pecanpete
commented
6 months ago Is the scope of scope of Security Principles included privacy. Do we wish to introduced notion of Zero Trust principles / Least Privilege as Described in https://www.tmforum.org/resources/how-to-guide/ig1306-zero-trust-architecture-and-implications-to-enterprise-security-v2-0-1/ there is a plan to take this down to a couple of level levels of detail ana wondering if ODA CA could be examples Also there is a ODA Sec team a draft contents for IG1314 Security and Privacy Impacts on ODA v1.0.0 (E2E-411) which might benefit from ODA CA examples
Add security principles and posture of canvas reference implementation
For the Canvas reference implementation (and, by implication for the eventual standards) we should document the principles we are following that CSPs would want to express to their internal security teams. This subtly different from the standard itself in that the principles are more around how we have approached the problem of securing the canvas and the components that rely on it, rather than the implementaiton details.