search

w3c / did-rubric

W3C Decentralized Characteristics Rubric v1.0
https://w3c.github.io/did-rubric/
Other
14 stars 16 forks source link

Add draft of security and privacy sections #11

Closed dhh1128 closed 3 years ago

dhh1128 commented 3 years ago

Signed-off-by: Daniel Hardman daniel.hardman@gmail.com

Preview | Diff

dhh1128 commented 3 years ago

@TallTed : Thanks for the suggestions about reformatting. I would like to accept them, but I think accepting directly in github may cause DCO problems. Therefore, I think I'll commit a change that embodies all your suggestions, and attribute it to you (git commit --author <your info>). Would you be okay with that?

TallTed commented 3 years ago

I'm not familiar with any DCO(?) or other problems from accepting such suggestions here.

Likewise, I know of no reason to object to your suggested alternative. Worst case, someone will inform us of one, and this commit can be backed out and replaced with whatever solves the problem.

dhh1128 commented 3 years ago

DCO = Developer Certificate of Origin. This is typically used to guarantee that contributors won't make copyright or patent claims on their contributions. I don't believe the W3C community requires this feature to be turned on with their spec repos, but we still have to do a similar due diligence as we accept contributions to the repo's artifacts; I have had to sign all my commits when I raise PRs against the DID spec and the VC spec. @jandrieu , can I ignore this and simply accept Ted's commit suggestions?

TallTed commented 3 years ago

@dhh1128 - I'm a member of the DID WG for which this rubric is a deliverable. I've just been quiet for several months while on medical leave. There should be no concerns about copyright or patent claims.

bumblefudge commented 3 years ago

@dhh1128 @jandrieu this is what I was referring to on Thursday's call-- I think it would be good to have this PR merged before privacy and security review, so that the group can say it's gone out of its way to facilitate implementer assessments! happy to help if there's anything a non-expert can do to lessen the editorial burden

dhh1128 commented 3 years ago

@jandrieu : I am fine to merge these sections if you are. They are nowhere near complete, and there are likely to be updates and additions in future PRs. But having this content seems better than not having it -- and we now have Juan and Ted suggesting to move forward. What do you think?

bumblefudge commented 3 years ago

feel free to tag me in any further issues or invite me to any future topic calls, this project is near and dear to my heart 👍