Made a text proposal for E2E security

w3c / wot-security

a repo exclusively for security to better manage issues and security considerations for WoT

https://w3c.github.io/wot-security/

18 stars 22 forks source link

Made a text proposal for E2E security #159

Closed OliverPfaff closed 4 years ago

OliverPfaff commented 4 years ago

Made a text proposal to have an anchor and starting point for the consideration of "E2E security", issue#144

Preview | Diff

mmccool commented 4 years ago

It would be good if you could move the content to https://raw.githubusercontent.com/w3c/wot-security/master/index.html#sec-pract-end-to-end-security and strengthen that section (7.4), rather than creating a new section

OliverPfaff commented 4 years ago

Addressed this in PR#164

Apart from the end to refine the consideration around E2E security there are seems a need to add a new top-level section called "Security Considerations" - for reasons of consistency:

The document headline is "Web of Things (WoT) Security and Privacy Guidelines"
The current text body has a headline 1 subsection "Privacy Considerations"
There is not yet a headline 1 subsection "Security Considerations". The average reader should be expected to look for such a section.

This is not yet covered by PR#164 and appears to remain as an open issue

mmccool commented 4 years ago

Is this PR now obsolete, given the PR https://github.com/w3c/wot-security/pull/164 ? Should we close this PR without merging (note that a closed PR can be re-opened later if necessary...)?

mmccool commented 4 years ago

Agreed on March 23 security TF call to close without merging.