blakeplock
commented
3 years ago This is being addressed in IEEE P9274.4.2 on Cybersecurity for xAPI. Security language itself is being stripped from the base P9274.1.1 standard.
Open pbadams opened 3 years ago
blakeplock
commented
3 years ago This is being addressed in IEEE P9274.4.2 on Cybersecurity for xAPI. Security language itself is being stripped from the base P9274.1.1 standard.
pbadams
commented
3 years ago Thanks @blakeplock, that's good to know. I've done a quick Google, but I'm unable to find any status information for P9274.4.2. Can you point me at a link or mailing list? Many thanks.
blakeplock
commented
3 years ago Hey @pbadams -- Sorry for the delay. Super early draft/template is here: https://docs.google.com/document/d/1eS02PK_npsn3NTH0OrKWTSqlEUQ6jn77KU3ep2QdpBE/edit#heading=h.5q13vabaelju
The standards activity was approved by IEEE as P9274.4.2. Schedule of WG meetings has been established yet. I'm hoping to get it running after this month's 9274.1.1 call and nailing everything down into a decent draft over 4-ish months.
fnoks
commented
1 year ago Any updates on this?
the xAPI specification should be updated to use SHA2 algorithms, as SHA1 is no longer recommended.
For organizations capturing xAPI statements containing personally identifiable information (PII) of customers, using SHA1 is not strong enough to safely store customer PII.