Security Considerations: what is the basis for this discussion/list of subtopics? #40
Description
Reference: https://www.w3.org/TR/did-imp-guide/
What the taxonomic basis for the topics that fall under this section?
Is it intended to discuss operational security, data security, information security, anti-virus protection, secure coding standards, encryption standards, white box testing, black box testing, various operating system vulnerabilities, system software updating, platform software updating, application software updating?
The topics subsections appear to be very ad-hoc. At best some of these are "best practices" and have little to do with any of the above security topics ...some are simply opinions (e.g. Vendor Lock-in).
"Security Considerations" needs to be defined and scoped ... ideally with some sort of default taxonomy of security topics.
It totally unacceptable for a DID Registry editor to respond to a DID Method editor with " you didn't write enough" ... without being explicit in the Registry requirements about the taxonomy of security topics that are important and relevant.