Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create a meaningful security-considerations section #218

Open
AxelNennker opened this issue May 30, 2024 · 1 comment · May be fixed by #277
Open

Create a meaningful security-considerations section #218

AxelNennker opened this issue May 30, 2024 · 1 comment · May be fixed by #277
Labels
correction correction in documentation Spring25

Comments

@AxelNennker
Copy link
Contributor

Problem description
The current security considerations just refers to CloudEvent "security".
Which is basically saying "CloudEvents cares about interoperability (and not about privacy and security)".

The example they provide does not even follow their own security advice.

Data
Domain specific event data SHOULD be encrypted to restrict visibility to trusted parties. The mechanism employed for such encryption is an agreement between producers and consumers and thus outside the scope of this specification.

{
    "specversion" : "1.0",
    "type" : "com.github.pull_request.opened",
    "source" : "https://github.com/cloudevents/spec/pull",
    "subject" : "123",
    "id" : "A234-1234-1234",
    "time" : "2018-04-05T17:31:00Z",
    "comexampleextension1" : "value",
    "comexampleothervalue" : 5,
    "datacontenttype" : "text/xml",
    "data" : "<much wow=\"xml\"/>"
}

Note, despite their own recommendation data is not encrypted. Neither is comexampleextension1 nor comexampleothervalue.

Expected behavior
Write a meaningful security considerations section

Additional context
@AxelNennker AxelNennker added the correction correction in documentation label May 30, 2024
@AxelNennker
Copy link
Contributor Author

Still meaningless "security considerations" https://github.com/camaraproject/Commonalities/blob/main/documentation/API-design-guidelines.md#security-considerations

@AxelNennker AxelNennker linked a pull request Aug 8, 2024 that will close this issue
Open
@rartych rartych mentioned this issue Aug 22, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
correction correction in documentation Spring25
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Update Subscription Security Considerations AxelNennker/Commonalities
2 participants
@AxelNennker @rartych