Added language requiring authorization of stream management API

openid / sharedsignals

OpenID Shared Signals Working Group Repository

45 stars 11 forks source link

Added language requiring authorization of stream management API #173

Closed FragLegs closed 3 weeks ago

FragLegs commented 1 month ago

To address the attacks proposed in #161 and #160, this PR adda a paragraph indicating that all Stream Management API endpoints must use authorization that associates stream IDs with a specific Receiver, unless some other method of trust is established.

FragLegs commented 1 month ago

Update RFC2818 and RFC7235 to RFC9110