From 61d81692474884cf3c443f0a48401492ab42c2d4 Mon Sep 17 00:00:00 2001 From: Jem Day Date: Fri, 22 Mar 2019 12:28:13 -0700 Subject: [PATCH] Privacy & Security (#399) * First pass at privacy and security related guidance. Signed-off-by: Day, Jem * Addressed review comments Signed-off-by: Day, Jem * Tweaks Signed-off-by: Day, Jem * Add ToC reference Signed-off-by: Day, Jem * Changed wording as-per WG meeting 3/21/19 Signed-off-by: Day, Jem --- spec.md | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/spec.md b/spec.md index ac0ad4a3b..950fab6c6 100644 --- a/spec.md +++ b/spec.md @@ -15,6 +15,7 @@ This document is a working draft. - [Type System](#type-system) - [Context Attributes](#context-attributes) - [Data Attribute](#data-attribute) +- [Privacy & Security](#privacy-and-security) - [Example](#example) ## Overview @@ -296,6 +297,32 @@ encapsulated within the `data` attribute. * Constraints: * OPTIONAL +# Privacy and Security +Interoperability is the primary driver behind this specification, enabling such +behavior requires some information to be made available *in the clear* resulting +in the potential for information leakage. + +Consider the following to prevent inadvertent leakage especially when leveraging +3rd party platforms and communication networks: + +* Context Attributes + + Sensitive information SHOULD NOT be carried or represented in context attributes. + + CloudEvent producers, consumers, and intermediaries MAY introspect and log context + attributes. + +* Data + + Domain specific [data](#data) SHOULD be encrypted to restrict visibility to + trusted parties. The mechanism employed for such encryption is an agreement between + producers and consumers and thus outside the scope of this specification. + +* Transport Bindings + + Transport level security SHOULD be employed to ensure the trusted and + secure exchange of CloudEvents. + # Example The following example shows a CloudEvent serialized as JSON: