The Privacy Considerations section has a subsection for "Identifiable Information".
We need to determine what's deemed to be identifiable information and express that in terms of (non)normative text... and so we also know what should be in a test suite.
Then we can revisit statements like:
In order to prevent leakage of non-resource data, error responses SHOULD NOT contain identifiable information.
So, if we know the set or categories for identifiable information, then the recommendation could switch to MUST NOT, unless we also cover exceptions. I presume that there are no need to explore exceptions to allow the inclusion of identifiable information in error responses.
(Derived from https://github.com/solid/specification/pull/13/files#r305292422 )
The Privacy Considerations section has a subsection for "Identifiable Information".
We need to determine what's deemed to be identifiable information and express that in terms of (non)normative text... and so we also know what should be in a test suite.
Then we can revisit statements like:
So, if we know the set or categories for identifiable information, then the recommendation could switch to MUST NOT, unless we also cover exceptions. I presume that there are no need to explore exceptions to allow the inclusion of identifiable information in error responses.