architecture, please review. I am doing a cleanup pass so let me know if you spot anything that needs to be addressed. See w3c/wot-architecture#753 |
from today's TD call:
|
These updates look good to me, closing the issue |
perfect, thanks |
This issue is part of the PING privacy review w3cping/privacy-request#84
This spec currently allows TDs to set nosec without restriction, however the spec also mentions that some TDs can contain IDs that are immutable by law (in some jurisdictions) and that some TDs can be associated with personal devices. Given this it seems reasonable to require that any device with an immutable ID or that can be associated with a personal device is forbidden from using nosec as a security policy.
The text was updated successfully, but these errors were encountered: