Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Incorrect randomness claim in 50-privacy.md #481

Closed
dyladan opened this issue Jan 4, 2022 · 4 comments
Closed

Incorrect randomness claim in 50-privacy.md #481

dyladan opened this issue Jan 4, 2022 · 4 comments
Assignees
@dyladan
Labels
Editorial The reported issue can be addressed with an editorial change. This tag could be combined with others errata Erratum for a W3C Recommendation privacy-tracker Group bringing to attention of Privacy, or tracked by the Privacy Group but not needing response. trace-context-1 For Level 1 errata

Comments

@dyladan
Copy link
Member

dyladan commented Jan 4, 2022

Privacy of traceparent field section incorrectly states that trace-id is randomly generated. Section should be modified such that PII in trace ids is discouraged or forbidden, and randomness suggested as a possible solution.
@dyladan dyladan added erratumRaised Raised to become an Errata later trace-context-1 For Level 1 errata labels Jan 4, 2022
@dyladan dyladan mentioned this issue Jan 4, 2022
Merged
@kalyanaj
Copy link
Contributor

Leaving this issue open to decide if we can backport this (#482) to level-1 of the spec.

I feel the wording in #482 ("“MUST NOT contain PII”) is sufficiently backwards compatible to backport, since the Level 1 spec indirectly talks about not exposing user-identifiable information.

@plehegar , based on a discussion on this in a recent working group meeting, we wanted to get your thoughts on this.

@kalyanaj
Copy link
Contributor

Assigned to Philippe per our discussion in the DT working group meeting today, thanks Philippe!

@plehegar plehegar added the privacy-tracker Group bringing to attention of Privacy, or tracked by the Privacy Group but not needing response. label Apr 26, 2022
@w3cbot w3cbot mentioned this issue Apr 27, 2022
Open
@kalyanaj kalyanaj assigned dyladan and unassigned plehegar Jun 7, 2022
@dyladan dyladan added errata Erratum for a W3C Recommendation Editorial The reported issue can be addressed with an editorial change. This tag could be combined with others and removed erratumRaised Raised to become an Errata later labels Sep 27, 2022
This was referenced Sep 27, 2022
Closed
Merged
@dyladan
Copy link
Member Author

dyladan commented Nov 23, 2022

This is fixed in #495 but I will leave this open until it is published

@kalyanaj
Copy link
Contributor

Closing this one as we have a separate issue to track republishing of level 1 spec to include this fix.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dyladan dyladan

Labels
Editorial The reported issue can be addressed with an editorial change. This tag could be combined with others errata Erratum for a W3C Recommendation privacy-tracker Group bringing to attention of Privacy, or tracked by the Privacy Group but not needing response. trace-context-1 For Level 1 errata
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Remove contradiction in TraceState mutations #428 dynatrace-oss-contrib/trace-context
3 participants
@plehegar @dyladan @kalyanaj