Privacy & Security (cloudevents#399)

* First pass at privacy and security related guidance. Signed-off-by: Day, Jem <[email protected]> * Addressed review comments Signed-off-by: Day, Jem <[email protected]> * Tweaks Signed-off-by: Day, Jem <[email protected]> * Add ToC reference Signed-off-by: Day, Jem <[email protected]> * Changed wording as-per WG meeting 3/21/19 Signed-off-by: Day, Jem <[email protected]>
deissnerk · Mar 22, 2019 · 61d8169 · 61d8169
1 parent 0b7453e
commit 61d8169
Showing 1 changed file with 27 additions and 0 deletions.
diff --git a/spec.md b/spec.md
@@ -15,6 +15,7 @@ This document is a working draft.
 - [Type System](#type-system)
 - [Context Attributes](#context-attributes)
 - [Data Attribute](#data-attribute)
+- [Privacy & Security](#privacy-and-security)
 - [Example](#example)
 
 ## Overview
@@ -296,6 +297,32 @@ encapsulated within the `data` attribute.
 * Constraints:
   * OPTIONAL
 
+# Privacy and Security
+Interoperability is the primary driver behind this specification, enabling such
+behavior requires some information to be made available *in the clear* resulting
+in the potential for information leakage.
+
+Consider the following to prevent inadvertent leakage especially when leveraging 
+3rd party platforms and communication networks:
+
+* Context Attributes
+
+  Sensitive information SHOULD NOT be carried or represented in context attributes.
+
+  CloudEvent producers, consumers, and intermediaries MAY introspect and log context
+  attributes.
+
+* Data
+
+  Domain specific [data](#data) SHOULD be encrypted to restrict visibility to
+  trusted parties. The mechanism employed for such encryption is an agreement between 
+  producers and consumers and thus outside the scope of this specification.
+
+* Transport Bindings
+
+  Transport level security SHOULD be employed to ensure the trusted and 
+  secure exchange of CloudEvents.
+
 # Example
 
 The following example shows a CloudEvent serialized as JSON: