ietf
[Top] [All Lists]

Re: Last Call: <draft-ietf-weirds-rdap-query-15.txt> (Registration Data Access Protocol Query Format) to Proposed Standard

2014-10-26 16:22:23
I missed this due to all the HTML in the email...


How about this?

OLD:
"Implementers need to consider the policy and privacy implications of
returning information that was not explicitly requested."

NEW:
"Implementers need to consider the policy and privacy implications of
returning information that was not explicitly requested. Clients should
only receive information that they are explicitly authorized to receive."

AlmostŠ²Servers should only send information that clients are explicitly
authorized to receive.²

The way it is worded is impossible to "enforce."

How does this work with anonymous access to public information, which is
how this information is served today? How do I ³explicitly" authorize an
anonymous user? I think the old text above is good enough and find the
next text (both versions) to be confusing.

-andy


<Prev in Thread] Current Thread [Next in Thread>