As requested by @melanierichards on behalf of PING, I've moved all the security stuff into the appropriate parts of the spec and made them normative.
I left the specific privacy considerations in place, but also made them normative. The consideration that the API doesn't leak the share targets is a statement of fact (i.e., it would be redundant to state it normatively because that's the design of the API already).
Closes #187 Closes #186 Closes #64
As requested by @melanierichards on behalf of PING, I've moved all the security stuff into the appropriate parts of the spec and made them normative.
I left the specific privacy considerations in place, but also made them normative. The consideration that the API doesn't leak the share targets is a statement of fact (i.e., it would be redundant to state it normatively because that's the design of the API already).
Preview | Diff