Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Create a meaningful security-considerations section #218

Open
AxelNennker opened this issue May 30, 2024 · 1 comment · May be fixed by #277
Open

Create a meaningful security-considerations section #218

AxelNennker opened this issue May 30, 2024 · 1 comment · May be fixed by #277
Labels
correction correction in documentation Spring25

Comments

@AxelNennker
Copy link
Contributor

Problem description
The current security considerations just refers to CloudEvent "security".
Which is basically saying "CloudEvents cares about interoperability (and not about privacy and security)".

The example they provide does not even follow their own security advice.

Data
Domain specific event data SHOULD be encrypted to restrict visibility to trusted parties. The mechanism employed for such encryption is an agreement between producers and consumers and thus outside the scope of this specification.

{
    "specversion" : "1.0",
    "type" : "com.github.pull_request.opened",
    "source" : "https://github.com/cloudevents/spec/pull",
    "subject" : "123",
    "id" : "A234-1234-1234",
    "time" : "2018-04-05T17:31:00Z",
    "comexampleextension1" : "value",
    "comexampleothervalue" : 5,
    "datacontenttype" : "text/xml",
    "data" : "<much wow=\"xml\"/>"
}

Note, despite their own recommendation data is not encrypted. Neither is comexampleextension1 nor comexampleothervalue.

Expected behavior
Write a meaningful security considerations section

Additional context

@AxelNennker AxelNennker added the correction correction in documentation label May 30, 2024
@AxelNennker
Copy link
Contributor Author

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
correction correction in documentation Spring25
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants